Cybersecurity Automation Lead

McKesson is an impact-driven, Fortune 10 company that touches virtually every aspect of healthcare. We are known for delivering insights, products, and services that make quality care more accessible and affordable. Here, we focus on the health, happiness, and well-being of you and those we serve - we care.

What you do at McKesson matters. We foster a culture where you can grow, make an impact, and are empowered to bring new ideas. Together, we thrive as we shape the future of health for patients, our communities, and our people. If you want to be part of tomorrow's health today, we want to hear from you.

Job Title

Lead Automation Engineer

Summary

We are seeking a Lead Automation Engineer (P5) to design, deliver, and scale automation that powers our cybersecurity platforms and operations. You will own the automation strategy and execution across SIEM, SOAR, endpoint, vulnerability, and cloud-security workflows-eliminating manual toil, standardizing deployments, and embedding reliability into the way we operate.

Location note: this is a remote role within 50km of Mississagua Ontario or St Laurent Quebec, or Calgary, AB, or Vancouver, BC

What You'll Do

• Own the automation roadmap aligned to platform runbooks and quarterly objectives; prioritize high-value use cases that reduce manual effort and improve speed/quality.
• Design, implement, and maintain Python-based playbooks, micro-services, and scripts for enrichment, decisioning, remediation, and evidence collection.
• Deliver self-service capabilities (CLI/ChatOps/UI) that enable platform teams and SOC/IR to perform standardized actions safely and repeatedly.
• Build robust API integrations between security tools and enterprise systems (e.g., SIEM/SOAR, endpoint, vulnerability scanners, ticketing/ServiceNow, CMDB, identity, cloud services).
• Implement CI/CD workflows (GitHub Actions/Azure DevOps/GitLab CI), environment promotion, secrets management, and rollback safety for automation code.
• Add observability to automation (structured logging, metrics, traces, alerts); track playbook success/failure, latency, and error budgets.
• Act as technical lead for automation initiatives; mentor engineers on Python, integration patterns, and CI/CD.
• Partner closely with SOC/IR, Platform Ops, Cloud/Infra, and GRC to align automation to operational, resilience, and compliance needs.

What You Bring

• Expert-level Python (designing maintainable packages/services, async patterns where useful, testing, packaging, dependency management).
• Practical experience building API integrations (REST/GraphQL), handling auth flows (OAuth2, JWT), and working with JSON/structured logs.
• Demonstrated DevOps capability: CI/CD pipelines, artifact versioning, release orchestration, and basic container familiarity (Docker).
• Hands-on with at least two security/platform domains (e.g., SIEM/SOAR, endpoint/EDR, vulnerability management, email/data security, cloud security).
• Strong communication skills and a track record of shipping reliable automation that measurably improves operations.

Minimum Requirements

• Degree or equivalent and typically requires 10+ years of relevant experience. Less years required if has relevant Master's or Doctorate qualifications.

Preferable Skills & Experience

• Experience with Terraform or Ansible for provisioning/configuration.
• Familiarity with event-driven patterns (webhooks, message queues) and serverless runtimes.
• Experience optimizing cost/throughput for data pipelines or security platform ingestion.
• Comfort with basic front-end for internal self-service tools (e.g., lightweight UIs, ChatOps).

What Success Would Look Like

• Toil reduction and time-to-complete improvements for automated workflows.
• Playbook success rate, latency, and reduction in manual escalations.
• Coverage of automation across priority platforms (e.g., % alerts triaged/enriched automatically, % standard changes automated).
• Deployment reliability (pipeline success, rollback readiness, change-related incident reduction).
• Quality and completeness of audit-ready evidence produced automatically by automation jobs.

Tools & Environment

• Language: Python (primary)
• DevOps: GitHub/GitHub Actions or Azure DevOps; container builds; secrets management (e.g., Key Vault/Secrets Manager)
• Integrations: REST/GraphQL APIs, ServiceNow/CMDB, identity platforms, cloud provider SDKs
• Security platforms: SIEM/SOAR (e.g., Splunk, Cortex XSIAM/XSOAR), EDR (e.g., SentinelOne/Defender), Vulnerability Mgmt (e.g., Rapid7/Tenable), Email/Data Security (e.g., MDO/Proofpoint)
• Nice-to-have: Terraform/Ansible, message queues (Event Hub/Kafka/SQS), simple UI/ChatOps front-ends

______________________________________________________________________________________________________________________

Intitul du poste

Ingnieur/e principal en automatisation

Rsum

Nous recherchons un/e Ingnieur/e principal en automatisation (P5) pour concevoir, livrer et faire voluer des automatisations qui alimentent nos plateformes et oprations de cyberscurit. Vous serez responsable de la stratgie et de l'excution de l'automatisation travers les flux SIEM, SOAR, endpoints, gestion des vulnrabilits et scurit cloud - en liminant les tches manuelles, en standardisant les dploiements et en intgrant la fiabilit dans nos oprations.

