CVS Health · 4 hours ago
Senior DevSecOps Engineer, Mobile Applications
United States
Full-time
Remote
Mid, Senior Level
$83K/yr - $222K/yr
5+ years expCVS Health is focused on building a connected and compassionate health experience. They are seeking a Senior DevSecOps Engineer to lead security initiatives, automate security processes, and collaborate with teams to ensure secure engineering practices throughout the software development lifecycle.
Health CareMedicalPharmaceuticalRetailSales
Responsibilities
Develop and enforce engineering security policies and standards
Develop and enforce data security policies and standards
Drive security awareness across the organization
Collaborate with Engineering and Business teams to develop secure engineering practices
Serve as the Subject Matter Expert for Application Security
Work with cross-functional teams to ensure security is considered throughout the software development lifecycle
Design and implement automated workflows for security processes across CI/CD pipelines, reducing manual intervention and improving consistency
Automate manual reporting tasks by building scripts, dashboards, and integrations that provide real-time visibility into security posture, vulnerability status, and compliance metrics
Integrate security controls into CI/CD pipelines (e.g., automated scanning, policy enforcement, and remediation workflows) to ensure security gates are embedded in the development lifecycle
Develop orchestration strategies for pipeline automation using tools like GitHub Actions, Jenkins, or Azure DevOps, ensuring security checks are triggered automatically during build and deployment phases
Develop and maintain executive-level reporting dashboards using tools like Power BI, Tableau, or BigQuery to provide actionable insights to leadership
Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data
Lead security testing, vulnerability analysis, and documentation
Participate in operational on-call duties to support infrastructure across multiple regions and environments (cloud, on-premises, colocation)
Develop incident response and recovery strategies
Qualification
Required
5+ years of experience in developing and deploying security technologies
5+ years with modern SDLC and CI/CD practices, emphasizing pipeline automation and security integration
3+ years remediating vulnerabilities from Static Analysis, Open-Source Scanning, Mobile Scanning (DataTheorem or similar platform), and API Scanning (Apiiro, Koi Security)
3+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code
3+ years of experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell
1+ year of experience building reports and dashboards using visualization tools (Power BI, Tableau, BigQuery, or similar)
A Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)
Preferred
Proficiency in Public Cloud (AWS/Azure/GCP) & Network Security
Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA)
Strong technical expertise with Architecting Public Cloud solutions and processes
Strong technical expertise with Networking and Software-Defined Networking (SDN) principles
Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams
Familiarity with OWASP Application Security Verification Standard
Experience with direct, remote, and virtual teams
Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA)
Strong technical expertise with Static Analysis, Open Source Scanning, Mobile Scanning, and API Scanning security solutions for data warehouses and big data platforms, particularly with technologies like Snyk, Apiiro, Koi Security, jFrog Curation
Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability
Experience creating executive-level reporting and presenting security metrics to leadership
Experience building automated reporting solutions using APIs, scripting, and visualization tools (e.g., Power BI, Grafana, or custom dashboards)
Experience with pipeline orchestration tools and CI/CD automation frameworks to embed security gates and compliance checks
Benefits
Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.
Company
CVS Health
CVS Health is a health solutions company that provides an integrated healthcare services to its members.
10001+ employees
H1B Sponsorship
CVS Health has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (1)
Funding
Current Stage
Public CompanyTotal Funding
$4BKey Investors
Michigan Economic Development CorporationStarboard Value
2025-08-15Post Ipo Debt· $4B
2025-07-17Grant· $1.5M
2019-11-25Post Ipo Equity
Leadership Team
David Joyner
President and Chief Executive Officer, CVS Health
Chandra McMahon
SVP & CISO
Recent News
2026-01-25
Company data provided by crunchbase