Full-Time
Senior Manager
Endpoint Compliance and Hardening
Confirmed live in the last 24 hours
CVS Health
10,001+ employees
Comprehensive pharmacy and healthcare services
Compensation Overview
$118.5k - $284.3kAnnually
Senior, Expert
Company Historically Provides H1B Sponsorship
Boston, MA, USA + 4 more
More locations: Northbrook, IL, USA | Smithfield, RI, USA | Hartford, CT, USA | Richardson, TX, USA
Candidates may be required to work from any of the listed locations: Woonsocket, Boston, Richardson, Northbrook, or Hartford.
You match the following CVS Health's candidate preferences
Employers are more likely to interview you if you match these preferences:
- 7+ years of experience in vulnerability management, IT operations, or a related field
- 5+ years of experience with translating vulnerability risk information into actionable insights
- 5+ years of experience team leadership experience
- 5+ years of experience working with patch management systems and practices (e.g., WSUS, SCCM, JAMF)
- Develop and manage the organization's file integrity monitoring and secure hardening configuration policy framework, ensuring alignment with security and business objectives.
- Lead a team of configuration specialists, providing leadership, mentorship, and technical guidance.
- Stay informed of emerging security threats, compliance requirements, and best practices related to secure configurations.
- Define and enforce File Integrity Monitoring policies and procedures to ensure the integrity of critical files and systems.
- Lead the team to establish baselines for normal file states and monitor for unauthorized or suspicious changes.
- Lead regular audits and reviews of FIM processes to identify and address gaps.
- Define, implement, and maintain secure configurations for operating systems, databases, applications, and network devices (e.g., firewalls, routers).
- Ensure consistent application of security baselines (e.g., CIS Benchmarks, NIST guidelines) across the enterprise.
- Oversee the deployment, configuration, and management of File Integrity Monitoring tools and solutions (Qualys, Splunk, etc.).
- Regularly review and update policies to reflect changes in the threat landscape or regulatory requirements.
- Work closely with IT, DevOps, and Security Operations teams to ensure file integrity monitoring and secure hardening configuration policies are integrated into system and application lifecycles.
- Partner with compliance and risk teams to ensure file integrity monitoring and secure hardening configurations meet regulatory standards (e.g., PCI DSS, HIPAA, SOX).
- Provide guidance and support during internal and external audits.
- Collaborate with Security Operations Center (SOC) and Incident Response teams to investigate file integrity monitoring alerts and security incidents.
- Ensure proper logging, alerting, and reporting mechanisms are in place for timely detection and response.
- Contribute to forensic investigations by providing detailed logs and evidence from FIM systems.
- Implement tools and processes to continuously monitor and enforce secure configurations (e.g., vulnerability scanners, configuration management tools).
- Develop and deliver executive-level reports on compliance with configuration policies, including metrics on policy adherence and risk mitigation.
- Lead root cause analysis and remediation efforts for configuration-related security incidents.
- Promote a culture of security awareness and best practices within the organization.
- Drive automation initiatives to streamline configuration management processes.
- Provide training and resources to ensure teams understand and adhere to secure configuration policies.
- Prioritize vulnerabilities based on risk assessments, considering factors such as exploitability and business impact.
- Develop and maintain a risk-based approach to remediation to focus efforts on high-priority vulnerabilities.
- Collaborate with threat intelligence teams to understand the context of vulnerabilities within the threat landscape.
- Automate continuous secure hardening configuration management scanning on build images before production deployment to proactively mitigate risks.
- Maintain and update File Integrity Monitoring and Secure Hardening Configuration Management documentation on updated protective detection policies, remediation procedures and best practices.
- Provide regular updates to stakeholders on the status of remediation efforts and overall risk reduction.
- Create detailed reports and dashboards for leadership, highlighting trends, risks, and compliance metrics.
- Communicate technical findings and recommendations to both technical and non-technical audiences.
- Ensure timely response to internal audit compliance evidence requests.
- Ensure remediation efforts align with regulatory and compliance requirements (e.g., PCI DSS, SOX, HIPAA).
- Support audit processes by providing documentation and evidence of remediation activities.
- Enforce adherence to security policies and standards across teams.
- Proficiency in operating systems (Windows, Linux) and understanding of network security principles
- Knowledge of common vulnerabilities, CVE databases, and exploit frameworks
- Experience with scripting languages and automation tools (e.g., Python, PowerShell, Ansible)
- Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes)
- Strong analytical and problem-solving abilities
- Excellent organizational and project management skills
- Effective communication skills to collaborate across teams and present findings
- CompTIA Security+
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- GIAC certifications (e.g., GSEC, GCIA, GPEN)
CVS Health operates a large network of retail pharmacies and walk-in medical clinics across the United States, providing a variety of health-related products and services. The company serves individual consumers, businesses, and communities, offering prescription medications, over-the-counter health products, beauty items, and general merchandise. CVS Health also functions as a pharmacy benefits manager, managing health plans for over 75 million members, and provides specialized care for seniors and patients requiring specialty pharmacy services. This integrated approach allows CVS Health to deliver affordable health management solutions, improve access to quality care, and enhance health outcomes while aiming to reduce overall healthcare costs. The company's goal is to support individuals in achieving better health through its comprehensive services.
Company Stage
Debt Financing
Total Funding
N/A
Headquarters
Woonsocket, Rhode Island
Founded
1963
Simplify's Take
What believers are saying
- Expansion of telehealth services allows CVS to reach more patients remotely.
- Increased consumer interest in wellness boosts demand for CVS's health-related products.
- The trend towards value-based care aligns with CVS's integrated healthcare approach.
What critics are saying
- Legal challenges related to opioid prescriptions could harm CVS's reputation and finances.
- The DOJ's intervention in a whistleblower lawsuit may increase legal costs for CVS.
- The Horizon Organic Milk recall exposes potential vulnerabilities in CVS's supply chain.
What makes CVS Health unique
- CVS Health operates over 9,600 retail pharmacies and 1,100 walk-in clinics nationwide.
- The company integrates pharmacy benefits management with specialty pharmacy services for comprehensive care.
- CVS Health offers tailored medication plans through personalized medicine and pharmacogenomics.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
401(k) Retirement Plan
Company Equity
Wellness Program
Professional Development Budget
Paid Vacation
Paid Holidays