At Zelis, we Get Stuff Done. So, let’s get to it! A Little About Us Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients. A Little About You You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are. Position Overview Lead for Single Sign One (SSO) and cloud-based authentication and multi-factor authentication (MFA) policy management. Overview We are seeking a highly skilled and motivated Senior IAM Engineer to join the Identity and Access Management (IAM) team. This is a hands-on technical engineering role focused on designing, implementing, and supporting enterprise Single Sign-On (SSO) integrations, Multi-Factor Authentication (MFA), and access control policies within Microsoft Azure (Entra ID). This role is ideal for someone who thrives in dynamic environments and is passionate about Security, Identity Architecture, Authentication Protocols, and Automation. The position will work closely with IAM peers across Identity Governance (SailPoint) and Privileged Access Management (CyberArk) to ensure cohesive and secure identity operations across the enterprise. Key Responsibilities - Lead the design, implementation, and ongoing management of enterprise Single Sign-On (SSO) integrations within Microsoft Entra ID (Azure AD), including SAML, OAuth, and OpenID Connect (OIDC) configurations. - Configure and manage application provisioning integrations using SCIM and Just-In-Time (JIT) methodologies, including attribute mappings, profile transformations, and lifecycle alignment with upstream identity sources. - Manage and evolve the organization’s Multi-Factor Authentication (MFA) strategy. Ensure secure configuration, policy enforcement, and user experience optimization. - Assist in the configuration and ongoing management of Conditional Access Policies, including risk-based access controls, device compliance requirements, location-based controls, and Zero Trust alignment. - Support and manage Azure App Registrations in alignment with enterprise standards, including delegated and application permissions, client secrets/certificates, API exposure, and service principal configurations. - Partner closely with the Identity Governance (IGA) and Privileged Access Management (PAM) teams to ensure SSO integrations, application onboarding, access provisioning, and privileged access controls are properly aligned. - Troubleshoot authentication, federation, and token-related issues across SAML/OIDC flows, performing root cause analysis and implementing durable engineering solutions. - Drive automation and process improvement initiatives using PowerShell, Microsoft Graph API, and related tools to enhance operational efficiency and scalability. - Develop and maintain comprehensive knowledge articles, architecture diagrams, and SOPs related to SSO, MFA, Conditional Access, and Azure identity configurations. - Stay current on emerging identity security threats, authentication standards, and Microsoft roadmap updates to proactively strengthen enterprise authentication posture. Qualifications - Proven technical experience implementing and managing enterprise Single Sign-On (SSO) solutions in Microsoft Entra ID (Azure AD). - Strong hands-on experience with authentication and federation protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM. - Experience configuring and managing Multi-Factor Authentication (MFA) solutions (Duo and/or Microsoft Authenticator preferred). - Working knowledge of Conditional Access Policy design and implementation within Azure. - Experience with Azure App Registrations, service principals, and API permission management. - Proficiency in PowerShell scripting and experience leveraging Microsoft Graph API for automation and identity management tasks. - Strong troubleshooting skills related to authentication flows, token issuance, federation errors, and provisioning integrations. - Excellent communication and collaboration skills with the ability to work cross-functionally across security, infrastructure, development, and governance teams. Preferred Qualifications - Microsoft certifications (e.g., SC-300: Identity and Access Administrator Associate). - Experience with identity governance platforms (e.g., SailPoint) and privileged access management tools (e.g., CyberArk). - Experience supporting enterprise MFA migrations or modernization initiatives. - Familiarity with compliance frameworks such as SOX, HIPAA, or other regulated industry requirements. #LI-REMOTE Please note at this time we are unable to proceed with candidates who require visa sponsorship now or in the future. Location and Workplace Flexibility We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company policies. Base Salary Range $127,000.00 - $160,550.00 At Zelis we are committed to providing fair and equitable compensation packages. The base salary range allows us to make an offer that considers multiple individualized factors, including experience, education, qualifications, as well as job-related and industry-related knowledge and skills, etc. Base pay is just one part of our Total Rewards package, which may also include discretionary bonus plans, commissions, or other incentives depending on the role. Zelis’ full-time associates are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees’ health, well-being, and financial protection. The US-based benefits include a 401k plan with employer match, flexible paid time off, holidays, parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage. Equal Employment Opportunity Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. We welcome applicants from all backgrounds and encourage you to apply even if you don’t meet 100% of the qualifications for the role. We believe in the value of diverse perspectives and experiences and are committed to building an inclusive workplace for all. Accessibility Support We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.com. Disclaimer The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities, duties, and skills from time to time.

