Senior DevSecOps Engineer, Mobile Applications

We're building a world of health around every individual - shaping a more connected, convenient and compassionate health experience. At CVS Health , you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger - helping to simplify health care one person, one family and one community at a time. Position Summary Who You Are: • A seasoned security leader with the ability to develop and review code when necessary, and with a deep understanding of foundational software-engineering paradigms-specifically the distinctions and appropriate use cases for objects (runtime instances), classes (architectural blueprints), and functions (discrete units of logic). • Strong passion and thorough understanding of what it takes to build and operate secure, reliable systems at scale. • Strong passion and technical expertise to automate security functions via code, including pipeline and workflow automation. • Strong technical expertise with Application, Cloud, Data, and Network Security best practices. • Strong technical expertise with multi-cloud environments, including container/serverless and other microservice architectures. • Strong technical expertise with older technology stacks, including mainframes and monolithic architectures. • Strong technical expertise with SDLC, CI/CD tools, Deployment Automation, and pipeline orchestration. • Strong technical expertise with operating security for Windows Server and Linux Server systems. • Strong technical expertise with configuration management, version control, and DevOps operational support. • Strong experience with implementing security measures for both applications and data, with an understanding of the unique security requirements of data warehouse technologies. • Experience with reporting and visualization tools such as Power BI, BigQuery, Tableau, or similar platforms. • Ability to create and deliver executive-level reporting and dashboards for leadership visibility. Role Responsibilities: Development & Enforcement • Develop and enforce engineering security policies and standards. • Develop and enforce data security policies and standards. • Drive security awareness across the organization. Collaboration & Expertise • Collaborate with Engineering and Business teams to develop secure engineering practices. • Serve as the Subject Matter Expert for Application Security. • Work with cross-functional teams to ensure security is considered throughout the software development lifecycle. Automation & Optimization • Design and implement automated workflows for security processes across CI/CD pipelines, reducing manual intervention and improving consistency. • Automate manual reporting tasks by building scripts, dashboards, and integrations that provide real-time visibility into security posture, vulnerability status, and compliance metrics. • Integrate security controls into CI/CD pipelines (e.g., automated scanning, policy enforcement, and remediation workflows) to ensure security gates are embedded in the development lifecycle. • Develop orchestration strategies for pipeline automation using tools like GitHub Actions, Jenkins, or Azure DevOps, ensuring security checks are triggered automatically during build and deployment phases. • Develop and maintain executive-level reporting dashboards using tools like Power BI, Tableau, or BigQuery to provide actionable insights to leadership. Analysis & Configuration • Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data. • Lead security testing, vulnerability analysis, and documentation. Operational Support • Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation). • Develop incident response and recovery strategies. Required Qualifications: • 5+ years of experience in developing and deploying security technologies. • 5+ years with modern SDLC and CI/CD practices, emphasizing pipeline automation and security integration. • 3+ years remediating vulnerabilities from Static Analysis, Open-Source Scanning, Mobile Scanning (DataTheorem or similar platform), and API Scanning (Apiiro, Koi Security). • 3+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code. • 3+ years of experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell. • 1+ year of experience building reports and dashboards using visualization tools (Power BI, Tableau, BigQuery, or similar). Preferred Qualifications: • Proficiency in Public Cloud (AWS/Azure/Google Cloud Platform) & Network Security. • Strong experience with implementing and managing data protection measures

Apply tot his job

Apply To this Job