Senior DevSecOps Engineer, Mobile Applications

We're building a world of health around every individual - shaping a more connected, convenient and compassionate health experience. At CVS Health , you'll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger - helping to simplify health care one person, one family and one community at a time. Position Summary Who You Are:

• A seasoned security leader with the ability to develop and review code when necessary, and with a deep understanding of foundational software-engineering paradigms-specifically the distinctions and appropriate use cases for objects (runtime instances), classes (architectural blueprints), and functions (discrete units of logic).
• Strong passion and thorough understanding of what it takes to build and operate secure, reliable systems at scale.
• Strong passion and technical expertise to automate security functions via code, including pipeline and workflow automation.
• Strong technical expertise with Application, Cloud, Data, and Network Security best practices.
• Strong technical expertise with multi-cloud environments, including container/serverless and other microservice architectures.
• Strong technical expertise with older technology stacks, including mainframes and monolithic architectures.
• Strong technical expertise with SDLC, CI/CD tools, Deployment Automation, and pipeline orchestration.
• Strong technical expertise with operating security for Windows Server and Linux Server systems.
• Strong technical expertise with configuration management, version control, and DevOps operational support.
• Strong experience with implementing security measures for both applications and data, with an understanding of the unique security requirements of data warehouse technologies.
• Experience with reporting and visualization tools such as Power BI, BigQuery, Tableau, or similar platforms.
• Ability to create and deliver executive-level reporting and dashboards for leadership visibility. Role Responsibilities: Development & Enforcement
• Develop and enforce engineering security policies and standards.
• Develop and enforce data security policies and standards.
• Drive security awareness across the organization. Collaboration & Expertise
• Collaborate with Engineering and Business teams to develop secure engineering practices.
• Serve as the Subject Matter Expert for Application Security.
• Work with cross-functional teams to ensure security is considered throughout the software development lifecycle. Automation & Optimization
• Design and implement automated workflows for security processes across CI/CD pipelines, reducing manual intervention and improving consistency.
• Automate manual reporting tasks by building scripts, dashboards, and integrations that provide real-time visibility into security posture, vulnerability status, and compliance metrics.
• Integrate security controls into CI/CD pipelines (e.g., automated scanning, policy enforcement, and remediation workflows) to ensure security gates are embedded in the development lifecycle.
• Develop orchestration strategies for pipeline automation using tools like GitHub Actions, Jenkins, or Azure DevOps, ensuring security checks are triggered automatically during build and deployment phases.
• Develop and maintain executive-level reporting dashboards using tools like Power BI, Tableau, or BigQuery to provide actionable insights to leadership. Analysis & Configuration
• Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data.
• Lead security testing, vulnerability analysis, and documentation. Operational Support
• Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation).
• Develop incident response and recovery strategies. Required Qualifications:
• 5+ years of experience in developing and deploying security technologies.
• 5+ years with modern SDLC and CI/CD practices, emphasizing pipeline automation and security integration.
• 3+ years remediating vulnerabilities from Static Analysis, Open-Source Scanning, Mobile Scanning (DataTheorem or similar platform), and API Scanning (Apiiro, Koi Security).
• 3+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code.
• 3+ years of experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell.
• 1+ year of experience building reports and dashboards using visualization tools (Power BI, Tableau, BigQuery, or similar). Preferred Qualifications:
• Proficiency in Public Cloud (AWS/Azure/Google Cloud Platform) & Network Security.
• Strong experience with implementing and managing data protection measures

Apply tot his job Apply To this Job