Information Security Analyst – ETS Infrastructure
Location:
Carrollton , Texas
Posted:
January 27, 2017
Reference:
16007458/3-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.

 

Current Need  

 

We are looking for a security analyst with network security administration skills to join our Risk Management team and to take part in our continuing effort to provide excellent service and security to our internal and external customers. We need a hands-on security analyst with a broad scope of skills to implement security policies/best practices. This position is extremely dynamic in the skills required, and will require a security professional to grasp the complexities and challenges afforded working for a fast-paced and agile company.

This position can be located in our Alpharetta, Carrollton, Scottsdale offices and our San Francisco office for internal candidates.

 

Position Description

Responsibilities include:

  • Due diligence and ongoing monitoring:
    • Lead new and recurring network security risk assessments, develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility.
    • Implement processes to document and monitor the network portfolio using a risk based approach.  Monitoring may take many forms including but not limited to:
      • Identify supporting collateral for network security controls (e.g., SOC1/2 reports and other certifications);
      • Review and facilitate on-prem and cloud-based connectivity through risk assessment activities as part of a continuous monitoring program; and
      • Work with Information Security Risk Management teams to extend network visibility by leveraging existing or introducing new toolsets.
    • Enhance administration of issue monitoring and exception tracking and, where necessary, facilitate remediation actions to support compliance and meet business needs.
    • Contribute to the cybersecurity program to monitor risks related to network security for McKesson’s and our customers’ critical systems and data.
    • Utilize a wide variety of tools and platforms to manage and monitor networks comprising a complex global enterprise.
  • Stakeholder Consulting:
    • Collaborate with ETS Network, Systems, and Cloud teams along with other business unit teams in the process of supporting the program.
    • Work in a self-directed, collaborative, and constructive manner with the business units, and our internal stakeholders to enhance the effectiveness of network processes and controls.

This position requires strong interpersonal and communication skills, an ability to work as part of a team or independently under minimal direction. Interfacing with teams both inside and external to enterprise technology services to gather requirements, collaborate, evangelize and incorporate security policy will be a key component of this role.

 

Qualifications

Minimum Requirements

  • 4+ years experience in administering security controls in an organization

Critical Skills

  • 3-5 years of network security experience.

  • 2-4 years of information security experience.

  • Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.

  • Self-Starter that requires minimal supervision and can provide oversight and coaching to others for any assigned projects or tasks.

  • Hands on experience with CISCO, Juniper, Palo Alto configuration and management.

  • Hands on experience in private/public network security group management (VMWare NSX, Azure, AWS).

  • Hands on experience with network security analysis toolsets like AlgoSec, Tufin, StealthWatch.

  • Hands on experience in analyzing and documenting applications across LANs, VLANs, VNets, WANs in a multi-tenant enterprise network using Visio and other related tools.

 Additional Knowledge & Skills

  • Ability to script or code in a compiled language (i.e., perl, python, PowerShell, Java, C#)

  • Expert-level understanding of network protocols (TCP/UDP, IP, ARP, DNS, HTTP)

  • Familiarity with common system and network/application attack vectors.

  • Experience analyzing, troubleshooting, and investigating network security incidents from a variety of reporting platforms such IPS/IDS, NAC, DLP, SIEM, and vulnerability monitoring systems.

  • Experience in operationalizing network security solutions to provide optimal value through repeatable metric reporting, standardizing maintenance and continually finding and leading a closure of security gaps.

  •  Experience in developing and exercising network security controls satisfying internal/external assessments/attestations/audits.

  • Knowledge and practice of network, system, and application security Best Practices.

  • Design of infrastructure security concepts including firewalls, DMZs, WAFs, intrusion detection/prevention systems, network security.

  • Commit and abide by the McKesson’s ICARE and ILEAD principles. These principles reflect McKesson’s core values and dedication to providing quality health care.

  • Experience working in a regulated environment is desired,

Education
4-year degree in computer science or related field or equivalent experience

Certification

  • CCNA, CCNA Security, or CCNP.

  • Also CISSP, CISM, SSCP, SANS, CEH, or OSCP.

Physical Requirements
General Office Demands


Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.