McKesson Application Security Analyst 3 in Scottsdale, Arizona
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career. Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
Current Need :
The qualified candidate will possess experience working within medium to large commercial entities, institutions or enterprises having a central governance model and federated structure of business units, a strong understanding of critical build-in security practices, good vulnerability management reporting and tracking.
To be effective in this role, the candidate seeking our Analyst role must have demonstrate a comprehensive understanding of secure development practices, software security testing, great written and oral communications skills, be highly efficient in the use of security tools used to assess the security quality and risk of software, Microsoft Office productivity tools, Agile methodology and associated SAFe, SCRUM or Kan-Ban methods.
This individual will perform as an individual contributor of a global application security functional service discipline, and program and support of broadening secure development practices globally.
Primary responsibility is to perform and ensure service delivery within prescribed service level objectives by working closely with managers, analysts and designated representatives across enterprise technology services, business unit technology and risk functions
Perform and facilitate security remediation priorities of software weaknesses and vulnerabilities identified in software components of McKesson-branded applications and products; and in components comprised of commercial and open-source software
Execute internal client initiatives and program-driven taskings on time and within budget allocations while completing deliverables and meeting performance parameters
Serve as an escalation point of contact for individual contributors, manager peer group across the enterprise and internal clients to ensure processes effectively address challenges and promote best practices that proactively resolve issues
Prepare monthly or as required detailed, high caliber security quality and risk documentation that can be easily consumed by mixed audiences of technologists/non-technologists, risk management teams and business leaders
Identify opportunities that continuously streamline and/or enhance built-in security practices and report business risks related to software technologies used by McKesson
Participate in and help produce reports as required for oversight activities by outside regulators, internal auditors and other governance functions as appropriate
Contribute to the internal body of knowledge of Application Security & Software Assurance distilled from industry standards and commonly accepted governance communities
Support and contribute to the ongoing maintenance and tooling of the technology capabilities and systems used by Global Application Security & Software Assurance
4 years’ experience in administering security controls in an organization
Excellent working knowledge of industry standards and guidance such as SEI/CMU, SAFECODE; NIST 800-53; 800-64; MITRE - Common Weakness Risk Framework, and Vulnerability Enumeration; ISO/IEC 27034, CERT - Secure Coding Standards, OWASP Secure Coding Practices
Demonstrate working knowledge of Threat Modeling and tools (e.g. Microsoft SDL, STRIDE, PASTA, etc.)
In-depth understanding of software development lifecycles; embedding application security practices into Agile CI/CD workstreams and non-functional software security requirements
Demonstrate technical understanding and knowledge of cloud, mobile and web software technologies comprised in large enterprise and commercial IT environments – to include customized ERP, Supply Chain, Financial/HR, Sales / Marketing operations, Big data infrastructure services for enterprises; complex authentication and access control services for multi-tenant business systems
Demonstrate broad knowledge / understanding of inherent strengths and weaknesses of .NET, JAVA, C#, Objective-C language technologies, commonly used scripting languages, PaaS/SaaS cloud services leveraged to deliver McKesson-branded market solutions and enterprise applications
Additional Knowledge & Skills:
Excellent oral/written communications to effectively communicate, report and present activities and findings in a software assurance and business risk context
Effective organization, time management and process improvement abilities
1 year experience in application security lifecycle management
2 years administration and code review experience with any of the following: Veracode SAST/DAST/SCA, Coverity SCA, Synopsys SCA, HP Fortify or Fortify On-Demand, Rapid7, IBM AppScan, Checkmark, Black Duck, Protecode Analysis solutions; and to include application penetration testing
Working knowledge of any of the following - CVS, HP Quality Center, Jira, Team Foundation Services Development Lifecycle tools
Commercial software development and/or quality assurance testing experience
4-year degree in computer science or related field or equivalent experience
Any of the following are preferred: CSSLP, GSSP-.NET; GSSA-JAVA; GWEB, GWAPT, CISA
General Office Demands
Benefits & Company Statement:
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer -minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please
Organization: McKesson Corporate
Title: Application Security Analyst 3
Requisition ID: 18004958
Other Locations: United States-Georgia-Alpharetta