The Senior Platform Security Engineer is someone who has the experience and is passionate about designing and building secure platforms and applications. The ideal candidate will feel comfortable working with both front-end and back-end environments, as well as building, automating and securing the cloud infrastructure and platforms that supports the services.
Professional experience with software and platform architecture, preferably with cloud service providers (AWS, GCP, Azure) with cloud native methodologies like distributed micro-services architecture.
Experience working with Security Compliance Frameworks (ISO 27001, NIST, PCI-DSS, HIPAA, Sarbanes-Oxley, SSAE16, SOC2)
Experience implementing/utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP, Critical Security Controls, Cloud Security Alliance, CERT, SANS, SafeCode, CWE Top 25, etc.)
Experience working with Agile methodology and phase-based delivery methods.
Hands on experience with both compiled and interpreted languages such as Ruby, Elixir, Java, Swift, React, and Node.js
Knowledge of/experience with infrastructure, application and security automation.
Knowledge of how to deploy an application.
Passionate about following best practices, including testing, security, and configuration management.
The team member will be working with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, this candidate will help lead efforts to exploit security patterns and practices with orchestration and automation tools to automate the secure configuration, verification, compliance and authorization of systems. They will be a member of a team with experience maturing organizations software development and security practices.
Work collaboratively in a fast-moving team.
Automate security validation testing against cloud platforms
Work with Global Security office to translate and automate traditional data center type security controls and guidelines to cloud centric controls.
Follow and instruct others on version control processes.
Work with and guides architecture teams to create platform validations to meet minimum security baselines.
Develop solutions to strengthen the security in and around applications.
Analyze industry specific requirements/technologies and provide insight.
Work with appropriate parties such as Engineering and Architecture leads to raise issues and work toward resolution.
Be a thought leader for the platform security team.
10+ years of experience with front and backend software development.
8+ years of experience with Continuous Integration / Continuous Deployment strategies.
5+ years of experience with cloud infrastructure and services such as Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform.
5+ years of experience with Docker and micro-services architecture.
Experience applying application and service security patterns and practices.
Experience utilizing Security testing tools (scanners, static and dynamic code analysis)
Familiarity with Unix, Linux and Windows operating systems and application platforms.
Excellent interpersonal and communication skills.
Logical approach and excellent problem-solving skills.
Eagerness to learn new industry and new technologies.
Must be able to work well both in a team environment and independently.
Must possess exceptional attention to detail.
Comfort transferring previous development experience to new technologies as they mature.
BS in Computer Science or similar field, or equivalent combination of education and years of experience.
At CVS Health, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.
We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, sex/gender, sexual orientation, gender identity or expression, age, disability or protected veteran status or on any other basis or characteristic prohibited by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.