McKesson

Cyber Threat Detection & Response Analyst

McKesson$98K — $164K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4+ years in cybersecurity or IT operations with focus on security monitoring and incident response.
  • Experience with SIEM, EDR, and other detection tools; data collection validation skills required.
  • Ability to document processes and follow change management protocols.
  • Strong willingness to learn and participate in ongoing security improvement activities.
  • Familiarity with security technologies and workflows, including ticket management and cloud environments.

Responsibilities

  • Implement and maintain telemetry collection for security monitoring across diverse systems.
  • Support SIEM platforms by onboarding data sources and ensuring data integrity.
  • Create and tune detection rules to enhance alert accuracy and minimize false positives.
  • Assist in alert triage and incident response by gathering evidence and executing containment tasks.
  • Automate response tasks using SOAR tools to improve workflow efficiency.
  • Develop and execute test plans for detection accuracy and incident response processes.
  • Collaborate with various teams to resolve telemetry issues and enhance logging configurations.

Benefits

  • Comprehensive health, dental, and vision insurance options.
  • 401(k) retirement plan with company match.
  • Paid time off and holiday pay to support work-life balance.
  • Employee discounts and wellness programs.
  • Opportunities for professional development and certification support.
Full Job Description
Cyber Threat Detection & Response Analyst

Location: Richmond, VA, USA - 9954 Mayland Drive (on-site)

The Opportunity

The Cybersecurity Threat Detection & Response (TDR) Analyst is responsible for implementing and supporting detection engineering and response enablement solutions. Working under the direction of senior engineers and in partnership with the SOC/CSIRT, this role helps onboard and normalize logs, build and tune detection rules, support alert triage and incident response, and maintain the health and performance of detection platforms (e.g., SIEM, EDR/XDR, SOAR).

The TDR Analyst takes initiative to assist in planning and execution, performs assigned engineering tasks within defined scope and guidance, and follows established security policies, standards, and standard operating procedures. The engineer leverages internal and external research tools to understand threats and detections, documents work performed (use cases, runbooks, change records), and escalates risks or issues appropriately to support timely response and remediation.

Key Responsibilities

  • Implement and maintain log/telemetry collection for security monitoring (endpoints, network devices, cloud services, identity systems, and applications) following documented standards and change-management procedures.
  • Support SIEM and related detection platforms by onboarding data sources, validating parsing/normalization, maintaining data integrity, and monitoring platform health and capacity.
  • Create, implement, and tune detection rules and alerts (SIEM/EDR/XDR) to improve fidelity and reduce noise; document logic, assumptions, and expected outcomes.
  • Support alert triage and incident response by collecting logs/evidence, assisting with containment/eradication tasks, and coordinating engineering fixes (e.g., telemetry gaps, detection improvements) as directed.
  • Assist with automation and orchestration use cases (SOAR/playbooks) to streamline repetitive response tasks; test and validate playbook changes in partnership with SOC/IR.
  • Develop and execute test plans for detections and response workflows (use-case testing, regression checks); identify gaps and recommend enhancements to improve coverage and reliability.
  • Work with security operations, infrastructure, and application teams to resolve telemetry issues, implement secure logging configurations, and support remediation of security findings.
  • Stay current on threats and attacker techniques; leverage research tools and frameworks (e.g., MITRE ATT&CK fundamentals) to help map detections to common tactics and techniques.
  • Perform other duties as assigned.


