CVS Health

Senior Endpoint Security Engineer – Configuration Compliance

CVS Health

full-time

Posted on:

Location Type: Remote

Location: Remote • Connecticut, Illinois, Massachusetts, Texas • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $92,700 - $203,940 per year

Job Level

Senior

Tech Stack

FirewallsLinuxMacOSServiceNow

About the role

  • Secure Policy Configuration Management (Hardening)
  • Develop, implement, and maintain secure configuration policy framework and baselines for operating systems, databases, applications, and network devices (e.g., firewalls, routers)
  • Collaborate with stakeholders to align secure configuration policies with business and compliance requirements
  • Automate configuration scanning, remediation, and validation processes by developing and integrating workflows using tools like Qualys, ServiceNow, and APIs or scripting languages to enhance efficiency and scalability
  • Regularly review and update policies to reflect changes in the threat landscape or regulatory requirements
  • Stay informed of emerging security threats, compliance requirements, and best practices related to secure configurations
  • Implement and maintain tools, processes, and configuration scan templates aligned with policy changes to continuously monitor, detect, and enforce secure configurations (e.g., Minimum Security Baseline scanners, configuration management tools)
  • Conduct security audits and assessments to identify deviations and implement corrective actions
  • Develop and deliver executive-level reports on compliance with configuration policies, including metrics on policy adherence and risk mitigation
  • Lead root cause analysis and remediation efforts for configuration-related security incidents
  • Collaboration and Integration
  • Work closely with IT, DevOps, and Security Operations teams to ensure secure configuration policies are integrated into system and application lifecycles
  • Partner with compliance and risk teams to ensure configurations meet regulatory standards (e.g., PCI DSS, HIPAA, SOX)
  • Provide guidance and support during internal and external audits
  • Continuous Improvement and Training
  • Promote a culture of security awareness and best practices within the organization
  • Drive automation initiatives to streamline configuration management processes
  • Provide training and resources to ensure teams understand and adhere to secure configuration policies

Requirements

  • 5+ years of experience in information security, with a focus on secure configuration management or related areas
  • 5+ years of experience with secure configuration frameworks including CIS Benchmarks and configuration management tools (e.g., Qualys, Rapid7, Tanium)
  • 5+ years of strong understanding of operating systems (Windows, Linux, macOS) and network device configurations
  • 5+ years with security architecture awareness
  • Strong grasp of how configuration compliance integrates with vulnerability, asset, and change management systems
  • 5+ years of analytical problem-solving experience
  • Demonstrated ability to identify root causes through multi-angle analysis of compliance, telemetry, and policy logic.
  • Bachelor’s degree or equivalent experience (HS diploma + 4 years relevant experience)
Benefits
  • Affordable medical plan options
  • 401(k) plan (including matching company contributions)
  • Employee stock purchase plan
  • No-cost programs for all colleagues including wellness screenings
  • Tobacco cessation and weight management programs
  • Confidential counseling and financial coaching
  • Benefit solutions that address the different needs and preferences of our colleagues including paid time off
  • Flexible work schedules
  • Family leave
  • Dependent care resources
  • Colleague assistance programs
  • Tuition assistance
  • Retiree medical access

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
secure configuration managementconfiguration policy frameworkconfiguration scanningremediationsecurity auditsroot cause analysisvulnerability managementchange managementanalytical problem-solvingsecurity architecture
Soft skills
collaborationcommunicationleadershiptrainingproblem-solvingstakeholder engagementculture of security awarenessguidance and support