Cyber Threat Detection & Response Analyst
McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve – we care.
What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow’s health today, we want to hear from you.
Cyber Threat Detection & Response Analyst Location: Richmond, VA, USA - 9954 Mayland Drive (on-site) The Opportunity The Cybersecurity Threat Detection & Response (TDR) Analyst is responsible for implementing and supporting detection engineering and response enablement solutions.
Working under the direction of senior engineers and in partnership with the SOC/CSIRT, this role helps onboard and normalize logs, build and tune detection rules, support alert triage and incident response, and maintain the health and performance of detection platforms (e.g., SIEM, EDR/XDR, SOAR).
The TDR Analyst takes initiative to assist in planning and execution, performs assigned engineering tasks within defined scope and guidance, and follows established security policies, standards, and standard operating procedures. The engineer leverages internal and external research tools to understand threats and detections, documents work performed (use cases, runbooks, change records), and escalates risks or issues appropriately to support timely response and remediation.
Key Responsibilities Implement and maintain log/telemetry collection for security monitoring (endpoints, network devices, cloud services, identity systems, and applications) following documented standards and change-management procedures. Support SIEM and related detection platforms by onboarding data sources, validating parsing/normalization, maintaining data integrity, and monitoring platform health and capacity.
Create, implement, and tune detection rules and alerts (SIEM/EDR/XDR) to improve fidelity and reduce noise; document logic, assumptions, and expected outcomes. Support alert triage and incident response by collecting logs/evidence, assisting with containment/eradication tasks, and coordinating engineering fixes (e.g., telemetry gaps, detection improvements) as directed.
Assist with automation and orchestration use cases (SOAR/playbooks) to streamline repetitive response tasks; test and validate playbook changes in partnership with SOC/IR. Develop and execute test plans for detections and response workflows (use-case testing, regression checks); identify gaps and recommend enhancements to improve coverage and reliability.
Work with security operations, infrastructure, and application teams to resolve telemetry issues, implement secure logging configurations, and support remediation of security findings. Stay current on threats and attacker techniques; leverage research tools and frameworks (e.g., MITRE ATT&CK fundamentals) to help map detections to common tactics and techniques.
Perform other duties as assigned. Minimum Requirements Degree or equivalent and typically requires 4+ years of relevant experience Skills and Qualifications 4+ years of experience in cybersecurity and/or IT operations with exposure to security monitoring, detection engineering, incident response, or SOC-supporting engineering (internship/co-op experience Experience supporting or implementing monitoring/detection tooling such as SIEM, EDR, IDS/IPS, logging agents/collectors, or vulnerability scanners; ability to validate data collection and basic alert behavior.
Ability to follow change management processes, document work, and meet SLA expectations for assigned tasks, tickets, and detection tuning requests. Demonstrated willingness to learn threat concepts, detection engineering practices, and internal tooling; participates in training, tabletop exercises, and continuous improvement activities.
Working knowledge of security monitoring technologies such as SIEM, EDR/XDR, IDS/IPS, firewalls, and threat intelligence feeds; familiarity with ticketing/case management workflows. Experience onboarding or supporting log sources and telemetry pipelines (e.g., Windows/Linux logs, network device logs, cloud logs) including basic parsing/normalization concepts.
Ability to follow runbooks and documented procedures, troubleshoot collection/detection issues, and document changes clearly (use cases, tickets, runbooks, change records). Foundational understanding of incident response concepts and security telemetry triage; ability to support investigations by gathering evidence and coordinating with SOC/IR teams.
Strong collaboration and communication skills; able to escalate issues appropriately and work effectively with diverse teams, including SOC analysts, incident responders, and infrastructure/application owners. Track record of acting with integrity, being curious and adaptable, and continuously improving technical skills; familiarity with basic adversary concepts (e.g., MITRE ATT&CK, kill chain fundamentals) is a plus.
Familiarity with one or more cloud platforms (AWS, Azure, or GCP) and cloud logging/monitoring concepts (IAM signals, audit logs, flow logs, and service logs). Basic scripting or automation skills (e.g., Python, PowerShell, Bash) and willingness to learn query languages used for detections (e.g., SPL/KQL or equivalent, depending on platform).
Working knowledge of Windows and Linux logging and troubleshooting fundamentals (processes, authentication events, network connections) to support investigations. Familiarity with security frameworks and standards (e.g., NIST, CIS Benchmarks) and the importance of adhering to security policies and standard operating procedures.
Highly organized with the ability to manage multiple tasks, meet SLA expectations, and document work for operational continuity. Ability to participate in on-call or after-hours incident support as needed, and to collaborate calmly during high-severity events.
Education Requirements Bachelor’s degree in computer science, information security/assurance, MIS, engineering, or related field; or equivalent practical experience. Certification Requirements Preferred (not required): Security+, SSCP, or equivalent foundational security certification.
TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus. About Medical-Surgical McKesson Medical-Surgical (MMS) is a subsidiary and publicly reported segment of the McKesson Corporation.
MMS distributes medical-surgical supplies, pharmaceuticals, diagnostic equipment and supplies, along with other solutions and services to virtually every type of healthcare setting and provider outside of the traditional hospital. These markets – often referred to as Alternate Care or Non-Acute Care – include physician offices, surgery centers, long-term care providers, laboratories, home health and hospice agencies, health systems, government facilities and online marketplaces and retailers.
Alternate Care markets are growing rapidly and MMS is proud to be a leader in this space. With a team of approximately 8,000 employees, a network of 15 distribution centers and approximately 900 delivery vehicles, we partner with more than 2,200 leading manufacturers and serve over 200,000 customer accounts across the U.S.
Our catalog includes more than 280,000 SKUs of branded and private-label medical-surgical products – from bandages to specialty pharmaceuticals and COVID-19 tests. Looking Ahead : A New Chapter for MMS McKesson has announced its intent to separate MMS into an independent company – an exciting evolution that builds on MMS’s strong foundation and proven leadership in the Alternate Care space.
As a standalone company, MMS would be positioned to unlock new opportunities to innovate, grow and lead with even greater agility and focus. We will also continue to be one of the largest medical-surgical distributors in the U.S., with over $11B in annual sales.
This separation would accelerate our mission and empower us to shape a future defined by customer-centricity, bold thinking and operational excellence. For job seekers, it’s a unique moment to join a team that’s already making a meaningful impact and leading the way in shaping the future of healthcare delivery in Alternate Care settings – with even greater opportunity ahead as we prepare to become an independent company.
Career Level - P3 We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets.
The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered.
For more information regarding benefits at McKesson, please click here. Our Base Pay Range for this position $98,900 - $164,900 McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson’s (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages.
In light of these scams, please bear the following in mind: McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application. McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail.
Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates. McKesson job postings are posted on our career site: careers.mckesson.com . McKesson is an Equal Opportunity Employer McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category.
For additional information on McKesson’s full Equal Employment Opportunity policies, visit our Equal Employment Opportunity page. McKesson is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including job seekers with disabilities.
If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to (United States) Disability_Accommodation@McKesson.com or (Canada) Accessibility@mckesson.ca . Resumes or CVs submitted to this email box will not be accepted.
Join us at McKesson!