Sr Penetration Tester
McKesson
Atlanta Metro
1d ago

Current Need

We are looking for an Senior Information Security Vulnerability Analyst who Specializes in Penetration Testing to join our ISRM team.

Position Description

The qualified candidate will possess a working knowledge of critical build-in security practices and a strong working

knowledge of vulnerability management and penetration testing. This includes : researching, identifying, reporting,

validating, reproducing vulnerabilities and providing consultation upon request. To be effective in this role, the candidate must have excellent written and oral communications skills and be highly effective at influencing individuals outside their reporting structure.

The candidate must also be proficient in the use of Microsoft Suite of tools (i.e. Excel, PowerPoint and Word), and understand Scaled Agile delivery frameworks.

This individual will be charged with significantly reducing vulnerabilities, validating findings, conducting end-to-end penetration tests, improvement of ongoing cyber-

hygiene, and assisting in the continuous improvement of our enterprise-wide threat and vulnerability management program.

Responsibilities

  • Manage engagement scoping and requirements for penetration testing services
  • Conduct network and application penetration testing at an advanced level
  • Develop comprehensive actionable deliverables resulting from engagements
  • Collaborates with Windows, Unix, Linux and IT Infrastructure teams to drive remediation of reported vulnerabilities through risk / threat-
  • based assessment of security controls and tools.

  • Articulate risk and business impact to stakeholders
  • Ability to convey the urgency and need to remediate vulnerabilities commensurate with the risk it presents to McKesson
  • Develops and maintains vulnerability and response artifacts systematically to produce metrics that can measure the overall program maturity and progress.
  • Creates visibility and awareness at appropriate level including executive leadership teams, CISO and other on vulnerabilities that require attention
  • Demonstrates ability to strike a balance between strategic and tactical activities required to run the vulnerability response and remediation efforts
  • Cultivates the practice of staying abreast on latest trends and developments in vulnerability response and remediation activities followed across industry.
  • Actively reviews public and private vulnerability notifications / disclosures, consumes research findings and prioritizes remediation efforts.
  • Research exploit techniques and mitigation strategize
  • Build relationships and become a trusted advisor with BU and technology owners to influence change and drive ownership and accountability.
  • Minimum Requirements

    Typically has 7+ years relevant experience

    Critical Skills

  • 6 years’ experience in Vulnerability Management
  • 4+ years of direct penetration testing experience with multiple toolsets
  • Good working knowledge of industry and commonly adopted secure standards, practices (e.g. applicable NIST standards, CIS, ISO, OWASP, SANS, BISMM, and CERT)
  • Administration experience with any of the following : Nessus, Rapid7, Qualys, Core Impact, Metasploit and other scanning and analysis solutions.
  • Experience with automated and manual penetration testing
  • Provide data management and analysis for activities and continuous project initiatives
  • Use various data sources to identify and solve for programmatic needs and gaps in IT system coverage.
  • Participate in strategic planning with regards to program development of IT Systems Assurance
  • Assist with program assessments ensuring programmatic goals are well documented
  • Perform data validation and quality control checks to ensure adherence to ETS / ISRM protocols
  • High proficiency with MS Office productivity applications and Visio
  • Good oral / written communications to effectively communicate with stakeholders - peers, customers and managers
  • Additional Knowledge & Skills

  • Knowledge regarding healthcare IT
  • Consulting background
  • Experience in large highly segmented and regulated organizations
  • Education

    4-year degree in computer science or related field or equivalent experience

    Certifications / Licensure

    Any of the following preferred but not required :

    GCWN, GWAPT, GPEN, GCUX, CEHv10, GXPN, OSCP, CISSP

    General Office Demands

    McKesson is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

    Qualified applicants will not be disqualified from consideration for employment based upon criminal history.McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities.

    If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to Disability Accommodation McKesson.

    com. Resumes or CVs submitted to this email box will not be accepted.Current employees must apply through internal career site.Join us at McKesson!

    Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form