Sr. Associate, Information Security Analyst

Responsibilities

• Monitor, investigate, and analyze security alerts and events, applying intermediate‑level triage and determining potential business impact.
• Lead initial incident investigation activities by gathering evidence, analyzing indicators, and preparing detailed documentation for senior analysts.
• Conduct vulnerability assessments, interpret scan results, and recommend remediation actions to reduce risk exposure.
• Perform routine security audits, control testing, and assessments aligned with regulatory and compliance requirements.
• Research emerging threats, trends, and technologies, incorporating findings into threat assessments and security enhancements.
• Contribute to the development and refinement of security policies, standards, operating procedures, and detection playbooks.
• Collaborate with cross‑functional teams to support secure system designs, mitigate risks, and review technology implementations.
• Provide guidance to Level 1 analysts, supporting knowledge transfer, mentoring, and skill development.
• Produce clear, concise reports on incidents, vulnerabilities, and operational findings for both technical and management stakeholders.
• Recommend enhancements to tools, dashboards, and workflows to improve detection efficiency and operational effectiveness.
• Minimum Requirement : Degree or equivalent and typically requires 2+ years of relevant experience.
• Critical Skills :
• Knowledge of identity practices including implementing user credential management systems and enforcing Access Controls .
• Developing skills in performing event correlation and recognizing behavioral patterns using enterprise telemetry.
• Ability to assist with performing incident responses (triage, containment support, evidence capture).
• Developing skills in performing metadata analysis to enrich alerts and support root-cause hypotheses.
• Ability to enhance visibility by validating securing network communications across platforms.
• Developing skills in troubleshooting system performance with consideration for security misconfigurations.
• Knowledge of applied Cryptography and awareness of implementing enterprise key escrow systems .
• Developing skills in creating and maintaining automated security control systems for repetitive checks.
• Ability to present findings in short preparing briefings to technical stakeholders.
• Knowledge of Artificial Intelligence (AI) Security risks and data protection concerns (introductory).

Requirements

• Experience working with SIEM, vulnerability management platforms, endpoint security tools, or related enterprise security technologies.
• Exposure to compliance frameworks, security audits, or risk assessments within regulated environments.
• Candidate must be authorized to work in the U.S, now or in the future, without the support from McKesson.

Benefits

Additional Information

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care. What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you. Position Summary (Purpose of job): The Information Security Analyst - Level 2 plays a critical role in advancing McKesson's cybersecurity posture by performing deeper analysis of security events, supporting incident investigations, and contributing to the implementation of security controls across the enterprise. Operating within a regulated environment, this role builds on foundational skills to independently assess threats, identify vulnerabilities, and provide insights that inform risk‑based decision making. The Analyst is responsible for executing more complex operational tasks, recommending improvements to existing processes, and participating in audits and compliance activities. This role contributes to enterprise security by evaluating security data, validating remediation plans, and collaborating with senior analysts, engineering teams, and business partners to ensure solutions are aligned with organizational security requirements. The Analyst provides developing subject matter expertise, supports knowledge sharing, and contributes to strengthening McKesson's cyber resilience through proactive monitoring and continuous improvement efforts.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at McKesson? Share your experience