CVS HealthRemote
Senior DevSecOps Engineer - Mobile Applications
United States of America
Full Time
6 days ago
$83,000 - $222,000 USD
H1B Sponsor Likely
Key skills
JavaScriptPythonJavaC#C++CShellPowerShellBITableauPower BIBigQueryAWSAzureGCPKubernetesDockerJenkinsGitHub ActionsAzure DevOpsGrafanaGitHubSDLCCI/CDLeadershipSnykOWASPNetwork Security
About this role
CVS Health is dedicated to building a connected and compassionate health experience for individuals. They are seeking a Senior DevSecOps Engineer to lead security integration into the software development lifecycle, automate security processes, and collaborate with engineering teams to enforce security policies and practices.
Responsibilities:
- Develop and enforce engineering security policies and standards
- Develop and enforce data security policies and standards
- Drive security awareness across the organization
- Collaborate with Engineering and Business teams to develop secure engineering practices
- Serve as the Subject Matter Expert for Application Security
- Work with cross-functional teams to ensure security is considered throughout the software development lifecycle
- Design and implement automated workflows for security processes across CI/CD pipelines, reducing manual intervention and improving consistency
- Automate manual reporting tasks by building scripts, dashboards, and integrations that provide real-time visibility into security posture, vulnerability status, and compliance metrics
- Integrate security controls into CI/CD pipelines (e.g., automated scanning, policy enforcement, and remediation workflows) to ensure security gates are embedded in the development lifecycle
- Develop orchestration strategies for pipeline automation using tools like GitHub Actions, Jenkins, or Azure DevOps, ensuring security checks are triggered automatically during build and deployment phases
- Develop and maintain executive-level reporting dashboards using tools like Power BI, Tableau, or BigQuery to provide actionable insights to leadership
- Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data
- Lead security testing, vulnerability analysis, and documentation
- Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation)
- Develop incident response and recovery strategies
Requirements:
- 5+ years of experience in developing and deploying security technologies
- 5+ years with modern SDLC and CI/CD practices, emphasizing pipeline automation and security integration
- 3+ years remediating vulnerabilities from Static Analysis, Open-Source Scanning, Mobile Scanning (DataTheorem or similar platform), and API Scanning (Apiiro, Koi Security)
- 3+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code
- 3+ years of experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell
- 1+ year of experience building reports and dashboards using visualization tools (Power BI, Tableau, BigQuery, or similar)
- Proficiency in Public Cloud (AWS/Azure/GCP) & Network Security
- Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA)
- Strong technical expertise with Architecting Public Cloud solutions and processes
- Strong technical expertise with Networking and Software-Defined Networking (SDN) principles
- Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams
- Familiarity with OWASP Application Security Verification Standard
- Experience with direct, remote, and virtual teams
- Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA)
- Strong technical expertise with Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning security solutions for data warehouses and big data platforms, particularly with technologies like Snyk, Apiiro, Koi Security, jFrog Curation
- Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability
- Experience creating executive-level reporting and presenting security metrics to leadership
- Experience building automated reporting solutions using APIs, scripting, and visualization tools (e.g., Power BI, Grafana, or custom dashboards)
- Experience with pipeline orchestration tools and CI/CD automation frameworks to embed security gates and compliance checks