McKesson - Richmond, VA

posted about 1 month ago

Full-time - Senior
Richmond, VA
Merchant Wholesalers, Nondurable Goods

About the position

The Red Team Lead is a critical role in our offensive security team, driving advanced security testing and adversarial simulations to safeguard McKesson against emerging cyber threats. This position requires a blend of deep technical expertise, strategic vision, and leadership to enhance the organization's security posture. The Red Team Lead will implement strategic plans and foster a culture of continuous improvement in security practices. The successful candidate will have a robust understanding of applications, networks, operating systems, and offensive techniques, and will actively collaborate with cross-functional teams to enhance security efforts and mentor team members.

Responsibilities

  • Lead and execute complex red team engagements to simulate cyber-attacks on the organization's infrastructure, applications, and data.
  • Translate high-level security objectives into actionable offensive security strategies and tactical plans.
  • Develop, document, and implement comprehensive methodologies to identify and report vulnerabilities across all McKesson environments.
  • Produce clear, detailed reports that articulate findings, vulnerabilities, and recommended actions to both technical and non-technical stakeholders.
  • Recommend actionable remediation strategies to mitigate identified vulnerabilities and improve the overall security posture.
  • Lead purple team exercises to integrate red and blue team activities, enhancing overall security effectiveness.
  • Foster a collaborative environment, promote knowledge sharing, and mentor team members to build a strong, skilled security team.
  • Stay current with emerging threats, tools, and techniques in the security industry, continuously innovating to maintain and enhance McKesson's security posture.
  • Partner with incident response and other technology groups to strengthen defenses through informed remediation strategies.
  • Champion an environment of collaboration, open communication, and knowledge sharing, ensuring continuous skill development for both peers and junior team members.
  • Embody McKesson's core values of iLead and iCare by demonstrating integrity, accountability, empathy, and leadership in all security operations.

Requirements

  • 8+ years of experience in Red Teaming, Purple Teaming, Penetration Testing, or offensive tool development; or master's degree in computer science / engineering or related cyber field, and 6-8+ years of progressive experience in offensive security, or a combination of academic and hands-on experience.
  • Hands-on keys experience with Red Team engagements, including planning, execution, and leadership.
  • Deep knowledge of Red Teaming Methodology, including Recon, Exploitation, Persistence, Lateral Movement, Post Exploitation, and Exfiltration.

Nice-to-haves

  • Advanced understanding of Windows or Unix based operating system internals.
  • Working knowledge of cloud platforms (AWS, Azure, GCP), collaboration suites (O365, Google Workspace), and container technologies (Kubernetes, Docker).
  • Demonstrated expertise in social engineering and phishing/vishing pretext development, with an understanding of email security technologies and countermeasures.
  • Experience conducting physical penetration testing engagements, including covert entry skills, bypassing access controls (e.g., lock-picking, RFID hacking) and alarm systems.
  • Experience in threat modelling, threat intelligence, or incident response.
  • Contributions to public research, technical white papers, or open-source security tools.

Benefits

  • Competitive compensation package including base pay and potential bonuses.
  • Annual bonus or long-term incentive opportunities may be offered.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service