Senior Penetration Testing Engineer

McKesson is an impact-driven Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights products and services that make quality care more accessible and affordable. Here we focus on the health happiness and well-being of you and those we serve we care.

What you do at McKesson matters. We foster a culture where you can grow make an impact and are empowered to bring new ideas. Together we thrive as we shape the future of health for patients our communities and our people. If you want to be part of tomorrows health today we want to hear from you.

The McKesson Pentest Team (MPT) is seeking a seasoned Senior Penetration Testing Engineer to join our team and organization. At its core our mission is to identify what truly breaks security and ensure those weaknesses are resolved before they can be exploited.

This role is critical in proactively identifying and mitigating security vulnerabilities across our applications infrastructure and cloud environments. The ideal candidate will have extensive experience in offensive security red teaming and vulnerability exploitation and will strengthen our security posture through rigorous testing and threat simulation.

Key Responsibilities:

Penetration Testing

• Plan execute and report on penetration tests targeting web applications APIs mobile applications infrastructure and cloud environments across McKesson.

• Identify exploitable vulnerabilities with both automated tools and manual techniques.

• Assist system and application owners in understanding risk and implementing effective remediation.

• Develop customized tools and exploitation techniques to support advanced testing tailored to specific engagements.

• Collaborate and communicate effectively with external penetration testing vendors and service providers.

Security Tooling & Automation

• Develop and maintain custom scripts and tools to support testing activities.

• Contribute to the integration of security tools and processes within CI/CD pipelines to improve testing coverage and efficiency.

• Evaluate and deploy commercial and open-source security testing tools.

Project Management

• Partner with application teams to gain a thorough understanding of environments and define scope for business critical McKesson applications.

• Define scope and track compliance of applications and entities with penetration testing policy requirements including PCI DSS HIPAA and SOC.

• Schedule and coordinate outreach with application teams to manage engagements with internal or external vendor resources.

Reporting & Communication

• Deliver detailed actionable reports to technical and non-technical stakeholders.

• Present findings and recommendations to engineering operations and leadership teams.

• Maintain documentation of testing methodologies tools and results.

Security Research & Innovation

• Stay current with emerging threats vulnerabilities and offensive security techniques.

• Participate in threat modeling and contribute to the development of attack simulations.

• Mentor junior team members and contribute to internal knowledge sharing.

Minimum Requirements:

• Degree or equivalent andtypically requires 7 years ofrelevant experience.

Critical Experience/Technical Skills:

• Proficiency in scripting languages such as Python Bash or PowerShell.

• Expertise in tools such as Burp Suite Pro Owasp ZAP Nmap and Kali Linux suite of tools for Web and Network Penetration testing.

• Experience with cloud penetration testing (AWS Azure GCP).

• Familiarity with MITRE ATT&CK framework and threat emulation techniques.

• Understanding of secure coding practices and common vulnerabilities (e.g. OWASP Top 10)

• Strong analytical and problem-solving abilities.

• Excellent written and verbal communication skills.

• Project and time management skills.

Preferred Knowledge & Skills:

• Bachelors degree (in Computer Science Cybersecurity or a related field) or equivalent work experience.

• Advanced certifications (e.g. OSCP OSWA OSWE OSEP OSCE BSCP HTB CWES HTB CWEE or other).

• Experience in purple teaming and collaboration with defensive security teams.

• Experience managing application security tools including SAST DAST SCA and WAF solutions.

• Experience with bug bounty programs including platforms such as HackerOne and Bugcrowd.

• Knowledge of regulatory frameworks including PCI DSS HIPAA and NIST standards.

• Interest in and experience with AI including development infrastructure agents penetration testing or red teaming use cases (e.g. XBOW Hadrian NOVA Horizon3 Pentera vPenTest or open source alternatives).

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors including performance experience and skills equity regular job market evaluations and geographical markets. The pay range shown below is aligned with McKessons pay philosophy and pay will always be compliant with any applicable regulations. In addition to base pay other compensation such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson pleaseclick here.

Our Base Pay Range for this position

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKessons (or affiliated entities like CoverMyMeds or RxCrossroads) name in fraudulent emails job postings or social media light of these scams please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: .

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees without regard to race color religion sex sexual orientation gender identity national origin protected veteran status disability age genetic information or any other legally protected category. For additional information on McKessons full Equal Employment Opportunity policies visit our Equal Employment Opportunity page.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment please contact us by sending an email to (United States) or (Canada) . Resumes or CVs submitted to this email box will not be accepted.

Join us at McKesson!