Cyber Threat Intelligence Analyst

McKesson   •  

Scottsdale, AZ

8 - 10 years

Posted 251 days ago

This job is no longer available.



McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.

Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.

We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.

Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.



Current Need


We are recruiting for a Cyber Threat Intelligence Analyst to join our team!  This is an exciting opportunity to be located in our Alpharetta, GA or Scottsdale, AZ.




Position Description




The Cyber Threat Intelligence (CTI) Analyst will require a solid understanding of the global information security threat landscape and potential impact to global enterprise functions as well as a deep knowledge of the business units and can interface with risk leaders, business partners, and industry alliances to improve the security posture of the enterprise and enhance monitoring activities.


Threat Intelligence Operational Activities


  • Assist and Provide all Active Defense Analysts in triage, identification, and analysis of threat events for escalation to potential security incidents, escalating security incidents to Security Incident Management team and providing Security Response support as needed

  • Provide actionable intelligence to iSOC Security Analysts, Threat and Vulnerability Management, Global Physical Security, Global Business Units, and Industry Partners on Cyber Security related matters.

  • Collaborate with SOC Analysts, Security Engineering, and Security Architecture, Threat and Provide documentation to maintain, develop and create runbooks and SOPs for CTI and iSOC

  • Analyze malicious traffic and IOCs hits for attributing to threat actors

  • Research, analyze, and provide reports on attacker campaigns as required


Cyber Threat Intelligence Analyst Key Job Functions

  • Analyst will utilize, administrate, and maintain the CTI data repository for storing of IOCs for identifying campaigns and attributing to threat actors.

  • Analyst will be responsible for researching and tracking attack vectors, attacker analysis and profiling, attacker attribution and campaigns. Analyst may be utilized to discover and identify exposed credentials on the dark/deep web, current utilized CVEs or vulnerable systems, applications and/or configurations that would could be used to compromise or breach a system as well as hunting suspicious or malicious actors within the environment and exposing them.

  • Analyst will contribute as a member of the incident response team and provide research for incidents as well as Requests for Information (RFIs) as they come in from various sources including responding to the office of the CISO.

  • Analyst must track the latest security information pertaining to Cyber Security Technologies.

  • Analyst may be asked to perform product evaluations and recommendations such as selecting security products and services to implement, and applying products based on industry best-practices or procedures.

  • Analyst may provide security consulting and developmental assistance of general & customized security configurations for the integration of business units and external customers.

  • Analyst develops, documents, and presents general and technical presentations on security threats to business units and Information Security Risk Management personnel

  • Analyst will analyze metrics and recommend steps to improve the overall security posture of the Corporation and the underlying BUs. The Cyber Threat Intelligence Analyst may need to present the analysis to the TVM, GSOC, BISOs, upper management, or industry partners.

  • Analyst may conduct forensic level analysis for malware/threats on memory, systems, and applications supporting the Active Defense Analysts and providing recommendations of next step actions and/or procedural changes.

  • Analyst will provide mentorship to lower level analyst

  • Analyst will collect threat intelligence knowledge by engaging with Industry Partners, Deep Web research, Security Gatherings/Conferences and research for identifying IOCs and IOAs as well as information about attributed threat actors that allow for making proactive suggestions to the global organization



  Minimum Requirements
Typically has 7+ years relevant experience. Critical Skills

  • 2+ years of experience performing cyber threat intelligence analysis, profiling attacks, and attributing attacks to specific campaigns and threat actors utilizing the Diamond Model and Kill Chain.

  • Experience implementing and using a CTI data repository for storing historical IOCs about attacks for attribution to campaigns and specific threat actors.

  • Experience using Threat Intelligence Gateways (TIGs)

  • Experience in writing Cyber Threat Intelligence reports.

  • Utilization and knowledge of the Diamond Model and Kill Chain for attributing attacks to threat actors and campaigns

  • Understanding of Tactics, Techniques, and Procedures (TTPs) utilized by threat actors in campaigns

  • Knowledge and use of MISP, Maltigo, OSINT techniques

  • Ability to productize Cyber Threat Intelligence into non-biased reports for consumption

  • Ability to validate threat feeds into high confidence alerts/reports and integrate that into existing or new tool sets

  • Experience setting up Cyber Threat Intelligence repository for historical IOC and attacks analysis 

Additional Knowledge & Skills

  • Experience in automating cyber threat intelligence into security monitoring toolsets.

  • Experience in writing IOCs, STIX/TAXXI, and YARA rules.

  • Experience identifying Tactics, Techniques and Procedures (TTPs) of attackers and attributing those TTPs to campaigns and specific threat actors.

  • Exposure to Cyber Threat Intelligence at the Strategic, Operational, and Tactical levels

  • Ability to create and share IOCs, write YARA rules, and utilize STIX/TAXII for operationalization

  • Ability to automate common tasks and create run-books for iSOC analysts supporting CTI

  • Experience and familiarization with HUMINT, SIGINT, GEOINT, OSINT, Deep/Dark Web, MASINT, MILINT, and IMINT

4-year degree in computer science or related field or equivalent experience

Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.