The offensive security engineer is responsible for implementing, maintaining, monitoring and managing offensive security solutions. The engineer delivers these solutions in accordance with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks change, the security engineer is responsible for recommending modifications and enhancements to ensure the organization is evolving with the threat landscape.
The offensive security engineer is expected to contribute to the corporate security strategy with security leadership and other senior security staffers and technologists. Recipients of the engineer's implementations and management include IT infrastructure, application development, security operations, security audit and end users. With an emphasis on securing systems, applications, third-party connections, service providers and ancillary systems, the security engineer is responsible for securing business-to-business initiatives, third-party relationships, outsourced solutions and vendors. Considered a highly knowledgeable individual, the security engineer is expected to implement, monitor and manage secure solutions that address modern day issues.
Essential Job Duties
Handle day-to-day implementation, monitoring and operational support of hardware, software, customer applications, managed solutions and service provider relationships.
Actively participate and lead security team meetings that facilitate secure design.
Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with service level agreements (SLAs).
Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.
Implement solutions observing compliance - Health Information Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Sarbanes-Oxley Act (SOX), etc. - and privacy laws.
Work in tandem with architects, the security operations center (SOC), incident responders (in cases of anomalous activity and host compromise), and technology infrastructure and development team members.
Respond to and handle service and escalation tickets within SLA expectations.
Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
Participate regularly in change project and change management meetings.
Research, validate and deploy solutions meeting security and business needs.
Follow security engineering fundamentals and processes as outlined in NIST 800-53
Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
Focus on driving security efficiencies, enabling security team members to work on more advanced tasks.
Conduct performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted.
Perform other duties as assigned.
Skills and Experience
Preferably at least 1-3 years' experience in cybersecurity, including compliance and risk management with a system and network security engineering background.
Highly technical and analytical expertise, with a proven deep background (preferred 1-3 years' IT experience in addition to cybersecurity) in technology design, implementation and delivery.
Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments.
Extensive knowledge of traditional security controls and technologies, such as Rapid7 InsightVM.
Skilled in meeting vulnerability and penetration testing requirements.
Excellence in communicating business risk from cybersecurity issues.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Experience with Amazon Web Services (AWS) or Microsoft Azure.
DevOps background with experience in compliance obligations.
Working knowledge of Windows, Linux and Unix.
Ability to think strategically and tactically, with effective decision-making skills.
Highly trustworthy; leads by example.
Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.
1-3 years of related experience required
COMP-TIA Security +, or equivalent entry level security certifications.
McKesson is an Equal Opportunity/Affirmative Action employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to McKessonTalentAcquisition@mckesson.com . Resumes or CVs submitted to this email box will not be accepted.
Current employees must apply through the internal career site.
Join us at McKesson!
Internal Number: JR0049760
About McKesson Corporation
We deliver careers with purpose and potential. Our focus on better health starts with creating an inclusive environment with strong values where you can build a fulfilling career. You can count on us to provide you with resources and opportunities to grow and be your best, while contributing to our pursuit of improving lives. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient. We work to distribute medical supplies, bandages, syringes, vials of flu vaccine, and pharmaceutical drugs to help real patients like Jack, an eight-year-old boy battling cancer. We take that job seriously. Together, the work we do is shaping the future of healthcare. If you are passionate about combining a meaningful career with a balanced life, join us on this journey and apply for a job with McKesson today. Every day, McKesson’s employees deliver products to healthcare providers that make a difference in the care and life of a patient.