Tomorrow’s health is… Tackling challenges no one else can.

About the Role:

McKesson is in the business of better health, and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies, and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Join a results-driven team at McKesson as a Senior Application Security Manager in our Product Security Organization. You will lead a team that collaborates closely with development teams, product owners, and partner Cybersecurity groups to define security requirements, test the security of applications, and monitor application security posture. Your focus will be on integrating security testing capabilities into the SDLC of applications in diverse cloud environments, penetration testing of applications, and more.

What You’ll Do:

Strategic Leadership & Program Development

• Define and execute the application and product security strategy aligned with business goals.

• Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).

• Collaborate with engineering and product teams to embed security into all phases of software development.

• Contribute to security roadmap development.

Security Testing & Assurance

• Oversee security testing initiatives, including penetration testing and technical audits of technology platforms and systems.

• Develop and enhance application security testing capabilities, including static (SAST), software composition analysis (SCA), dynamic (DAST)

• Enhance supply chain security posture for open-source packages and development

• Partner with external security researchers and vendors to conduct advanced security testing and assessments.

Vulnerability & Remediation Management

• Manage vulnerability identification and remediation efforts across applications and product environments.

• Establish secure coding practices and train development teams on security best practices.

• Implement and enforce automated security testing and continuous security integration within CI/CD pipelines.

Team Leadership & Mentorship:

• Foster an innovative and inclusive team-oriented work environment, providing technical leadership and mentoring junior team members.

• Provide leadership and collaborate across a wide array of cross-functional teams, ensuring alignment with organizational objectives and compliance standards.

• Manages the daily activities of individual contributors, MSP(s), and leads accountable for relevant people management activities.

What We’re Looking For:

We are seekingastrategic thinker with a deep technical understanding, strong leadership skills, and a focus on delivering robust and scalable network solutions that align with the organization's goals.

Minimum Requirements:

Education

Bachelor's degree in computer science or a related field preferred.

Experience:

• 9+ years hands-on application security experience 

• 3+ years of management experience

Skills

• Proficiency in multiple public cloud service providers (AWS, Azure, GCP, etc.) and their native services.

• Establishing security metrics and KPIs to measure program effectiveness

• Presenting security status and risks to executive leadership

• Strong knowledge of security frameworks (OWASP, NIST, CIS)

Tooling:

• Experience with application security tooling such as Veracode, GitHub Advanced Security OWASP ZAP, JFrog Artifactory - Xray and Curation

• Experience with penetration tooling such as Burp Suite, Metasploit, Kali Linux

• Experience with cybersecurity platforms such as HackerOne and Bugcrowd

Certifications

• Relevant security certifications (e.g., CISSP, CISM, OSCP)

Additional Knowledge & Critical Skills:

• Proven ability to conceptualize, drive and deliver multiple projects on time.

• Process improvement, solution implementation, and change management.

• Knowledge of healthcare, privacy, and financial compliance regulations (PCI, HIPAA. GDPR)

• Strong analytical and troubleshooting skills with an understanding of IT business operations and information security