Principal Platform Security Engineer at CVS Health () (allows remote)

Principal Platform Security Engineer at CVS Health () (allows remote)

Add To Bookmarks
Type: Full Time
Created: 2021-07-23 05:01:21

Apply Here

The Principal Platform Security Engineer is someone who has the experience and will aid our mission in designing and building secure platforms and applications. You will feel comfortable working with both front-end and back-end environments, as well as building, automating and securing the cloud infrastructure and platforms that supports the services. You will report directly to the Director of Application Development, Health Services Digital Technology.The Details:•The team member will work with a strong team to help transform the way systems are built, secured, authorized and securely operated for continuous compliance and risk mitigation. Specifically, you will help lead our mission to exploit security patterns and practices with orchestration and automation tools to automate the secure configuration, verification, compliance and authorization of systems. They will be a member of a team with experience maturing organizations software development and security practices.•Experience working with Security Compliance Frameworks (ISO 27001, NIST, PCI-DSS, HIPAA, Sarbanes-Oxley, SSAE16, SOC2)•Experienceimplementing/utilizingFederal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP, Critical Security Controls, Cloud Security Alliance, CERT, SANS, SafeCode, and CWE Top 25)•Experience working with Agile methodology and phase-based delivery methods.•Hands-on experience with both compiled and interpreted languages such as Ruby, Elixir, Java, Swift, React, and Node.js•Knowledge of/experience with infrastructure, application and security automation.•Knowledge of how to deploy an application.•Passionate about following best practices, including testing, security, and configuration management.•Experience with software and platform architecture, preferably with cloud service providers (AWS, GCP, Azure)The Responsibilities:•Work collaboratively across departments•Automate security validation testing against cloud platforms•Work with Global Security office to translate and automate traditional data center type security controls and guidelines to cloud centric controls•Follow and instruct others on version control processes•Work with our architecture teams to create platform validations to meet minimum security baselines•Develop solutions to strengthen the security in and around applications•Analyze industry specificrequirements/technologiesand provide insight•Work with appropriate parties such as Engineering and Architecture leads to raise issues and work toward resolution•Be an expert for the platform security team

Required Qualifications•10+ years of experience with front and backend software development•8+ years of experience with Continuous Integration / Continuous Deployment strategies•5+ years of experience with cloud infrastructure and services such as Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform•5+ years of experience with Docker and micro-services architecture•Experience applying application and service security patterns and practices•Experience using Security testing tools (scanners, static and dynamic code analysis)•Familiarity with Unix, Linux and Windows operating systems and application platforms•Possess a logical approach to solving problems•Eagerness to learn new industry and new technologies•Must be able to work well both in a team environment and independently•Have exceptional attention to detail•Comfort transferring previous development experience to new technologies as they mature

Preferred Qualificationssee required

EducationBachelor’s Degree or Equivalent Work Experience