Minimum Requirements

  • Degree or equivalent and typically requires 4+ years of relevant experience


Skills and Qualifications

  • 4+ years of experience in cybersecurity and/or IT operations with exposure to security monitoring, detection engineering, incident response, or SOC-supporting engineering (internship/co-op experience
  • Experience supporting or implementing monitoring/detection tooling such as SIEM, EDR, IDS/IPS, logging agents/collectors, or vulnerability scanners; ability to validate data collection and basic alert behavior.
  • Ability to follow change management processes, document work, and meet SLA expectations for assigned tasks, tickets, and detection tuning requests.
  • Demonstrated willingness to learn threat concepts, detection engineering practices, and internal tooling; participates in training, tabletop exercises, and continuous improvement activities.
  • Working knowledge of security monitoring technologies such as SIEM, EDR/XDR, IDS/IPS, firewalls, and threat intelligence feeds; familiarity with ticketing/case management workflows.
  • Experience onboarding or supporting log sources and telemetry pipelines (e.g., Windows/Linux logs, network device logs, cloud logs) including basic parsing/normalization concepts.
  • Ability to follow runbooks and documented procedures, troubleshoot collection/detection issues, and document changes clearly (use cases, tickets, runbooks, change records).
  • Foundational understanding of incident response concepts and security telemetry triage; ability to support investigations by gathering evidence and coordinating with SOC/IR teams.
  • Strong collaboration and communication skills; able to escalate issues appropriately and work effectively with diverse teams, including SOC analysts, incident responders, and infrastructure/application owners.
  • Track record of acting with integrity, being curious and adaptable, and continuously improving technical skills; familiarity with basic adversary concepts (e.g., MITRE ATT&CK, kill chain fundamentals) is a plus.
  • Familiarity with one or more cloud platforms (AWS, Azure, or GCP) and cloud logging/monitoring concepts (IAM signals, audit logs, flow logs, and service logs).
  • Basic scripting or automation skills (e.g., Python, PowerShell, Bash) and willingness to learn query languages used for detections (e.g., SPL/KQL or equivalent, depending on platform).
  • Working knowledge of Windows and Linux logging and troubleshooting fundamentals (processes, authentication events, network connections) to support investigations.
  • Familiarity with security frameworks and standards (e.g., NIST, CIS Benchmarks) and the importance of adhering to security policies and standard operating procedures.
  • Highly organized with the ability to manage multiple tasks, meet SLA expectations, and document work for operational continuity.
  • Ability to participate in on-call or after-hours incident support as needed, and to collaborate calmly during high-severity events.


Education Requirements

  • Bachelor's degree in computer science, information security/assurance, MIS, engineering, or related field; or equivalent practical experience.


Certification Requirements

  • Preferred (not required): Security+, SSCP, or equivalent foundational security certification. TDR/SecOps certifications (a plus): Google Cloud Professional Cloud Security Engineer and/or Associate Cloud Engineer, Google Professional Cloud DevOps Engineer, and/or GIAC certifications (e.g., GSEC, GCIH) depending on role focus.


About Medical-Surgical

McKesson Medical-Surgical (MMS) is a subsidiary and publicly reported segment of the McKesson Corporation. MMS distributes medical-surgical supplies, pharmaceuticals, diagnostic equipment and supplies, along with other solutions and services to virtually every type of healthcare setting and provider outside of the traditional hospital. These markets - often referred to as Alternate Care or Non-Acute Care - include physician offices, surgery centers, long-term care providers, laboratories, home health and hospice agencies, health systems, government facilities and online marketplaces and retailers.

Alternate Care markets are growing rapidly and MMS is proud to be a leader in this space. With a team of approximately 8,000 employees, a network of 15 distribution centers and approximately 900 delivery vehicles, we partner with more than 2,200 leading manufacturers and serve over 200,000 customer accounts across the U.S. Our catalog includes more than 280,000 SKUs of branded and private-label medical-surgical products - from bandages to specialty pharmaceuticals and COVID-19 tests.

Looking Ahead : A New Chapter for MMS

McKesson has announced its intent to separate MMS into an independent company - an exciting evolution that builds on MMS's strong foundation and proven leadership in the Alternate Care space. As a standalone company, MMS would be positioned to unlock new opportunities to innovate, grow and lead with even greater agility and focus. We will also continue to be one of the largest medical-surgical distributors in the U.S., with over $11B in annual sales. This separation would accelerate our mission and empower us to shape a future defined by customer-centricity, bold thinking and operational excellence. For job seekers, it's a unique moment to join a team that's already making a meaningful impact and leading the way in shaping the future of healthcare delivery in Alternate Care settings - with even greater opportunity ahead as we prepare to become an independent company.

