MTA - Sr WAF Engineer

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

McKesson is in the business of better health, and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies, and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy. 

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all. 

We understand the importance of a system that works together. Your expertise drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.  

We are seeking a highly skilled and experienced Senior Web Application Firewall (WAF) Engineer with a strong focus on the automation of security platforms. The ideal candidate will have significant experience using Imperva WAF solutions.

Responsibilities: 

• Design, implement, and manage WAF solutions to safeguard web applications from external threats such as SQL injection, cross-site scripting, and other vulnerabilities. 

• Develop and maintain automation scripts and tools to streamline WAF management and deployment processes. 

• Successfully implement and maintain Imperva WAF solutions across all web applications. 

• Achieve significant reduction in security incidents and vulnerabilities related to web applications. 

• Develop and deploy automation tools that improve the efficiency and effectiveness of WAF management. 

• Ensure seamless integration of WAF solutions into the CI/CD pipeline. 

• Monitor and analyze WAF alerts and logs to identify and mitigate potential security threats. 

• Work closely with the security team to establish and enforce security policies and standards. 

• Collaborate with application development teams to integrate security measures within the software development lifecycle. 

• Participate in incident response activities and provide technical expertise in the investigation and resolution of security incidents. 

• Conduct regular security assessments and vulnerability scans to ensure the effectiveness of WAF protections. 

• Provide technical guidance and support to IT teams on WAF configuration, tuning, and optimization. 

• Train and mentor junior engineers and team members. 

• Stay updated with the latest security trends, vulnerabilities, and attack vectors to continuously improve WAF configurations and rulesets. 

• Prepare and present detailed reports on security incidents and WAF performance to stakeholders. 

Minimum Requirements: 

Bachelor's degree in Computer Science, Information Technology, or a related field; or equivalent experience. 

Minimum of 7 years of experience in web application security and WAF solutions. 

Extensive experience with WAF products such as Imperva Incapsula, Akamai, F5. 

Proficiency in scripting and automation tools such as Python, Bash, or PowerShell. 

Strong understanding of web application security principles, OWASP Top 10, and common attack vectors. 

Experience with CI/CD tools and processes. 

Excellent problem-solving skills and the ability to work under pressure. 

Strong communication skills, both written and verbal. 

Relevant certifications (e.g., CISSP, CEH, GWEB) are a plus. 

Additional Knowledge & Critical Skills:** 

Deep knowledge of network protocols and web technologies (HTTP, HTTPS, SSL/TLS, etc.). 

Experience with cloud-based WAF solutions and environments (AWS WAF/Cloudfront, Azure Frontdoor, GCP Cloud Armor). 

Familiarity with other security tools and technologies (SIEM, IDS/IPS, firewalls, etc.). 

Ability to work independently as well as part of a team. 

Strong analytical skills with attention to detail. 

At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.

As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations.  In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. 

Our Base Pay Range for this position