Coordinated Vulnerability Disclosure Program Lead
Dallas, TX  / Fort Worth, TX 
Posted 14 days ago
Job Description

McKesson requires new employees to be fully vaccinated for COVID-19 as defined by the CDC, subject to applicable, verified accommodation requests.


  • Managing day-to-day triage of external vulnerability reports
  • Communicating with third-party researchers
  • Collaborating with McKesson's Application Security, Vulnerability Management and other teams for further vulnerability analysis
  • Collaborating with our Application Development teams to track vulnerability resolution
  • Collaborate on disclosures with McKesson's Communications, Legal and other relevant teams
  • Collaborate with Threat Intelligence and Incident Response teams as required.
  • Proactively identify and solve issues as well as quickly respond to researchers

Critical requirements:

  • 3-5 years of professional experience in coordinated vulnerability disclosure, vulnerability management, or incident response, or other related fields, with 10+ years for overall professional experience.
  • Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to other McKesson teams in an easy to understand format
  • Understanding of application security principles, best practices and common web security vulnerabilities
  • Familiarity with application security testing processes and tooling
  • Familiarity with and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of threat model.
  • Familiar with vulnerability disclosure programs, including report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between researchers and application teams.
  • Experience triaging external vulnerability reports.

Additional Qualifications:

  • Practical software development experience.
  • One or more or the following qualifications: CISSP (Certified Information Security Professional), GIAC Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN)

McKesson is an Equal Opportunity/Affirmative Action employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.Qualified applicants will not be disqualified from consideration for employment based upon criminal history.

McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to . Resumes or CVs submitted to this email box will not be accepted.

Current employees must apply through the internal career site.

Join us at McKesson!

McKesson is an equal opportunity and affirmative action employer - minorities/females/veterans/persons with disabilities.


Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Experience
3 to 5 years
Email this Job to Yourself or a Friend
Indicates required fields