We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

POSITION SUMMARY

CVS Health is hiring a Senior Cloud Data Security Engineer — Data Loss Prevention (DLP) to play a critical role in protecting the sensitive data assets of one of the largest pharmacy chains in the United States. As a senior member of the Data Protection Team, this role is responsible for the design, implementation, and continuous maturation of enterprise DLP capabilities across cloud, endpoint, email, network, and AI/ML environments, covering Data in Motion (DIM) and Data in Use (DIU).

This engineer will lead efforts to prevent unauthorized data exfiltration, enforce data classification and handling standards, and extend DLP controls to AI/ML pipelines and shadow AI services. The role partners closely with security, engineering, data, and business stakeholders to deliver a cohesive, risk‑based data protection strategy that balances strong controls with a simplified user experience.

This is a U.S.-based position; candidates must reside within the United States.

PRIMARY DUTIES AND RESPONSIBILITIES

Enterprise Data Loss Prevention

• Design, implement, and mature enterprise DLP policies and controls across cloud, endpoint, email, and network channels.

• Support the full DLP program lifecycle, including strategy, policy development, rule tuning, and continuous improvement.

• Lead data classification and labeling initiatives to ensure consistent governance of PII, PHI, PCI, and proprietary data.

• Monitor, investigate, and respond to data leakage incidents; manage cases, perform root cause analysis, and drive remediation to closure.

• Develop dashboards, metrics, and reporting to communicate DLP effectiveness, risk posture, and trends to leadership.

• Automate DLP enforcement, incident triage, and response workflows to improve accuracy and reduce manual effort.

Cloud & AI/ML Data Protection

• Extend DLP capabilities to cloud‑native and hybrid environments, leveraging CASB, CNAPP, CSPM, SASE, and Zero Trust architectures.

• Lead shadow AI discovery and enforce DLP controls across sanctioned and unsanctioned AI services.

• Design and implement data protection controls for AI/ML workloads, pipelines, model training, and outputs.

• Enforce secure data handling for generative AI, LLMs, and MLOps platforms to prevent improper ingestion, exposure, or transmission of sensitive data.

Collaboration, Governance & Leadership

• Partner with business and technology leaders to define DLP strategy, roadmaps, and priorities aligned to regulatory and risk requirements.

• Align DLP controls with industry frameworks such as NIST, CIS, CSA, and MITRE ATLAS.

• Serve as a subject matter expert on data protection for initiatives including cloud migrations, AI platform deployments, and M&A activities.

• Collaborate with infrastructure, operations, data science, and application teams to embed DLP into architecture and operational processes.

• Drive a low‑friction, user‑centric security experience while maintaining strong data protection outcomes.

• Act as the organizational authority on DLP, cloud data security, and AI/ML data protection best practices.

REQUIRED QUALIFICATIONS

• 5+ years of experience implementing and supporting cloud security solutions in large enterprise environments, with a strong focus on DLP.

• 5+ years of hands‑on experience with enterprise DLP platforms such as Microsoft Purview, Zscaler, and Palo Alto.

• 5+ years of experience designing and enforcing DLP policies across cloud, endpoint, email, and network channels.

• 5+ years of experience in at least two of the following cloud platforms: AWS, Azure, GCP, including data protection implementations.

• 5+ years of experience with Zero Trust, CASB, CSPM, and Conditional Access frameworks.

PREFERRED QUALIFICATIONS

• 3+ years of experience using Regex for DLP policies and leveraging tools such as Splunk, Chronicle, or Power BI for analytics.

• 3+ years of experience with network security, email security, and firewall technologies related to data exfiltration prevention.

• 3+ years of experience securing AI/ML platforms, including exposure to LLMs, generative AI, and MLOps, with a data protection focus.

• Proven experience leading DLP and data protection engineering initiatives in collaboration with cross‑functional teams.

• Ability to provide off‑hours and weekend support on short notice when required.

EDUCATION

Bachelor’s degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience).

BUSINESS OVERVIEW

Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$101,970.00 - $203,940.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 06/30/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.