Lead Director, Application Security Engineering jobs in United States
cer-icon
Apply on Employer Site
company-logo

CVS Health · 4 hours ago

Lead Director, Application Security Engineering

positionNY - New York
timeFull-time
remoteOnsite
seniorityDirector/Executive
money$144K/yr - $288K/yr
date10+ years exp

CVS Health is building a world of health around every individual, shaping a more connected health experience. They are seeking a Lead Director for Application Security Engineering to develop and enforce engineering and data security policies, collaborate with stakeholders, and lead security initiatives across the organization.

Health CareMedicalPharmaceuticalRetailSales
check
H1B Sponsor Likelynote

Responsibilities

Develop and enforce engineering security policies and standards
Develop and enforce data security policies and standards
Drive security awareness across the organization
Direct the strategic development and enforcement of comprehensive security policies and standards, ensuring advanced security practices are integrated throughout the software development lifecycle to mitigate risks and maintain alignment with industry-leading security protocols. Facilitate collaboration between security, development, and operations teams to foster a unified approach to secure software development
Regularly review and update security policies and standards to reflect evolving threat landscapes and technological advancements, embedding a culture of continuous improvement within the team
Cultivate strategic partnerships with key stakeholders across the organization, including product management, engineering leaders, and other key stakeholders to seamlessly integrate security considerations into product development lifecycles and operational processes
Serve as a key security figure, orchestrating the integration of secure engineering practices across the organization and ensuring alignment with business objectives through strategic communication with senior management and other stakeholders
Analyze, develop, and configure security solutions across multi-cloud, on-premises, and colocation environments, ensuring application security, integrity, confidentiality, and availability of data
Lead security testing, vulnerability analysis, and documentation
Spearhead the evaluation and strategic deployment of cutting-edge security solutions, emphasizing scalability, performance, and adaptability, to fortify the organization's defense against evolving threats
Enhance and maintain a dynamic security architecture framework that empowers project teams to develop secure solutions, fostering agility and innovation within secure boundaries, thus aligning security measures with business objectives
Drive the adoption of a forward-looking security architecture that anticipates and mitigates emerging security threats, aligning with future technological trends and business objectives
Participate in operational on-call duties to support a 24/7 infrastructure across multiple regions and environments (cloud, on-premises, colocation)
Oversee the strategic direction of the security incident response framework, ensuring organizational resilience and rapid recovery from security incidents
Implement a metrics-driven approach to security operations, using key performance indicators (KPIs) and key risk indicators (KRIs) to effectively measure and report on the security posture, incident response efficacy, and continuous improvement of security practices
Proven executive leadership in cultivating leadership talent across the security organization, including developing high-potential leaders and succession planning
Establish a targeted leadership development program within the security team to cultivate future leaders by enhancing specific competencies and experiences, emphasizing the development of both technical skills and leadership qualities
Proven track record with participation in security research and the exploration of next-generation security tools and practices. This includes encouraging the team to engage with the wider security community, contributing to open-source projects, and staying well-informed of emerging threats and innovative defense mechanisms
Encourage a culture of innovation within the team by allocating resources for research into emerging security technologies and practices, and by recognizing and rewarding innovative ideas and solutions
Lead the strategic planning of the organization's security roadmap, including conducting comprehensive risk assessments, managing budgets for security initiatives, and aligning the security strategy with overarching business goals. Champion security within the organization to ensure it is a key consideration in all business decisions and technology investments
Advocate for the necessary resources and investments in security initiatives, demonstrating the ability to communicate the value and necessity of security to both technical and non-technical stakeholders effectively

Qualification

Public Cloud (AWS/Azure/GCP)Network SecuritySecurity-as-CodeInfrastructure-as-CodeSecurity strategies developmentDockerKubernetesProgramming languagesData protection complianceNetworking principlesCyber resilience standardsInnovationCollaborationLeadershipMentorship

Required

10+ years of experience in leading security technology strategies and operations, with a significant portion in a senior leadership role
7+ years of experience in Public Cloud (AWS/Azure/GCP) & Network Security
5+ years of experience with Docker, Kubernetes, Security-as-Code, and Infrastructure-as-Code
5+ years of experience with one or more general-purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, Shell Script, PowerShell
5+ years of experience in developing and executing security strategies within large, complex organizations, with a demonstrated ability to drive security initiatives that align with business objectives

Preferred

Strong experience with implementing and managing data protection measures and compliance with data protection regulations (e.g., GDPR, CCPA)
Strong technical expertise with Architecting Public Cloud solutions and processes
Strong technical expertise with Networking and Software-Defined Networking (SDN) principles
Strong technical expertise with developing and interpreting Network, Sequence, and Dataflow diagrams
Experience with direct, remote, and virtual teams
Understanding of at least one compliance framework (HIPAA, HITRUST, PCI, NIST, CSA)
Strong technical expertise with security solutions for data warehouses and big data platforms, particularly with technologies like Snowflake
Strong technical expertise in defining and implementing cyber resilience standards, policies, and programs for distributed cloud and network infrastructure, ensuring robust redundancy and system reliability
Experience in influencing industry security standards and contributing to open-source projects or security communities, highlighting a broader impact beyond the immediate organization
Proven ability to foster a collaborative team environment, encouraging cross-functional teamwork and knowledge sharing to solve complex security challenges
Experience in leading transformational security initiatives across global organizations, demonstrating the ability to manage change and drive security culture across diverse teams

Benefits

Affordable medical plan options
401(k) plan (including matching company contributions)
Employee stock purchase plan
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching
Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility

Company

CVS Health

twittertwittertwitter
Glassdoor3.1
company-logo
CVS Health is a health solutions company that provides an integrated healthcare services to its members.
dateFounded in 1963
location
Woonsocket, Rhode Island, USA
people-size10001+ employees
web-link
https://www.cvshealth.com/

H1B Sponsorship

CVS Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (1)

Funding

Current Stage
Public Company
Total Funding
$4B
Key Investors
Michigan Economic Development CorporationStarboard Value
2025-08-15Post Ipo Debt· $4B
2025-07-17Grant· $1.5M
2019-11-25Post Ipo Equity

Leadership Team

leader-logo
David Joyner
President and Chief Executive Officer, CVS Health
linkedin
leader-logo
Chandra McMahon
SVP & CISO
linkedin

Recent News

MedCity News
Lawmakers Grill Health Insurance CEOs: 4 Key Takeaways
2026-01-25
Morningstar.com
More Americans are choosing Obamacare plans they can't afford in first look at ACA without enhanced tax credits
2026-01-24
STAT
STAT+: Health insurance execs shift blame for costly, confusing health care system
2026-01-23
Company data provided by crunchbase