We are looking for an Senior Information Security Vulnerability Analyst who Specializes in Penetration Testing to join our ISRM team.
The qualified candidate will possess a working knowledge of critical build-in security practices and a strong working
knowledge of vulnerability management and penetration testing. This includes : researching, identifying, reporting,
validating, reproducing vulnerabilities and providing consultation upon request. To be effective in this role, the candidate must have excellent written and oral communications skills and be highly effective at influencing individuals outside their reporting structure.
The candidate must also be proficient in the use of Microsoft Suite of tools (i.e. Excel, PowerPoint and Word), and understand Scaled Agile delivery frameworks.
This individual will be charged with significantly reducing vulnerabilities, validating findings, conducting end-to-end penetration tests, improvement of ongoing cyber-
hygiene, and assisting in the continuous improvement of our enterprise-wide threat and vulnerability management program.
Manage engagement scoping and requirements for penetration testing services
Conduct network and application penetration testing at an advanced level
Develop comprehensive actionable deliverables resulting from engagements
Collaborates with Windows, Unix, Linux and IT Infrastructure teams to drive remediation of reported vulnerabilities through risk / threat-
based assessment of security controls and tools.
Articulate risk and business impact to stakeholders
Ability to convey the urgency and need to remediate vulnerabilities commensurate with the risk it presents to McKesson
Develops and maintains vulnerability and response artifacts systematically to produce metrics that can measure the overall program maturity and progress.
Creates visibility and awareness at appropriate level including executive leadership teams, CISO and other on vulnerabilities that require attention
Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability response and remediation efforts
Cultivates the practice of staying abreast on latest trends and developments in vulnerability response and remediation activities followed across industry.
Actively reviews public and private vulnerability notifications / disclosures, consumes research findings and prioritizes remediation efforts.
Research exploit techniques and mitigation strategize
Build relationships and become a trusted advisor with BU and technology owners to influence change and drive ownership and accountability.
Typically has 7+ years relevant experience
6 years’ experience in Vulnerability Management
4+ years of direct penetration testing experience with multiple toolsets
Good working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
Administration experience with any of the following : Nessus, Rapid7, Qualys, Core Impact, Metasploit and other scanning and analysis solutions.
Experience with automated and manual penetration testing
Provide data management and analysis for activities and continuous project initiatives
Use various data sources to identify and solve for programmatic needs and gaps in IT system coverage.
Participate in strategic planning with regards to program development of IT Systems Assurance
Assist with program assessments ensuring programmatic goals are well documented
Perform data validation and quality control checks to ensure adherence to ETS / ISRM protocols
High proficiency with MS Office productivity applications and Visio
Good oral / written communications to effectively communicate with stakeholders - peers, customers and managers
Additional Knowledge & Skills
Knowledge regarding healthcare IT
Experience in large highly segmented and regulated organizations
4-year degree in computer science or related field or equivalent experience
Certifications / Licensure
Any of the following preferred but not required :
GCWN, GWAPT, GPEN, GCUX, CEHv10, GXPN, OSCP, CISSP
General Office Demands
McKesson is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities.
If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability Accommodation McKesson.
com. Resumes or CVs submitted to this email box will not be accepted.Current employees must apply through internal career site.Join us at McKesson!