About Our Company We’re a physician-led, patient-centric network committed to simplifying health care and bringing a more connected kind of care. Our primary, multispecialty, and urgent care providers serve millions of patients in traditional practices, patients' homes and virtually through VillageMD and our operating companies Village Medical, Village Medical at Home, Summit Health, CityMD, and Starling Physicians. When you join our team, you become part of a compassionate community of people who work hard every day to make health care better for all. We are innovating value-based care and leveraging integrated applications, population insights and staffing expertise to ensure all patients have access to high-quality, connected care services that provide better outcomes at a reduced total cost of care. Please Note: We will only contact candidates regarding your applications from one of the following domains: @summithealth.com, @citymd.net, @villagemd.com, @villagemedical.com, @westmedgroup.com, @starlingphysicians.com, or @bmctotalcare.com. Job Description EMPLOYER: Village Practice Management Company, LLC DBA VillageMD JOB POSITION: Senior Identity and Access Management Engineer LOCATION: 1 Diamond Hill Road, Berkeley Heights, NJ 07922. Position may telecommute from anywhere in the U.S. PAY RANGE: $172,827 - $178,000 per year DUTIES: Support service line initiatives within the Identity and Access Management (IAM) team, and with limited supervision, provide analysis and development knowledge for Identity Governance and Administration (IGA), specifically SailPoint IdentityNow (IDN); assist in the review and design of new IDN security technologies and support to ensure that the appropriate controls and tools are selected and operationalized; work closely with team leads, peers, development teams, business analysts, and end users to ensure VillageMD systems have appropriate controls and protection; regularly participate in new projects to learn new technologies and perform detailed feature and usability analysis based on vendor's offerings and VillageMD business needs; support Information Security programs which include governance (policy and standards), security enhancements, new security technology evaluation and testing, project requirement gathering, internal client communications, documentation, and security awareness; manage operations focus of IDN instances including SLA (service-level agreement) management, prioritization, change requests and approvals, hot fixes, and rollout; configure and deploy virtual appliance for IDN to connect and integrate different sources for production environments; apply experience in designing, developing, testing and integrating full IAM solutions including highly available, high volume, and complex infrastructures; provide key technology leadership for IAM team and take accountability for the execution of IAM platform; solicit and document detailed business requirements along with installing, integrating, configuring, and deploying SailPoint IdentityNow; review and manage both on-premise and cloud IAM solutions encompassing IDN; work with stakeholders to gather requirements needed for system and application integration within the IDN platform; participate and/or lead the installation, integration, deployment, and support of IDN and products; and continuously improve the IAM posture at VillageMD from a technical and functional perspective. Tools and technologies used: SailPoint IdentityNow (IDN), Identity Access Management, Identity Governance and Administration, SailPoint Identity Security Cloud, JIRA, Confluence, Agile Methodology, PowerShell, Single Sign-On (SSO), REST API & WebServices, Multi-Factor Authentication (MFA), Postman, Amazon Web Services (AWS), Role-Based Access Control, Security Compliance & Policies, and SCIM. Position may telecommute from anywhere in the U.S. REQUIREMENTS: This position requires at least a Bachelor’s degree in Computer Science, Information Security, or a closely related technical field and at least five (5) years of post-baccalaureate, progressive experience managing implementation of Identity and Access Management (IAM) services or delivering IAM solutions (any title) including at least five (5) years of experience developing IAM policies, troubleshooting IAM system issues, providing training and support to other team members on IAM processes and SailPoint technology, and using Amazon Web Services (AWS), Single Sign-On (SSO), JIRA, Confluence, PowerShell, Web Services, Multi-Factor Authentication (MFA), and Postman. Position may telecommute from anywhere in the U.S. This is an exempt position. The base compensation range for this role is $172,827 - $178,000. At VillageMD, compensation is based on several factors including but not limited to education, work experience, certifications, location, etc. The selected candidate will be eligible for a valuable company benefits plan, including health insurance, dental insurance, life insurance, and access to a 401k plan. About Our Commitment Total Rewards at VillageMD Our team members are essential to our mission to reshape healthcare through the power of connection. VillageMD highly values the critical role that health and wellness play in the lives of our team members and their families. Participation in VillageMD’s benefit platform includes Medical, Dental, Life, Disability, Vision, FSA coverages and a 401k savings plan. Equal Opportunity Employer Our Company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to, and does not discriminate on the basis of, race, color, religion, creed, gender/sex, sexual orientation, gender identity and expression (including transgender status), national origin, ancestry, citizenship status, age, disability, genetic information, marital status, pregnancy, military status, veteran status, or any other characteristic protected by applicable federal, state, and local laws. About Our Commitment Total Rewards at VillageMD Our team members are essential to our mission to reshape healthcare through the power of connection. VillageMD highly values the critical role that health and wellness play in the lives of our team members and their families. Participation in VillageMD’s benefit platform includes Medical, Dental, Life, Disability, Vision, FSA coverages and a 401k savings plan. Equal Opportunity Employer Our Company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to, and does not discriminate on the basis of, race, color, religion, creed, gender/sex, sexual orientation, gender identity and expression (including transgender status), national origin, ancestry, citizenship status, age, disability, genetic information, marital status, pregnancy, military status, veteran status, or any other characteristic protected by applicable federal, state, and local laws. Safety Disclaimer Our Company cares about the safety of our employees and applicants. Our Company does not use chat rooms for job searches or communications. Our Company will never request personal information via informal chat platforms or unsecure email. Our Company will never ask for money or an exchange of money, banking or other personal information prior to the in-person interview. Be aware of potential scams while job seeking. Interviews are conducted at select Our Company locations during regular business hours only. For information on job scams, visit, https://www.consumer.ftc.gov/JobScams or file a complaint at https://www.ftccomplaintassistant.gov/.

• Building relationships with your existing enterprise client base to ensure they are engaged with their service and finding value in overall partnership for accounts equal or more than $250K+ in spend • Ensuring your clients are getting the highest return on their investment from their service • Strategically partnering with your clients to understand their key security related business challenges, roadmapping related services, and initiatives • Partnering with internal teams to manage and retain client relationships and build client loyalty • Ensuring client satisfaction, retention, operational efficiency and quality of service for strategic and Tier 1 accounts. (CV = $5-10M) • Growing existing business with product portfolio and additional services based on annual recurring revenue to meet monthly, quartetly, and annual quotas • Acquiring new business for through current client referrals • Onboarding new clients and continuing to engage on a regular basis (weekly/monthly/quarterly) with business reviews and regular proactive outreach. • Traveling quarterly to each client to present business reviews with executive sponsorship. • Supporting the strategic account plan delivery model with white glove service and proactively partnering. • Contributing to the sales team and customer success team for business iniatives and training support.

• Own the book of business inlcluing new business development, renewals and expansion opportunities • Drive solution selling across existing customer base and new prospects • Build and execute strategic account plans, executive level engagement and ELPs • Generate and maintain healthy pipeline and development is part of daily routine • Maintain renewal and generate up-sell and cross-sell to the existing customer base  • Forecast on revenue expectations and report on activities coming from accounts • Weekly field meetings with customers