McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
We are currently seeking a Product Application Security Analyst to join our team in the Alpharetta or King of Prussia office.
To accomplish this role satisfactorily, the analyst will:
Provide prescriptive guidance and/or root cause analysis of code-level security weaknesses and vulnerabilities.
Help guide security quality and risk remediation priorities for software security reviews and correctives of conditions that result in exploitable weaknesses.
Investigate and implement improvements in automation of security analysis of software components (e.g. source code, open-source, 3-party, etc)
Write and implement script routines that leverage API functionality of software security and report management solutions
Assist with evaluations and implementation new software security quality and risk analysis solutions.
Create, update and maintain appropriate documentation including on-boarding processes and procedures, operational issue tracking and resolution reporting, ticket management and validation analysis checklists
Work closely with your team members, application development functions, technologists and IT Security & Risk Management Operations to help socialize and sustain a build-in security set of best practices.
Partner with project technical leads and risk leaders to work through application security issues, resolution and approved remediation plans.
Contribute to operational process improvements to aid continuous adoption of secure development education and capabilities design and code reviews.
Build and share industry knowledge of emerging or evolving software analysis technologies and how build-in security practices relate to the broader focus of assurance and risk management.
Track, report and close software security workstreams.
The candidate must have a firm grasp of application threat modeling and evaluating code for software security vulnerabilities in cloud and mobile solutions, multi-tiered web-based and legacy client/server software solutions. This individual will perform both as an individual contributor as well as play an internal technical consulting role in providing secure development support services and mentorship for a corporate-wide Product Security & Assurance Program.
3+ years information security experience and demonstrated leadership skills
Additional Knowledge and Skills
Administration and technical readout experience with any of the following: Veracode SAST/DAST/SCA, Synopsys SCA, HP Fortify or Fortify On-Demand, Checkmarx, IBM AppScan Analysis solutions
Experience in the healthcare industry
Working knowledge of HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools
Basicmanual penetration testing and/or software fuzzing techniques of application stacks
Commercial software development and/or quality assurance testing experience
Some experience in remediation guidance / management of software weaknesses
4-year degree in computer science or related field or equivalent experience
General Office Demands
Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please.