AppSec Jobs
← Back to all jobs

McKesson

Lead DevSecOps Engineer

Irving, TXWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About McKesson

McKesson Corporation is a global leader in healthcare services, founded in 1833. Originally a pharmaceutical wholesaler in New York City, it has grown into one of the largest pharmaceutical distributors in the U.S. The company is headquartered in Irving, Texas, and ranks among the top Fortune 500 companies. McKesson has a long history of supply chain innovation, including the distribution of over 370 million COVID-19 vaccine doses. The company operates across several key segments, providing comprehensive healthcare solutions. Its North American Pharmaceutical segment distributes a wide range of pharmaceuticals and medical products to various healthcare providers. McKesson also focuses on oncology care through its specialized services and technology. Additionally, it supplies medical-surgical products and offers advanced prescription technology solutions, including digital patient access and automated pharmacy systems. With subsidiaries in Canada and Europe, McKesson serves a diverse clientele, including pharmacies, hospitals, and government facilities.

Industry

hospital & health care

Employees

44,000

1554 engineers

Revenue

$359B

Website

Visit →

Security at McKesson

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • McKesson's AppSec philosophy centers on a mission where leadership guides technology initiatives and cybersecurity strategy.
  • The company emphasizes developer enablement over strict gatekeeping, asserting that security is a shared responsibility between developers and the security team.
  • Currently, the cybersecurity team is described as undergoing a transformation.

Security Team

  • The AppSec team is part of the broader technology and cybersecurity organization led by Francisco Fraga (EVP, CIO, and CTO) and Michael McNeil (SVP and Global CISO).
  • The developer organization consists of over 400 individuals.
  • Recent hiring includes a Lead DevSecOps Engineer focused on GitHub Advanced Security, CodeQL, and CI/CD automation using Python and Bash.

Key Initiatives

  • McKesson's 'Shift Left' practices include the integration of SonarQube to analyze pull requests for code quality and security, and the use of Terraform annotations directly on pull requests.
  • Their vulnerability management process utilizes automated security updates that send alerts and open pull requests with recommended updates when vulnerabilities are identified.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.