Product Application Security Analyst
Location:
King of Prussia , Pennsylvania
Posted:
January 12, 2017
Reference:
16009773/2-en-us

McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.


Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.


We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.


Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.


Current Need

We are currently seeking a Product Application Security Analyst to join our team in the Alpharetta or King of Prussia office.

To accomplish this role satisfactorily, the analyst will:

  • Provide prescriptive guidance and/or root cause analysis of code-level security weaknesses and vulnerabilities.

  • Help guide security quality and risk remediation priorities for software security reviews and correctives of conditions that result in exploitable weaknesses.

  • Investigate and implement improvements in automation of security analysis of software components (e.g. source code, open-source, 3-party, etc)

  • Write and implement script routines that leverage API functionality of software security and report management solutions

  • Assist with evaluations and implementation new software security quality and risk analysis solutions.

  • Create, update and maintain appropriate documentation including on-boarding processes and procedures, operational issue tracking and resolution reporting, ticket management and validation analysis checklists

  • Work closely with your team members, application development functions, technologists and IT Security & Risk Management Operations to help socialize and sustain a build-in security set of best practices.

  • Partner with project technical leads and risk leaders to work through application security issues, resolution and approved remediation plans.

  • Contribute to operational process improvements to aid continuous adoption of secure development education and capabilities design and code reviews.

  • Build and share industry knowledge of emerging or evolving software analysis technologies and how build-in security practices relate to the broader focus of assurance and risk management.

  • Track, report and close software security workstreams.

Position Description

The candidate must have a firm grasp of application threat modeling and evaluating code for software security vulnerabilities in cloud and mobile solutions, multi-tiered web-based and legacy client/server software solutions. This individual will perform both as an individual contributor as well as play an internal technical consulting role in providing secure development support services and mentorship for a corporate-wide Product Security & Assurance Program.

Qualifications

Minimum Requirements
3+ years information security experience and demonstrated leadership skills

 

Critical Skills

  • 4+ years experience analyzing or inspecting software coding security methods and design controls of software-based systems  produced for commercial availability and use
  • Good oral/written communications to effectively communicate with all stakeholders - peers, customers, managers and executive leadership
  • Knowledge and understanding of most common software design and code implementation vulnerabilities and contemporary remediation processes, practices, methods and procedures
  • High proficiency with MS Office productivity applications and Visio
  • Commercial / contract experience writing in at least (2) of the following languages: C#.Net, ASP.Net, Java, Objective-C, C++, Javascript, Python, Curl, Perl and Windows PowerShell
  • Excellent working knowledge of industry and commonly adopted secure software development standards, practices (e.g. applicable NIST standards, OWASP, CERT, SANs, SafeCode, BSIMM)

 

Additional Knowledge and Skills

  • Administration and technical readout experience with any of the following: Veracode SAST/DAST/SCA, Synopsys  SCA, HP Fortify or Fortify On-Demand, Checkmarx, IBM AppScan Analysis solutions

  • Experience in the healthcare industry

  • Working knowledge of HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools

  • Basicmanual penetration testing and/or software fuzzing techniques of application stacks

  • Commercial software development and/or quality assurance testing experience

  • Some experience in remediation guidance / management of software weaknesses

Education
4-year degree in computer science or related field or equivalent experience

Physical Requirements
General Office Demands

Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.

We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.

But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.

Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

Agency Statement
No agencies please.

 

 


A little about us:
McKesson is in business for better health.

Know someone who would be interested in this job? Share it with your network.