Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand - with heart at its center - our purpose sends a personal message that how we deliver our services is just as important as what we deliver.

Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.Position SummaryThe Senior Security Engineer, Mobile Security is responsible for ensuring the security of mobile applications, devices, and platforms within the organization. This role involves designing, implementing, and maintaining mobile security solution and preventative security policies to protect against threats, secure data, and ensure compliance with security standards while supporting business operations. The ideal candidate will possess expertise in mobile app security, device management, threat detection technologies, and collaboration with cross-functional teams to protect the organization's sensitive information.

• Design and implement mobile security policies, standards, and solutions for mobile devices (iOS, Android) and mobile applications to safeguard organizational data and applications.
• Assess and secure mobile devices (iOS, Android) and their associated management platforms (e.g., Mobile Device Management (MDM), Enterprise Mobility Management (EMM)).
• Collaborate with development teams to integrate security best practices into mobile application development lifecycles.
• Stay informed about emerging mobile security threats, technologies, and best practices to continually enhance the program.
• Implement solutions for monitoring, detecting, and analyzing mobile threats vulnerabilities, and attack vectors. on mobile platforms.
• Collaborate with the Incident Response team to investigate and remediate mobile security incidents.
• Conduct root cause analysis and implement preventive measures.
• Investigate and respond to mobile security incidents, implementing remediation measures.

• Develop and enforce policies for secure mobile device usage, including BYOD (Bring Your Own Device) programs.
• Ensure mobile security practices comply with relevant regulatory standards (e.g., GDPR, HIPAA, PCI DSS).
• Conduct regular security assessments and audits to validate compliance and identify risks.
• Work with developers to implement security controls such as encryption, secure authentication, and secure APIs.
• Stay updated on emerging mobile app security frameworks and tools (e.g., OWASP Mobile Security Project).
• Ensure compliance with corporate and regulatory requirements across mobile endpoints.
• Research and recommend tools and technologies to enhance mobile security posture.
• Maintain awareness of and ensure adherence to industry regulations (e.g., GDPR, HIPAA).
• Prepare security documentation, including risk assessments, technical reports, and compliance audits.
• Generate reports on mobile security metrics, incidents, remediation efforts and program effectiveness to executive leadership.

• Work closely with IT, application development, and business teams to integrate mobile security into projects and workflows.
• Provide training and awareness programs for employees on secure mobile practices.

• Lead initiatives to automate mobile security processes and reduce manual intervention.
• Explore emerging technologies like mobile threat defense (MTD) and biometric authentication to enhance mobile security.
• Promote a culture of security awareness and proactive risk management.

• 5+ years of experience in cybersecurity with a focus on mobile security engineering or application security
• 3+ years of experience with mobile operating systems (Android, iOS) and their security architectures
• 3+ years of experience with MDM/EMM platforms like Microsoft Intune, Jamf, or VMware Workspace ONE
• 3+ years of experience with mobile app security tools including Burp Suite. OWASP ZAP and MobSF nice to have

• Detail-oriented and capable of managing multiple priorities in a fast-paced environment
• Knowledge of programming languages used in mobile app development (e.g., Swift, Kotlin, Java)
• Familiarity with API security, data encryption, and secure communication protocols
• Solid understanding of cybersecurity principles and mobile security best practices
• Familiarity with security frameworks like OWASP Mobile Security Top 10 and CIS Benchmarks
• Knowledge of threat modeling and secure coding practices for mobile applications
• CISSP (Certified Information Systems Security Professional)
• GIAC Mobile Device Security Analyst (GMOB)
• Crowdstrike Falcon Certified Falcon Administration (CCFA)