McKesson Software Security Specialist (SOAP, REST, CI/CD, SAFE Agile) in Scottsdale, Arizona
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. At McKesson Specialty Health, our products and services span the full continuum of specialty patient care. From the initial phases of a product life cycle and the distribution of specialty drugs, to fully integrated healthcare technology systems, practice management support, and ultimately to patient care in the communities where they live, we empower the community patient care delivery system by helping community practices advance the science, technology and quality of care.
We have a vision —that the long-term vibrancy of community care will be achieved through the leadership of physicians committed to clinical excellence and innovation, enabled by close collaboration with our organization and our deep clinical, operational and technological expertise.Every single McKesson employee contributes to our mission—by joining McKesson Specialty Health you act as a catalyst in a chain of events that helps millions of people all over the globe. You’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
Join our team of leaders to begin a rewarding career.
The Quality Engineering Security Specialist is responsible for leading the evaluation and testing the security and compliance of software solutions. Provides leadership in the development of QA processes and procedures. Candidates will be a part of the software quality assurance team for any internal or external application development projects.
Work closely with application development and platform teams to help formulate and implement a testing strategy for software security that is tailored to the specific risks facing the organization, including threat modelling and applications security advisement services.
Develop and maintain a balanced application security testing program based on a well-defined application security framework.
Conduct application security assessments/penetration tests and reuse tools for dynamic/automated code reviews.
Able to advise risks in the program and testing activities and propose mitigation plans for encountered risks
Able to prioritize work around security testing based on business priorities
Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
Conduct Application, API and penetration testing.
Work with Developers to Develop and maintain unit and integration tests designed to ensure security controls are tested on every build.
Partner with Company Security team to evaluate and perform Root cause analysis on Security Scan reports, understand what remedial actions are needed with development teams and ensure vulnerabilities are closed with highest priority and attention
Partner with development teams to work together on application, API testing and have Security tests run in parallel to ensure Dynamic testing is achieved from Security standpoint
Have Security test requirements Embedded in the Product development life cycle
6 years experience in software and/or program testing.
7 years of strong coding experience, must have strong experience coding in at least one programming language.
7 years Experience with REST and SOAP service endpoints
5 years Strong understanding of general web technologies and distributed/web-based SaaS architecture
7 years testing experience with (or similar) tools – Appscan, Fortify, Veracode, Burp Suite, Metasploit, OWASP.
7 years Full stack experience with an understanding of web servers, application servers, databases – SQL or No SQL, Distributed messaging frameworks and various network protocols.
5 years ability to understand, review, and recommend corrections related to vulnerability scans and penetration tests.
5 years ability to provide feedback to development teams by performing vulnerability assessments and security assessments.
Working knowledge of MS Windows Product Suite (MS-Project, MS-Visio, MS-Excel, MS-PowerPoint, and MS-Word).
Additional Knowledge & Skills
Healthcare background a plus.
Experience working in a CI/CD environment is desired
Very strong troubleshooting, debugging and analysis skills.
Familiarity with Risk Based testing concepts
Strong understanding of OO concepts and data structures
Experience testing software for: Confidentiality, Integrity, Authentication, Authorization, Availability, and Non-repudiation.
Troubleshooting and diagnosing application faults.
Familiarity with SAFE Agile, UML, Object Oriented Programming (OOP) and XML
ISTQB or CompTIA Security Certification highly desired
Certification in Software testing or IT Security is highly desired.
Education and Training
4-year degree in computer science or related field or equivalent experience
Candidate is expected to work in General office environment. Occasional travel may be required. Candidate may be asked to work overtime occasionally. They must be flexible for various project assignments whenever needed.
General office demands.
Job Family Title: Quality Assurance Analyst 4
Grade: 505Job Family Title: Quality Assurance Analyst 4
Organization: McKesson Specialty Health
Title: Software Security Specialist (SOAP, REST, CI/CD, SAFE Agile)
Requisition ID: 18006072