Note:

Poste distance, mais le candidat doit rsider dans un rayon de 50 km de l'une des localisations suivantes : Mississauga, Ontario, Saint-Laurent, Qubec, Calgary, Alberta, Vancouver, Colombie-Britannique

Ce que vous ferez

• Dfinir et piloter la feuille de route d'automatisation aligne sur les runbooks des plateformes et les objectifs trimestriels ; prioriser les cas d'usage forte valeur ajoute qui rduisent l'effort manuel et amliorent la rapidit/la qualit.
• Concevoir, implmenter et maintenir des playbooks, micro-services et scripts en Python pour l'enrichissement, la prise de dcision, la remdiation et la collecte de preuves.
• Fournir des capacits en libre-service (CLI/ChatOps/UI) permettant aux quipes plateformes et SOC/IR d'excuter des actions standardises de manire sre et rpte.
• Dvelopper des intgrations API robustes entre les outils de scurit et les systmes d'entreprise (ex. SIEM/SOAR, endpoints, scanners de vulnrabilits, ServiceNow/tickets, CMDB, identit, services cloud).
• Mettre en ?uvre des workflows CI/CD (GitHub Actions/Azure DevOps/GitLab CI), la promotion des environnements, la gestion des secrets et la scurit des rollback pour le code d'automatisation.
• Ajouter de l'observabilit l'automatisation (logs structurs, mtriques, traces, alertes) ; suivre le succs/chec des playbooks, la latence et les budgets d'erreurs.
• Agir en tant que leader technique pour les initiatives d'automatisation ; encadrer les ingnieurs sur Python, les modles d'intgration et le CI/CD.
• Collaborer troitement avec SOC/IR, Ops plateformes, Cloud/Infra et GRC pour aligner l'automatisation sur les besoins oprationnels, de rsilience et de conformit.

Ce que vous apportez

• Expertise avance en Python (conception de packages/services maintenables, modles asynchrones, tests, packaging, gestion des dpendances).
• Exprience pratique dans la cration d'intgrations API (REST/GraphQL), la gestion des flux d'authentification (OAuth2, JWT) et la manipulation de JSON/logs structurs.
• Comptences dmontres en DevOps : pipelines CI/CD, versioning des artefacts, orchestration des releases et familiarit avec les conteneurs (Docker).
• Exprience pratique dans au moins deux domaines scurit/plateformes (ex. SIEM/SOAR, endpoint/EDR, gestion des vulnrabilits, scurit email/donnes, scurit cloud).
• Excellentes comptences en communication et historique de livraisons fiables d'automatisations amliorant les oprations de manire mesurable.

Exigences minimales

Diplme ou quivalent et gnralement 10+ annes d'exprience pertinente. Moins d'annes requises si titulaire d'un Master ou Doctorat pertinent.
Comptences et expriences souhaites

• Exprience avec Terraform ou Ansible pour le provisioning/la configuration.
• Familiarit avec les modles vnementiels (webhooks, files de messages) et les environnements serverless.
• Exprience dans l'optimisation des cots/dbits pour les pipelines de donnes ou l'ingestion des plateformes de scurit.
• Aisance avec le dveloppement front-end basique pour des outils internes en libre-service (ex. interfaces lgres, ChatOps).

Indicateur de succs

• Rduction des tches manuelles et amlioration des dlais d'excution pour les workflows automatiss.
• Taux de succs des playbooks, latence et rduction des escalades manuelles.
• Couverture de l'automatisation sur les plateformes prioritaires (ex. % d'alertes tries/enrichies automatiquement, % de changements standard automatiss).
• Fiabilit des dploiements (succs des pipelines, prparation des rollback, rduction des incidents lis aux changements).
• Qualit et exhaustivit des preuves prtes pour audit gnres automatiquement par les jobs d'automatisation.

Outils et environnement

• Langage : Python (principal)
• DevOps : GitHub/GitHub Actions ou Azure DevOps ; builds de conteneurs ; gestion des secrets (ex. Key Vault/Secrets Manager)
• Intgrations : APIs REST/GraphQL, ServiceNow/CMDB, plateformes d'identit, SDKs des fournisseurs cloud
• Plateformes de scurit : SIEM/SOAR (ex. Splunk, Cortex XSIAM/XSOAR), EDR (ex. SentinelOne/Defender), gestion des vulnrabilits (ex. Rapid7/Tenable), scurit email/donnes (ex. MDO/Proofpoint)
• Nice-to-have : Terraform/Ansible, files de messages (Event Hub/Kafka/SQS), front-ends simples UI/ChatOps

We are proud to offer a competitive compensation package at McKesson as part of our Total Rewards. This is determined by several factors, including performance, experience and skills, equity, regular job market evaluations, and geographical markets. The pay range shown below is aligned with McKesson's pay philosophy, and pay will always be compliant with any applicable regulations. In addition to base pay, other compensation, such as an annual bonus or long-term incentive opportunities may be offered. For more information regarding benefits at McKesson, please

Our Base Pay Range for this position

$113,500 - $189,100

McKesson has become aware of online recruiting-related scams in which individuals who are not affiliated with or authorized by McKesson are using McKesson's (or affiliated entities, like CoverMyMeds or RxCrossroads) name in fraudulent emails, job postings or social media messages. In light of these scams, please bear the following in mind:

McKesson Talent Advisors will never solicit money or credit card information in connection with a McKesson job application.

McKesson Talent Advisors do not communicate with candidates via online chatrooms or using email accounts such as Gmail or Hotmail. Note that McKesson does rely on a virtual assistant (Gia) for certain recruiting-related communications with candidates.

McKesson job postings are posted on our career site: .

McKesson is an Equal Opportunity Employer

McKesson provides equal employment opportunities to applicants and employees, without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, genetic information, or any other legally protected category. For additional information on McKesson's full Equal Employment Opportunity policies, visit our page.

Join us at McKesson!