Job Description
The CVS Health Software Security Group is looking for a talented professional with a passion for improving the security and resiliency of applications and the Secure Development Lifecycle.
The Enterprise Information Security software security program facilitates early lifecycle detection of security defects and vulnerabilities supporting mitigation and remediation. The software security program covers every step of software delivery, continuously testing and monitoring application health metrics. This service enables development teams to shift security to the left in pipelines for on premise and cloud development.
As a member of the Software Security Group, you will review scan results from multiple industry leading security tools implemented across the SDLC. You will interact with application and engineering teams to provide education and intelligence on remediation and risk mitigation techniques. You will partner with Software Security Group subject matter experts across the team to support the goal of delivering high quality and resilient applications. Your efforts in this role will improve the security posture of the applications used by CVS Health's customers.
Candidates for this role will possess a technical background with experience programming and performing vulnerability management. Experience working as part of a team is critical.
Typical job functions will include:
- Review Static Analysis / SAST results to provide mitigation and remediation advice
- Support the evaluation of suspected false positives resulting from SAST scans
- Administer user access to the platform used to perform SAST scanning
- Provide engineering support for the SAST platform and its environment
- Review Application Container Scanning results to provide mitigation and remediation advice
- Communicate best practices for container security following industry guidance including NIST 800-190 and CIS benchmarks
- Facilitate education sessions with application teams addressing secure coding practices and testing techniques
- Support security assessments, audits, compliance requirements and remediation activities
Required Qualifications
3+ years of software development experience including:
Proficiency in Java or C#
Familiarity with languages including Java, C#, Python and JavaScript
Experience creating OCI compliant containers with platforms such as Docker
Familiarity with the OWASP Top 10
COVID Requirements
COVID-19 Vaccination Requirement
CVS Health requires certain colleagues to be fully vaccinated against COVID-19 (including any booster shots if required), where allowable under the law, unless they are approved for a reasonable accommodation based on disability, medical condition, religious belief, or other legally recognized reasons that prevents them from being vaccinated.
You are required to have received at least one COVID-19 shot prior to your first day of employment and to provide proof of your vaccination status or apply for a reasonable accommodation within the first 10 days of your employment. Please note that in some states and roles, you may be required to provide proof of full vaccination or an approved reasonable accommodation before you can begin to actively work.
Preferred Qualifications
Security+ Certification
Experience using security testing tools (SAST, SCA, DAST)
Familiarity with CWEs, CVEs and OWASP Projects
Experience using open source libraries from repositories such as Maven, NuGet and PyPI
Experience working in an Agile SCRUM (or SAFe) SDLC
Experience using source code management solutions including GitHub and GitLab
Experience using CI/CD tools including Jenkins and Octopus
Education
Bachelor's degree or equivalent experience
Business Overview
At CVS Health, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.
We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, sex/gender, sexual orientation, gender identity or expression, age, disability or protected veteran status or on any other basis or characteristic prohibited by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.