Technical Security Analyst
About The Position
We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time. As a Security Risk Operations Lead you will: Conduct thorough technical Security Risk Assessments on Production Environment applications to identify vulnerabilities, threats and risks. Assess vulnerability management, scans, patching status, secure baselines, penetration test result, etc. Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in Control Standards Collaborate with other IT professionals, including network engineers, developers, and system administrators, to understand how security measures are integrated into existing systems and processes.
Requirements
- 7+ years of information security or related experience
- 7+ years of experience identifying security risk within technology implementations with broad technical expertise and knowledge of current security threat and vulnerability trends including cloud, AI, etc.
- 7+ years of experience with security controls and alignment to key regulations (NIST, ISO, HITRUST, HIPAA, PCI)
- 5+ years experience managing work efforts with both internal and external partners in a highly collaborative environment
- 5+ years of experience demonstrating critical thinking and knowledge of risk management processes, tools, and techniques
Nice To Haves
- Strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)
- Technical acumen in regards to on prem applications, API, Encryption technologies, Container Security
- Experience with Information security policies and procedures
- Strong interpersonal, communication, and collaboration skills
- Relevant Industry Certifications such as CISSP, CRISC
- Knowledge of regulatory standards including NIST, SOX, SOC, HIPAA, PCI and HITRUST
- Understanding of current security threat and vulnerability trends
- Knowledge of cloud security architecture, best practices and frameworks
- Experience with Security development methodologies
- Working knowledge of Security Risk Management practices and processes
Responsibilities
- Conduct thorough technical Security Risk Assessments on Production Environment applications to identify vulnerabilities, threats and risks.
- Assess vulnerability management, scans, patching status, secure baselines, penetration test result, etc.
- Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in Control Standards
- Collaborate with other IT professionals, including network engineers, developers, and system administrators, to understand how security measures are integrated into existing systems and processes.
Benefits
- medical
- dental
- vision coverage
- paid time off
- retirement savings options
- wellness programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
Associate degree
