The Principal Platform Security Engineer is someone who has the experience and will aid our mission in designing and building secure platforms and applications. You will feel comfortable working with both front-end and back-end environments, as well as building, automating and securing the cloud infrastructure and platforms that supports the services. You will report directly to the Director of Application Development, Health Services Digital Technology.
•The team member will work with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, you will help lead our mission to exploit security patterns and practices with orchestration and automation tools to automate the secure configuration, verification, compliance and authorization of systems. They will be a member of a team with experience maturing organizations software development and security practices.
•Experience working with Security Compliance Frameworks (ISO 27001, NIST, PCI-DSS, HIPAA, Sarbanes-Oxley, SSAE16, SOC2)
•Experience implementing/utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP, Critical Security Controls, Cloud Security Alliance, CERT, SANS, SafeCode, and CWE Top 25)
•Experience working with Agile methodology and phase-based delivery methods.
•Hands-on experience with both compiled and interpreted languages such as Ruby, Elixir, Java, Swift, React, and Node.js
•Knowledge of/experience with infrastructure, application and security automation.
•Knowledge of how to deploy an application.
•Passionate about following best practices, including testing, security, and configuration management.
•Experience with software and platform architecture, preferably with cloud service providers (AWS, GCP, Azure)
•Work collaboratively across departments
•Automate security validation testing against cloud platforms
•Work with Global Security office to translate and automate traditional data center type security controls and guidelines to cloud centric controls
•Follow and instruct others on version control processes
•Work with our architecture teams to create platform validations to meet minimum security baselines
•Develop solutions to strengthen the security in and around applications
•Analyze industry specific requirements/technologies and provide insight
•Work with appropriate parties such as Engineering and Architecture leads to raise issues and work toward resolution
•Be an expert for the platform security team
This role can be based anywhere remotely in the U.S.
•10+ years of experience with front and backend software development
•8+ years of experience with Continuous Integration / Continuous Deployment strategies
•5+ years of experience with cloud infrastructure and services such as Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform
•5+ years of experience with Docker and micro-services architecture
•Experience applying application and service security patterns and practices
•Experience using Security testing tools (scanners, static and dynamic code analysis)
•Familiarity with Unix, Linux and Windows operating systems and application platforms
•Possess a logical approach to solving problems
•Eagerness to learn new industry and new technologies
•Must be able to work well both in a team environment and independently
•Comfort transferring previous development experience to new technologies as they mature
Bachelor's Degree or Equivalent Work Experience
At CVS Health, we are joined in a common purpose: helping people on their path to better health. We are working to transform health care through innovations that make quality care more accessible, easier to use, less expensive and patient-focused. Working together and organizing around the individual, we are pioneering a new approach to total health that puts people at the heart.
We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring or promotion based on race, ethnicity, sex/gender, sexual orientation, gender identity or expression, age, disability or protected veteran status or on any other basis or characteristic prohibited by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.
Apply on company website