Position Summary McKesson is growing - and hiring! Our Software Security Team works in a sundry of business environments and platforms that will test and expand your technical knowledge and skills. Ideally, we are looking for someone with both, advanced Veracode Administrative skills, and Code vulnerability/threat analytics. This person should have exposure to software development, and in particular, CI/CD concepts. Excellent communication skills are necessary, as this position will serve as a liaison and internal consultant to key McKesson Technical and Business Departments. This position will provide Veracode expertise using McKesson's robust Tri-Cloud platform (AWS, AZURE, Google Services), and server-side technology. You will also work with a sundry of cybersecurity members including PEN testers, Threat Analysts, and Offensive engineers. Come join McKesson's Amazing future!
Essential Job Duties *Responsible for Veracode System Administration, application, installation, integration, and code vulnerability monitoring and solutions *Introduce Veracode Security capabilities to business units and assist with planning, architecture implementation and usage *Work with business and technical units to assess code errors and validation; draft and uphold CI/CD security strategy and practices in tandem with other technical team leads *Simplify automation that applies security inter-workings with CI/CD pipelines * Ongoing research and application of new tactics, techniques, and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline * Enrich DevOps architecture with security standards and best practices * Work to consistently learn and share advanced skills and practices that promote team excellence * Join forces and provision security principles in architecture, infrastructure, and code *Partner with teams to define key performance indicators (KPIs) and metrics across business units
Education Requirements BA/BS degree or equivalent experience
Skills and Experience
Minimum Requirements: * Requires 7+ years of professional work experience * 3+ years of current Veracode experience in an Enterprise-wide environment
Required Skills: *Advance use of Veracode *Software development (1-2 years) * 7+ years of security and systems administration-related experience *Simplify automation that applies security inter-workings with CI/CD pipelines. *Support the ability to "shift left" and incorporate security early on and throughout the development lifecycle. *Threat Analysis experience *Identify vulnerabilities in code through automated and manual assessments and promote quick remediation *Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. *Understanding of CloudFormation, Terraform, Ansible and Jenkins
Preferred Skills: 1-3 years Cloud-related experience 3-5years Security operations experience Current work experience with agile workflows, including Scrum and Kanban Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes) Proficiency in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices Experience with operations and security across Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP) Ability to obtain and maintain technical team and business support to influence a collaborative effort reducing attack surface while performing rapid, continuous implementation Python, Bash, Perl, or PowerShell scripting Fundamental understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC) Knowledge of one or all of the following: Payment Card Industry (PCI), Health Information Portability and Accountability Act (HIPAA), HiTRUST, National Institute of Standards (NIST) or International Standards Organization (ISO) requirements
Certification Requirements: Preferably, one or more (or working toward one or more) of the following: CCSP, CISSP, AWS Certified Cloud Practitioner, or additional AWS advanced certifications such as AWS Certified DevOps Engineer
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!
Internal Number: JR0041468
About McKesson Corporation
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.