Career Level - P3

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please click here.

Our Base Pay Range for this position

$98,900 - $164,900

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson's (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: careers.mckesson.com.

About McKesson

McKesson Corporation provides medicines, pharmaceutical supplies, information and care management products and services across the healthcare industry. The Company operates in two segments. The McKesson Distribution Solutions segment delivers ethical drugs, medical-surgical supplies and equipment and health and beauty care products throughout North America. This segment also provides specialty pharmaceutical solutions for biotech and pharmaceutical manufacturers, sells financial, operational and clinical solutions for pharmacies (retail, hospital, long-term care) and provides consulting, outsourcing and other services. The McKesson Technology Solutions segment delivers enterprise-wide clinical, patient care, financial, supply chain, strategic management and software solutions. In July 2011, the Company acquired Portico Systems from Safeguard Scientifics, Inc. On March 25, 2012, it acquired the independent banner and franchise businesses of Katz Group Canada Inc. McKesson Distribution Solutions delivers pharmaceuticals to retail pharmacies and institutional providers like hospitals and health systems. They operate pharmaceutical distribution centers across the country, serving customers in all 50 states. They also deliver a comprehensive offering of health care products, technology, equipment and related services to the alternate site market, including physician offices, surgery centers, long-term care facilities and home care businesses across the country. McKesson is currently the largest pharmaceutical distributor in North America. McKesson also operates McKesson Canada and has an equity holding in Nadro, a leading distributor in Mexico.

McKesson Careers

Join McKesson, a leading global healthcare company, and be part of a team that is redefining the future of healthcare. With a variety of job opportunities available, McKesson is the perfect place to advance your career, whether you're a seasoned professional or just starting out. Work You’ll Do At McKesson, we are committed to improving care in every setting—one product, one partner, one patient at a time. We’re seeking talented professionals to join our team and contribute to a culture of innovation, diversity, and leadership. Our employees are driven by a deep sense of purpose and a desire for continuous growth and improvement. Empower Your Future in Healthcare With positions ranging from internships to leadership roles, McKesson offers unparalleled employment opportunities to develop your skills and advance your career. Our commitment to diversity training ensures that all team members have the opportunity to thrive. Join a team where your skills will be honed, your professional growth will be supported, and where you can genuinely see the difference you make in the lives of patients around the world. Innovative Work Environment McKesson is at the forefront of healthcare innovation. Our team is constantly exploring new ways to improve patient outcomes and streamline care processes. This commitment to innovation is what sets us apart and what makes McKesson an exciting place to work. Career Development and Benefits McKesson believes in nurturing the potential of its employees through robust career development programs and comprehensive benefits designed to support your life and well-being. From leadership training to health and wellness benefits, we ensure our team members are equipped to meet their professional and personal goals. Explore Job Opportunities Whether you’re looking for an internship to kickstart your career, or a senior position to utilize your extensive experience, McKesson offers a range of opportunities. Explore our open positions and find where you can make a difference at McKesson. Stay Connected Join Our Team Search for open positions that match your skills and interests. We are looking for passionate, curious, and solution-driven team players who are ready to take the next step in their careers. Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here. Networking and Professional Growth At McKesson, networking and professional growth are part of our everyday environment. We encourage our employees to connect, share, and learn from each other to foster personal and professional development. Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities that await you at McKesson. Join McKesson today and be part of a team that is dedicated to shaping the future of healthcare.
Learn more about McKesson
Size
58,000 employees
Market Cap
$53.7 billion
Industry
Net Income
-$4.1 billion
Founded
1833
5 Year Trend
+5.9%
Revenue
$237.6 billion
NASDAQ

Similar Jobs

More Jobs at McKesson

More Information Technology Jobs

Find similar Cyber Threat Detection & Response Analyst jobs: