McKesson

Senior Manager, Detection Engineering

McKesson

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $127,000 - $211,600 per year

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformPythonSplunk

About the role

  • McKesson’s looking for a strategic and hands-on Sr. Manager of Detection Engineering & Threat Hunting to lead a dynamic team of eight responsible for building detection content, enabling integration, automation, enrichment, and performance of alerts.
  • This role is pivotal in strengthening our threat visibility, reducing dwell time, and enhancing our overall security posture through collaboration with SOC, Incident Response, and Threat Intelligence teams.
  • Position Description/Responsibilities
  • Team Leadership: Mentor and manage a team of eight detection engineers and threat hunters, fostering a culture of innovation, accountability, and continuous improvement.
  • Operational Oversight: Manage team performance, hiring, workload distribution, and professional development.
  • Detection Lifecycle Management: create new rules, tune existing rules, and delete decayed rules logic using telemetry from EDR, SIEM, Cloud, Network, and Identity platforms.
  • Data Engineering Support: identify logging gaps to enable engineering teams to create more visibility, efficiency, and efficacy in our signals to optimize the success of our rules.
  • Detection-as-Code: Implement and maintain CI/CD pipelines for detection logic with robust testing and tuning practice to ensure consistency and version control.
  • Automation & Engineering: Align detection practices and CI/CD pipelines to enable SOC playbooks and automation to enable speed and repeatable actions.
  • Threat Hunting: Lead hypothesis-driven hunts using threat intelligence, behavioral anomalies, and emerging TTPs.
  • Purple Team Collaboration: Partner with Threat Intelligence, Incident Response, and Red Team to develop timely and relevant use-cases for purple teaming exercises.
  • Coverage Mapping: Continuously improve detection coverage mapping using MITRE ATT&CK and Kill Chain and other industry frameworks to enable to the team story to the Board.
  • Metrics & Reporting: Balance measuring detection operations, hunts, and projects with KPIs and milestones to measure and communicate maturity and impact.

Requirements

  • Bachelor’s degree or equivalent experience in Cybersecurity, Computer Science, Information Technology, or a related field.
  • Typically requires 10+ years of relevant experience in security operations, detection engineering, or threat hunting, including at least 2 years in a leadership or technical lead role.
  • Candidates with a Master’s or Doctorate degree in a related discipline may qualify with fewer years of experience
  • Required Qualifications
  • 7+ years in security operations, detection engineering, or threat hunting.
  • 2+ years in a leadership or technical lead role.
  • Strong understanding of attacker behavior, threat actor tactics
  • Hands-on experience with EDR, SIEM (e.g., Splunk, XSIAM, Elastic), and cloud-native logging platforms.
  • Proficiency in scripting (Python, PowerShell, etc.) for automation and detection logic.
  • Demonstrated success in conducting threat hunts and identifying incidents.
  • Ability to explain coverage in an existing framework (E.G. MITRE ATT&CK, Kill chain)
  • Excellent communication, leadership, and stakeholder engagement skills.