McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
We are seeking a Penetration Testing Engineer to join our Cybersecurity team. This role is pivotal in proactively identifying and mitigating security vulnerabilities across our applications, infrastructure, and cloud environments. The ideal candidate will have experience in offensive security, red teaming, and vulnerability exploitation, and will contribute to strengthening our security posture through rigorous testing and threat simulation.
Key Responsibilities:
Penetration Testing
Plan, execute, and report on penetration tests targeting web applications, APIs, mobile apps, infrastructure, and cloud environments.
Simulate real-world attacks to assess the effectiveness of security controls and incident response capabilities.
Develop customized exploits and tools to support advanced testing relevant to the engagement.
Vulnerability Assessment & Exploitation:
Conduct in-depth vulnerability assessments using both automated tools and manual techniques.
Validate and exploit vulnerabilities to demonstrate potential impact and risk.
Collaborate with Application teams & peer Cybersecurity groups to ensure timely remediation and risk mitigation.
Project Management
Scope and track compliance of applications & entities with pentest policy requirements.
Scheduling and customer reach out to coordinate engagements with internal or external vendor resources.
Reporting & Communication:
Deliver detailed, actionable reports to technical and non-technical stakeholders.
Present findings and recommendations to engineering, operations, and leadership teams.
Maintain documentation of testing methodologies, tools, and results.
Security Research & Innovation:
Stay current with emerging threats, vulnerabilities, and offensive security techniques.
Participate in threat modeling and contribute to the development of attack simulations.
Required / Basic Qualifications:
4+ years of hands-on experience in penetration testing, bug bounty, red teaming, or other relevant offensive security roles.Experience with Bug Bounty programs (HackerOne, BugCrowd) Proficiency in tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, and Kali Linux. Experience with cloud penetration testing (AWS, Azure, GCP). Familiarity with MITRE ATT&CK framework and threat emulation techniques. Understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10)..
Preferred Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, or a related field. Advanced certifications preferred (e.g., OSCP, OSCE, GPEN, GCPN, GXPN).
Strong analytical and problem-solving abilities.
Excellent written and verbal communication skills.
Project and time management skills
Experience in purple teaming and collaboration with defensive teams.
Experience managing application security tools (SAST, DAST, SCA, WAF).
At McKesson, we care about the well-being of the patients and communities we serve, and that starts with caring for our people. That’s why we have a Total Rewards package that includes comprehensive benefits to support physical, mental, and financial well-being. Our Total Rewards offerings serve the different needs of our diverse employee population and ensure they are the healthiest versions of themselves.
As part of Total Rewards, we are proud to offer a competitive compensation package at McKesson. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
Our Base Pay Range for this position
€53,300 - €88,800