Sr. Specialist, Product Security Engineering

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.

Rx Savings Solutions (RxSS), part of McKesson’s CoverMyMeds business segment, is at the forefront of digital healthcare advancement. We are committed to redefining how consumers interact with health care products by providing accessible and affordable solutions. Founded and operated by a team of pharmacists and software engineers, our software-as-a-service (SaaS) products provide collaborative, cost-saving solutions for purchasing prescription drugs. 

We are currently seeking a Sr Specialist, Product Security Engineer to support sales efforts by providing technical expertise and solutions related to cybersecurity, and spearhead the automation of security policies and compliance audits to ensure robust protection and adherence to industry standards. This role involves designing and implementing security policies as code, developing automated solutions for client, SOC2, and SOX audits, and collaborating with cross-functional teams to integrate security practices into the development lifecycle. The ideal candidate will possess extensive experience in product security engineering that includes customer stakeholder engagement, strong knowledge of security frameworks, and proficiency in automation tools and scripting languages. This position requires excellent client-facing skills, problem-solving skills, technical leadership, and the ability to stay current with evolving security trends and regulations.

*Our preferred candidate will reside in Columbus, OH or Overland Park, KS areas. Position will primarily allow for remote working with occasional in-office support for presence for key meetings.

*We are unable to provide sponsorship now or in the future for this position.  

Key Responsibilities:

As a Sr Specialist, Product Security Engineer, your daily to-dos will shift with business needs, but here’s a snapshot of what to expect:

Security Development

• Lead the design, implementation, and maintenance of security policies as code to ensure consistent and automated enforcement across all products.

• Create policy as code as given by McKesson Cyber Security, to allow for consistent and automated enforcement of security measures across all products. By using code to define security policies, the engineer can ensure that these policies are applied uniformly and can be easily updated and maintained. This also facilitates automated checks and enforcement, reducing the risk of human error and ensuring that security standards are consistently met.

Audit

• Develop and manage automated solutions for security questionnaires, SOC2, and SOX audits, ensuring compliance with industry standards and regulations.

• Will create and oversee automated systems that handle security questionnaires and audits related to SOC2 and SOX, with the goal being to ensure our company's products and processes comply with industry standards and regulations. By automating these solutions, the engineer can streamline the process, reduce manual effort, and minimize the risk of errors. This also helps in maintaining up-to-date compliance with evolving standards and regulations, ensuring that the company remains in good standing with regulatory bodies.

Governance

• Consult with cross-functional teams, Directors and above, to integrate security practices into the software development lifecycle.

• Work closely with various teams, such as development, operations, and quality assurance, to ensure that security measures are embedded throughout the software development process.

• Ensure security is a fundamental part of the develop lifecycle, from initial design to deployment and maintenance.

• Ensure security is considered at every state of development by collaborating with teams to identify potential security risks early on, implement best practices, and ensure security is considered at every stage of development. This approach helps in building secure products and reduces the likelihood of vulnerabilities being introduced during development.

Security Architecture

• Be the go-to person for any questions or issues related to security for Rx Savings Solutions, providing advice and solutions to address inquiries and incidents.

• Possess deep understanding of security principles and practices, as well as the ability to communicate effectively with different stakeholders.

• Act as a point of contact to ensure security concerns are promptly addressed and that the organization can respond quickly and effectively to any security incidents.

Mentoring

• Provides training and development opportunities to help junior engineers build their skills and knowledge in security practices.

• Offers constructive feedback, support, and guidance on security-related tasks and projects.

• Fosters a culture where junior engineers are encouraged to stay updated on the latest security trends, continuously improve their practices, and actively contribute to the overall security posture of the organization.

Required Education and Experience:

• Bachelor’s degree in Computer Science, Information Security or related field and experience, and 7+ years of relative experience in product security engineering with a focus on automation and compliance.

• Strong knowledge of security frameworks and standards, including SOC2, SOX, and other relevant regulations.

• Proficiency in scripting and programming languages (e.g., Python, Bash, JavaScript) for automation purposes.

• Experience with infrastructure as code (IaC) tools such as Terraform, Ansible, or similar.

• Familiarity with CI/CD pipelines and DevSecOps practices.

• Excellent problem-solving skills and attention to detail.

• Strong communication and interpersonal skills.

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees and is committed to a diverse and inclusive environment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age or genetic information. For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page.

Join us at McKesson!