CT - Lead Incident Response Coordinator

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Position Summary (Purpose of job):

We are looking for an experienced professional to fill our Lead Incident Response Coordinator position. The Lead Incident Response Coordinator is a critical role within the Cyber Detect & Respond Service Category of the Cybersecurity department, focused on managing the organization’s response to security incidents. This position is intended for an individual contributor or project lead who brings deep expertise in cybersecurity and incident response. The individual will leverage their extensive experience to lead complex incident response activities, provide strategic solutions, and serve as a key consultant across the organization. 

The ideal candidate will possess strong technical expertise in cybersecurity, a deep understanding of incident response processes, and the ability to navigate complex situations with creative solutions. They will act as a lead contributor within the team and mentor others while working on projects that significantly impact the organization’s long-term cybersecurity objectives. 

Responsibilities  
• Leading incident triage activities such as host analysis and retrieval, malware analysis, remote system analysis, network device log review, end-user interviews, and remediation efforts.  

• Coordinate and drive incident response efforts across the enterprise (identification, analysis, containment, eradication, and recovery), and post-mortem lessons learned.  

• Perform host-based forensic reviews of systems to determine facts relevant to incident investigations and relay that information accurately to applicable stakeholders in real-time.  

• Perform root cause analysis of security events and incidents to facilitate continuous improvement of processes and detection/prevention strategies.  

• Compile and disseminate detailed investigation reports to applicable stakeholders when required.  

Requirements  

• 10+ years of relevant cyber security experience in Threat Hunting, IT Security, Incident Response, or network security with strong knowledge working in a Security Operations or Incident Response team.  

• Experience with risk management, vulnerability management, threat analysis, security auditing, security monitoring, incident response and other information security practices.  

• Strong analytical and investigation skills.  

• Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants.  

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.  

• Working knowledge of root causes of malware infections and proactive mitigation.  

• Working knowledge of lateral movement, footholds, and data exfiltration techniques  

• Ability to mentor and potentially independently lead a team of Digital Forensics and Incident Response professionals.  

Preferred Technical and Professional Expertise  

• One or more of the following security certifications or equivalent: GCIH (GIAC Certified Incident Handler), GCFA (GIAC Certified Forensic Analyst), GNFA (GIAC Network Forensic Analyst), CCFP (Certified Cyber Forensics Professional), and CFCE (Certified Forensic Computer Examiner)  

• Masters Computer Science or equivalent degree is preferred  

• Knowledge of the underlying logic that security alerts are built upon and apply them when analyzing raw logs and creating new dashboards and alerts.  

• Recognize complex problems, analyze situations and provide suggested and/or implemented resolution(s)  

• Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions.  

• Provide leadership and guidance to the team and act as a resource to the team members.  

• Experience with one or more scripting languages (e.g., PowerShell, Python, JavaScript, Perl)  

• Perform memory analysis and malware analysis  

• Experience with computer exploitation methodologies

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!