CT - Senior Security Event Analyst

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

McKesson’s Senior Security Event Analyst will be a member or our Cyber Investigations & Response Team responsible for monitoring, detecting, triaging, and responding to security events and incidents in a 24 x 7 global environment. Your mission is to timely detect and respond to security event and possible security incidents from enterprise networks. To execute this mission, you will use data analysis, threat intelligence, and cutting-edge security technologies.  

 
Responsibilities:

• Primary responsibilities include developing and mentoring the SOC L1/L2 Information Security Analysts, ensuring processes are followed, updating and creating new processes as needed, setting and tracking metrics, and driving new detections/use cases from the SOC Analyst perspective.  

• Serves as an escalation point of contact for L1 and L2 Security Operations Center (SOC) analysts.  

• Work collaboratively with multiple teams as well as subject matter experts to include threat hunters, counter-threat Intelligence analysts, incident responders and forensic investigators.  

• Stay current with and remain knowledgeable about new threats. Analyze threat actor tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.  

• Utilize security models and frameworks for documenting and tracking purposes, (e.g. MITRE ATT&CK framework, Cyber Kill Chain (CKC) framework).

• Leverage automation and orchestration solutions to automate repetitive tasks.  

• Assist with incident response as events are escalated, including triage, remediation and documentation.  

• Collaborates with the owners of cyber defense tools to tune systems for optimum performance and to maximize detection and prevention effectiveness. and minimize false positives.  

• Work alongside other security team members to search for and identify security issues generated from the network, including third-party relationships.  

• Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats. 

Qualifications:

• 7+ years of relevant cyber security experience in Threat Hunting, IT Security, Incident Response or network security with strong knowledge working in a Security Operations Center, Incident Response team, or Threat Hunting team. 

• Experience working in a 24x7 operational environment, with geographic disparity preferred.  

• Experience driving measurable improvement in monitoring and response capabilities at scale.  

• Experience working with SIEM systems, Endpoint Detection and Response (EDR) solutions, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), Data Loss Prevention and other network and security monitoring tools. 

• Strong analytical and investigation skills.

• Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and consultants.

• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

Preferred Technical and Professional Expertise:

• One or more of the Cyber Security related certifications such as Security+, CySA+, CASP+, Pentest+, CEH, GSEC, GCIH, GCIA, CISSP, etc. 

• Bachelor’s degree in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, or Information Systems. or equivalent degree is preferred. 

• Working knowledge/experience with network systems, security principles, applications and risk and compliance initiatives such as Health Information Portability and Accountability Ace (HIPAA), HITRUST, Sarbanes-Oxley Act (SOX) and the General Data Protection Regulation (GDPR). 

• Experience and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies, proxy technologies, and antivirus, spam and spyware solutions. 

• Experience with one or more scripting languages (e.g., Python, JavaScript, Perl).

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!