MTA - Senior Pentesting Engineer

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

Penetration Testing

• Plan, execute, and report on penetration tests targeting web applications, APIs, mobile apps, infrastructure, and cloud environments.
• Simulate real-world attacks to assess the effectiveness of security controls and incident response capabilities.
• Develop customized exploits and tools to support advanced testing relevant to the engagement.
• Collaborate with external pentest vendors and service providers.

Vulnerability Assessment & Exploitation

• Conduct in-depth vulnerability assessments using both automated tools and manual techniques.
• Validate and exploit vulnerabilities to demonstrate potential impact and risk.
• Collaborate with Application teams and peer Cybersecurity groups to ensure timely remediation and risk mitigation.

Security Tooling & Automation

• Develop and maintain custom scripts and tools to support testing activities.
• Contribute to security tools and processes in CI/CD pipelines for improved testing.
• Evaluate and deploy commercial and open-source security testing tools.

Reporting & Communication

• Deliver detailed, actionable reports to technical and non-technical stakeholders.
• Present findings and recommendations to engineering, operations, and leadership teams.
• Maintain documentation of testing methodologies, tools, and results.

Security Research & Innovation

• Stay current with emerging threats, vulnerabilities, and offensive security techniques.
• Participate in threat modeling and contribute to the development of attack simulations.
• Mentor junior team members and contribute to internal knowledge sharing.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field. Advanced certifications preferred (e.g., OSCP, OSCE, GPEN, GCPN, GXPN).Typically requires 5+ years of hands-on experience in penetration testing, red teaming, or offensive security.

• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Expertise in tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, and Kali Linux.
• Experience with cloud penetration testing (AWS, Azure, GCP).
• Familiarity with MITRE ATT&CK framework and threat emulation techniques.
• Understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10)

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, pleaseclick here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson's full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!