We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.
CVS Health is seeking a Senior Manager, Application Security Engineering to lead enterprise application security, vulnerability management, secure software delivery, and security engineering capabilities across a complex technology environment.
Within the Cybersecurity organization, this leader will be responsible for managing and advancing application security programs that help protect CVS Health applications and technology platforms throughout the software development lifecycle. The role will partner closely with Engineering, Architecture, Infrastructure, Product, Risk, Compliance, and Cybersecurity teams to integrate security into development processes and support secure delivery of business solutions.
The Senior Manager will lead a team responsible for application security engineering, vulnerability management, software supply chain security, security automation, and developer security enablement. This role will oversee security standards, tooling, governance, risk reduction activities, and operational processes that support enterprise technology portfolios and strategic initiatives, including Health 100.
Additionally, this leader will help build and scale security capabilities that improve developer adoption, increase automation, strengthen secure software development practices, and support enterprise DevSecOps initiatives.
This is a U.S.-based remote position. Candidates must reside within the United States.
Application Security & Secure Software Delivery
Vulnerability Management & Security Operations
Security Engineering, DevSecOps & Platform Innovation
Lead and develop a high-performing team of security professionals while fostering a culture of technical excellence, accountability, innovation, and continuous improvement.
Build and scale security programs that drive developer adoption, self-service security capabilities, and DevSecOps maturity across enterprise engineering teams.
Partner across Engineering, Product, Architecture, Infrastructure, Risk, Compliance, and Cybersecurity teams to define strategic roadmaps, enable secure engineering practices, and support enterprise transformation initiatives, including Health 100.
Drive workforce development, capacity planning, operational readiness, and execution of strategic security objectives.
7+ years of experience developing, implementing, and operating enterprise security technologies across Application Security, Container Security, Data Security, Infrastructure Security, or related cybersecurity domains.
7+ years of experience leading security programs and initiatives from design and implementation through operationalization and continuous improvement within enterprise environments.
5+ years of experience securing cloud-native and modern application environments leveraging AWS, Azure, or GCP, including containers, Kubernetes, Infrastructure-as-Code (IaC), and Security-as-Code practices.
5+ years of experience supporting secure software development lifecycle (SDLC) programs, vulnerability management, security testing, regulatory compliance, and enterprise application portfolios.
4+ years of experience with application security technologies including SAST, SCA, CVA, mobile application security testing, secrets scanning, software supply chain security, and developer enablement programs.
2+ years of experience leading, mentoring, managing, and developing security engineering, application security, vulnerability management, or cybersecurity teams.
Experience architecting, securing, and modernizing enterprise applications, CI/CD pipelines, and cloud-native platforms across multi-cloud, hybrid, and legacy environments, including containerized, serverless, microservices-based, monolithic, and mainframe architectures.
Experience with application security, software composition analysis (SCA), software bills of materials (SBOM), software supply chain security, developer enablement programs, and secure software delivery practices utilizing platforms such as JFrog, Snyk, Veracode, Wiz, GitGuardian, Prisma Cloud, or similar technologies.
Experience supporting highly regulated environments and compliance frameworks including HIPAA, HITRUST, PCI-DSS, NIST, CSA, and related security and risk management standards.
Experience leading enterprise-scale transformation, application modernization, DevSecOps, and security automation initiatives, including building and scaling security programs, developer enablement capabilities, self-service security platforms, executive reporting, KPIs, KRIs, security scorecards, portfolio governance, and risk management programs.
Experience leveraging AI-powered technologies such as Claude, Claude Code, GitHub Copilot, Microsoft Copilot, and similar platforms to automate vulnerability remediation, integrate MCP-based security scanning, implement security controls within CI/CD pipelines, enhance developer enablement, and improve secure software delivery at enterprise scale.
Bachelor’s degree from an accredited college or university, or equivalent combination of education and relevant work experience (High School Diploma/GED plus 4 years of related experience).
Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric healthcare for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions that make healthcare more personal, convenient, and affordable. CVS Health is an affirmative action employer and an equal opportunity employer. We are committed to fostering a diverse, inclusive, and equitable workplace and encourage candidates from all backgrounds to apply, including veterans, reservists, National Guard members, military spouses, and individuals with disabilities.
Pay Range
The typical pay range for this role is:
$118,450.00 - $260,590.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
Additional details about available benefits are provided during the application process and on Benefits Moments.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.