Senior Penetration Testing Engineer

McKesson is a leading healthcare services company.

The McKesson Pentest Team (MPT) is seeking a seasoned Senior Penetration Testing Engineer to join our team and organization. At its core, our mission is to identify what truly breaks security and ensure those weaknesses are resolved before they can be exploited.

This role is critical in proactively identifying and mitigating security vulnerabilities across our applications, infrastructure, and cloud environments. The ideal candidate will have extensive experience in offensive security, red teaming, and vulnerability exploitation, and will strengthen our security posture through rigorous testing and threat simulation.

• Plan, execute, and report on penetration tests targeting web applications, APIs, mobile applications, infrastructure, and cloud environments across McKesson.
• Identify exploitable vulnerabilities with both automated tools and manual techniques.
• Assist system and application owners in understanding risk and implementing effective remediation.
• Develop customized tools and exploitation techniques to support advanced testing tailored to specific engagements.
• Collaborate and communicate effectively with external penetration testing vendors and service providers.

• Develop and maintain custom scripts and tools to support testing activities.
• Contribute to the integration of security tools and processes within CI/CD pipelines to improve testing coverage and efficiency.
• Evaluate and deploy commercial and open‑source security testing tools.

• Partner with application teams to gain a thorough understanding of environments and define scope for business critical McKesson applications.
• Define scope and track compliance of applications and entities with penetration testing policy requirements, including PCI DSS, HIPAA, and SOC.
• Schedule and coordinate outreach with application teams to manage engagements with internal or external vendor resources.

• Deliver detailed, actionable reports to technical and non‑technical stakeholders.
• Present findings and recommendations to engineering, operations, and leadership teams.
• Maintain documentation of testing methodologies, tools, and results.

• Stay current with emerging threats, vulnerabilities, and offensive security techniques.
• Participate in threat modeling and contribute to the development of attack simulations.
• Mentor junior team members and contribute to internal knowledge sharing.

• Degree or equivalent; typically requires 7+ years of relevant experience.

• Proficiency in scripting languages such as Python, Bash, or Power Shell.
• Expertise in tools such as Burp Suite Pro, Owasp ZAP, Nmap, and Kali Linux suite of tools for Web and Network Penetration testing.
• Experience with cloud penetration testing (AWS, Azure, GCP).
• Familiarity with MITRE ATT&CK framework and threat emulation techniques.
• Understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10).
• Strong analytical and problem‑solving abilities.
• Excellent written and verbal communication skills.
• Project and time management skills.

• Bachelor’s degree (in Computer Science, Cybersecurity, or a related field) or equivalent work experience.
• Advanced certifications (e.g., OSCP, OSWA, OSWE, OSEP, OSCE, BSCP, HTB CWES, HTB CWEE, or other).
• Experience in purple teaming and collaboration with defensive security teams.
• Experience managing application security tools, including SAST, DAST, SCA, and WAF solutions.
• Experience with bug bounty programs, including platforms such as Hacker One and Bugcrowd.
• Knowledge of regulatory frameworks, including PCI DSS, HIPAA, and NIST standards.
• Interest in and experience with AI, including development, infrastructure, agents, penetration testing, or red teaming use cases (e.g., XBOW, Hadrian NOVA, Horizon3, Pentera, vPenTest, or open source alternatives).

$127,600 - $212,600

Competitive compensation package includes base pay, annual bonus, long‑term incentives, and benefits. Pay is compliant with applicable regulations.

McKesson is an Equal Opportunity Employer and offers opportunities to all job seekers, including those with disabilities. For reasonable accommodation requests, contact Disabili or  Resumes or CVs submitted to this email will not be accepted.