CVS Health Digital is looking for a full stack security engineer who is passionate about designing and building secure platforms and applications. The ideal candidate will feel comfortable working with both front-end and back-end application developers, as well as in building, automating and securing on-premise as well as cloud based applications, preferably on the Google Cloud Platform(GCP).
The selected candidate will be working with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, this candidate will help lead efforts to implement security patterns and practices with orchestration and automation tools that automate the secure configuration, verification, compliance and authorization of systems. They will be a key member of a team tasked with maturing the organization's software development and security practices.
• 7 - 10 years of previous related experience.
•Experience implementing utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP Top 10, SANS, CERT, CWE Top 25, Critical Security Controls, Cloud Security Alliance, SafeCode etc.)
• Experience working with Agile methodology and phase-based delivery methods.
• Hands on experience with both compiled and interpreted languages such as Angular, React, Node.js, Java, Spring Boot, IBM WebSphere App server, Oracle JBoss, .NET stacks
• Knowledge of and experience with networking, infrastructure, secure application development and security automation (DevSecOps).
• Hands on knowledge building and deploying secure complex distributed web and mobile applications.
• Passionate about following best practices, including testing, security, and configuration management.
• Experience working with Security Compliance Frameworks (ISO 27001, NIST, PCI-DSS, HIPAA, Sarbanes-Oxley, SSAE16, SOC2)
• Experience with working with SAST and DAST tools like Data Theorem, Checkmarx, Nexus IQ, Veracode and or Qualys Web Application Scans
• Work collaboratively in a fast-moving, startup like setting.
• Provide guidance to the respective application teams on how to remediate Pen Test, DAST, SAST Web Application and Mobile Application scan findings
• Automate security validation testing against on-premise and cloud based platforms
• Work with Global Security office to translate traditional data center security controls and guidelines into cloud centric controls.
• Follow and instruct others on version control processes.
• Develop solutions to strengthen the security in and around applications.
• Analyze industry specific requirements/technologies and provide insight.
• Work with appropriate parties to raise issues and work toward resolution.
• Experience with both front and backend software development.
• Experience with Continuous Integration / Continuous Deployment strategies and tools.
• Experience with cloud infrastructure and services such as Google Cloud Platform, Amazon Web Services (AWS) and/or Microsoft Azure
• Experience with Docker/Kubernetes and micro-services architecture.
• Experience applying application and service security patterns and practices.
• Experience utilizing Security testing tools (scanners, static and dynamic code analysis)
• Familiarity with Unix, Linux and Windows operating systems and application platforms.
• Excellent interpersonal and communication skills.
• Logical approach and excellent problem-solving skills.
• Eagerness to learn new technologies.
• Must be able to work well both in a team environment and independently.
• Must possess exceptional attention to detail.
• Comfort transferring previous development experience to new technologies as they mature
• BS in Computer Science or equivalent years of experience
At CVS Health, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.
We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, sex/gender, sexual orientation, gender identity or expression, age, disability or protected veteran status or on any other basis or characteristic prohibited by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.
Apply on company website