McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. The Senior Security Engineer will lead security incident response efforts, ensure compliance with regulatory requirements, audit the AWS environment, and mentor junior team members.
Responsibilities:
- Lead security incident response efforts, document breaches, and coordinate responses with cross-functional teams
- Collaborate with cross-functional teams, and ensure compliance with regulatory requirements and industry standards
- Audit the AWS environment for security and compliance
- Perform risk assessments with a focus on AWS services and provide technically detailed mitigation strategies based on impacts
- Assist in uncovering network, system, and service, vulnerabilities in the AWS environment; coordinate responses to risks and vulnerabilities, and design and deploy security measures
- Monitor AWS networks and other resources for security-related issues on an ongoing basis
- Develop and document companywide best practices for IT security
- Mentorship of junior team members and cross-training of peers is expected
- Represent the organization in security-related forums and conferences
- May be asked to present or participate in relevant forums
- Stay up to date on IT and security trends
- Perform other security duties as needed and as consistent with these roles and responsibilities
Requirements:
- Bachelor's degree, or foreign equivalent, in Information Technology, Electrical and Electronic Engineering, or a related field
- Four (4) years of experience as a Information Security Analyst, Junior Security Engineer, Security Engineer, Information Technology Specialist or related occupation
- In lieu of the Bachelor's degree and 4 years of experience, Employer will also accept Six (6) years of experience as a Information Security Analyst, Junior Security Engineer, Security Engineer, Information Technology Specialist or related occupation
- 1 year of experience in using AWS Security services to monitor for risks, vulnerabilities, and threats
- 1 year of experience in writing code in an infrastructure-as-code environment to deploy security related services, applications, and tools
- 2 years of experience in scripting and Automation using languages including one of Python, Perl, Shell scripting, or Terraform
- 2 years of experience in Information Security tools including one of SIEM, IDS or IPS, WAF, Firewalls, or Vulnerability Assessment