Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand - with heart at its center - our purpose sends a personal message that how we deliver our services is just as important as what we deliver.

Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.

Position Overview

As an integral part of penetration testing service delivery, this individual contributor role is responsible for managing and overseeing the efficient delivery of dynamic adversarial testing services such as application and infrastructure penetration tests, red team exercises and web application scans. This role will ensure that all engagements are executed effectively, efficiently and meet stakeholder expectations. This IC role shall ensure that penetration testing requests are properly scoped, completed on time and meet the highest quality of service delivery.

• Oversee end-to-end delivery of services offered by the penetration testing team.
• Ensure service is provided on time, within scope and exceeds stakeholder expectations.
• Develop and manage plans, schedules and ensure quality of deliverables.
• Act as the primary point of stakeholder contact for the entire duration of the service delivery lifecycle.
• Build and nurture strong relationships with internal and external stakeholders.
• Ensure highest standards are maintained for all aspects of service.
• Review and approve the service deliverables such as reports before delivery to stakeholders.
• Help implement and maintain quality assurance processes and procedures.
• Ensure all reported vulnerabilities are recorded and tracked in the vulnerability tracking system.
• Monitor and report on service delivery process and risk metrics for senior leadership.
• Maintain accurate record of testing activities and essential interactions.
• Ensure evidence recording and retention for remediated vulnerabilities.
• Trigger issue management processes for issues for policy violations and SLA misses.
• Orchestrate report read-out calls with all project stakeholders.
• Interface with Remediation Support and ensure vulnerability and project status is up-to-update.
• Initiate timely onboarding and offboarding procedures for the vendors.
• Orchestrate access provisioning and deprovisioning for the testers.

• 5+ years of experience in a technical security role.
• Advanced understanding of adversarial security assessment process and methods.
• A reasonable knowledge of application and infrastructure vulnerabilities and risk mitigating controls.
• Ability to interface and act as a bridge between technical and non-technical stakeholders.
• Ability to manage multiple service requests and testing engagements.
• Excellent communication and interaction skills.
• Self-starter and capable individual contributor.

• Security certifications highly desired
• Security and operations background is a plus
• Knowledge of programming languages/ scripting tools including Python, Shell scripts
• Be able to use APIs and automate for improved visibility & process improvement.
• Team player comfortable working in a dynamic environment
• Ability to document and explain technical details in a concise, understandable manner
• Bachelor's degree in computer science, information security, or a related field.