CT Sr Information Security Analyst, DevSecOps

$116,700 - $194,500/Yr

McKesson - Irving, TX

posted 26 days ago

Full-time - Mid Level
Irving, TX
1-10 employees
Merchant Wholesalers, Nondurable Goods

About the position

The position involves integrating security best practices into the Software Development Life Cycle (SDLC) at McKesson, a Fortune 10 company focused on healthcare. The role emphasizes the adoption of DevSecOps practices, vulnerability management, compliance, and security awareness training, ensuring that security is a fundamental aspect of the development process. The individual will collaborate with various teams to enhance security measures and maintain compliance with relevant regulations.

Responsibilities

  • Collaborate with development teams to integrate security best practices into all phases of the Software Development Life Cycle (SDLC).
  • Implement and manage security automation tools (e.g., SAST, DAST, SCA) within the CI/CD pipeline.
  • Advise on secure code management practices and CI/CD configurations such as branch protections and dependency/supply chain security.
  • Lead the adoption and implementation of DevSecOps practices across the organization.
  • Automate security testing, monitoring, and reporting processes using industry-standard tools and frameworks.
  • Collaborate with DevOps teams to ensure secure infrastructure as code (IaC) and container security.
  • Conduct regular vulnerability assessments and penetration testing on applications and infrastructure.
  • Monitor and analyze security incidents and vulnerabilities reported by various sources, including threat intelligence feeds.
  • Work closely with development and operations teams to prioritize and remediate vulnerabilities in a timely manner.
  • Ensure all development activities comply with the organization's security policies and standards, and other relevant cybersecurity frameworks and regulations.
  • Develop and maintain security documentation, including security policies, procedures, and guidelines.
  • Prepare detailed reports on security findings, incidents, and remediation efforts for stakeholders and leadership.
  • Provide training and guidance to development, operations, and QA teams on secure coding practices, DevSecOps, and security standards.

Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in software security analysis, secure software development, or a related field.
  • 3+ years of hands-on experience with DevSecOps practices, tools, and automation frameworks.
  • Proficiency in programming languages such as Python, Java, or C++.
  • Experience with security tools such as OWASP ZAP, Veracode, SonarQube, GitHub Advanced Security.
  • Expertise in CI/CD tools like GitHub Actions, Jenkins, GitLab CI, or Azure DevOps.
  • Knowledge of containerization technologies (Docker, Kubernetes) and cloud security (AWS, Azure, GCP).
  • Strong problem-solving skills and the ability to think critically about security challenges.
  • Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
  • Ability to work collaboratively in a fast-paced, team-oriented environment.

Nice-to-haves

  • Knowledge of healthcare, privacy, and financial compliance regulations.
  • Knowledge and experience with secure deployment of applications within cloud environment.
  • Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.
  • Experience with Vulnerability Management Tooling.

Benefits

  • Competitive compensation package including base pay and potential bonuses.
  • Annual bonus or long-term incentive opportunities.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service