McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

CURRENT NEED:

We are seeking a driven and technically skilled Vulnerability Management Engineer to support and enhance our enterprise vulnerability management infrastructure. This role will be focused on deploying, maintaining, and automating vulnerability management tools and processes. The ideal candidate should possess solid scripting abilities, familiarity with automation concepts, foundational system administration skills, and experience or strong interest in cybersecurity best practices related to vulnerability management.

REQUIRED / BASIC QUALIFICATIONS:

• 5 - 7+ years industry experience
• 2 - 4+ years of experience in system administration, scripting/automation, cybersecurity, or vulnerability management.
• Hands-on experience with vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7).
• Strong proficiency in scripting and automation tools (e.g., Python, PowerShell, Bash).
• Basic to intermediate knowledge of Linux and Windows administration.
• Familiarity with asset management tools, CMDB integrations, and security orchestration platforms.
• Basic understanding of CVSS & EPSS scoring and patch management processes.

PREFERRED QUALIFICATIONS:

• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related technical field; or equivalent practical experience.
• Excellent communication, technical writing, and interpersonal skills.
• Relevant entry-level certifications such as Security+, GSEC, or similar are preferred but not required.

• Enhance operational efficiency and accuracy through effective scripting and automation of vulnerability management processes.
• Maintain highly available and reliable vulnerability management infrastructure, minimizing false positives and scanning disruptions.
• Deliver clear, actionable vulnerability data to stakeholders, improving organizational security posture.
• Foster cross-departmental collaboration and trust through transparent, professional communication.
• Contribute significantly to the continuous improvement of vulnerability management processes and workflows through innovative automation solutions.