MTA – Vulnerability Management Analyst

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Current Need:

We are seeking a motivated and detail-oriented Vulnerability Management Analyst to assist with the operation and support of our enterprise vulnerability management program. This role is responsible for the daily administration, support, and basic troubleshooting of vulnerability scanning tools, agents, and related infrastructure. The ideal candidate will have foundational knowledge of system administration, scripting basics, and familiarity with cybersecurity principles, especially around vulnerability assessment and remediation support.

Responsibilities:

• Assist in administering and supporting vulnerability scanning servers, agents, and related infrastructure.
• Monitor vulnerability scan performance and support troubleshooting activities for scanning agents and engines across Windows, Linux, and containerized environments.
• Contribute to the development and refinement of scripts and automation workflows under the guidance of senior analysts.
• Collaborate with IT and security teams to communicate vulnerabilities, coordinate remediation efforts, and track remediation progress.
• Clearly document scan results and effectively communicate vulnerability findings to technical team members.
• Demonstrate empathy and understanding when working with application teams and infrastructure support during vulnerability remediation activities.
• Take accountability for assigned tasks and ensure accurate record-keeping and tracking of vulnerability remediation efforts.
• Actively participate in team efforts to improve vulnerability management processes, policies, and documentation.
• Stay informed on current vulnerability trends and basic threat intelligence relevant to assigned tasks.

Key Results:

• Support the maintenance of a reliable and effective vulnerability scanning infrastructure, minimizing false positives and disruptions.
• Ensure accurate and timely reporting of vulnerability findings to relevant stakeholders.
• Contribute positively to organizational security posture by supporting collaborative remediation processes and clear documentation.
• Foster professional relationships through transparent communication and consistent accountability in task execution.
• Support senior team members in automation improvements, contributing to operational efficiency.

Required / Basic Qualifications:

• 5 - 7+ years industry experience
• 2 - 4+ years of experience in vulnerability management, IT system administration, or security operations.
• Familiarity with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7).
• Basic knowledge of Linux and Windows server administration.
• Basic scripting skills (e.g., Python, Bash, or PowerShell).
• General understanding of asset management systems and CMDB concepts.
• Basic knowledge of vulnerability scoring methodologies (CVSS & EPSS) and patch management concepts.

Preferred Qualifications:

• Bachelor’s degree in Information Security, Computer Science, Engineering, or related field; or equivalent practical experience.

• Good communication, documentation, and interpersonal skills.
• Relevant entry-level certifications such as Security+ or equivalent are preferred but not required.

Core Competencies:

• Professionalism: Demonstrates reliability, integrity, and accountability in performing daily tasks.
• Professional Empathy: Shows understanding and support for peers and cross-departmental colleagues during collaboration.
• Transparency: Communicates openly, accurately, and promptly within the team.
• Ownership Mindset: Takes initiative in assigned responsibilities and consistently delivers results with accountability.

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.  In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. 

Our Base Pay Range for this position