Company Overview
CVS Health is the leading health solutions company, delivering care like no one else can. We reach more people and improve the health of communities across America through our local presence, digital channels and over 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists, nurses and nurse practitioners. Wherever and whenever people need us, we help them with their health – whether that’s managing chronic diseases, staying compliant with their medications or accessing affordable health and wellness services in the most convenient ways. We help people navigate the health care system – and their personal health care – by improving access, lowering costs and being a trusted partner for every meaningful moment of health. And we do it all with heart, each and every day. Follow @CVSHealth on social media.
About the job
Bring your heart to CVS Health.
Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.
Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.
Position Summary
The Senior Security Engineer, Mobile Security is responsible for ensuring the security of mobile applications, devices, and platforms within the organization. This role involves designing, implementing, and maintaining mobile security solution and preventative security policies to protect against threats, secure data, and ensure compliance with security standards while supporting business operations. The ideal candidate will possess expertise in mobile app security, device management, threat detection technologies, and collaboration with cross-functional teams to protect the organization’s sensitive information.
Key Responsibilities
Mobile Security Strategy and Implementation
Working in CrowdStrike among other areas to design and implement mobile security policies, standards, and solutions for mobile devices (iOS, Android).
Assess and secure mobile devices (iOS, Android) and their associated management platforms (e.g., Mobile Device Management (MDM), Enterprise Mobility Management (EMM)).
Collaborate with development teams to integrate security best practices into mobile application development lifecycles.
Stay informed about emerging mobile security threats, technologies, and best practices to continually enhance the program.
Implement solutions for monitoring, detecting, and analyzing mobile threats vulnerabilities, and attack vectors. on mobile platforms.
Collaborate with the Incident Response team to investigate and remediate mobile security incidents.
Conduct root cause analysis and implement preventive measures.
Investigate and respond to mobile security incidents, implementing remediation measures.
Policy and Compliance
Develop and enforce policies for secure mobile device usage, including BYOD (Bring Your Own Device) programs.
Ensure mobile security practices comply with relevant regulatory standards (e.g., GDPR, HIPAA, PCI DSS).
Conduct regular security assessments and audits to validate compliance and identify risks.
Work with developers to implement security controls such as encryption, secure authentication, and secure APIs.
Stay updated on emerging mobile app security frameworks and tools (e.g., OWASP Mobile Security Project).
Ensure compliance with corporate and regulatory requirements across mobile endpoints.
Research and recommend tools and technologies to enhance mobile security posture.
Maintain awareness of and ensure adherence to industry regulations (e.g., GDPR, HIPAA).
Prepare security documentation, including risk assessments, technical reports, and compliance audits.
Generate reports on mobile security metrics, incidents, remediation efforts and program effectiveness to executive leadership.
Collaboration and Training
Work closely with IT, application development, and business teams to integrate mobile security into projects and workflows.
Provide training and awareness programs for employees on secure mobile practices.
Continuous Improvement and Innovation
Lead initiatives to automate mobile security processes and reduce manual intervention.
Explore emerging technologies like mobile threat defense (MTD) and biometric authentication to enhance mobile security.
Promote a culture of security awareness and proactive risk management.
Required Qualifications
5+ years of experience in cybersecurity with a focus on mobile security engineering
3+ years of experience with CrowdStrike Falcon EDR
3+ years of experience with mobile operating systems (Android, iOS) and their security architectures
3+ years of experience with MDM/EMM platforms like Microsoft Intune, Jamf, or VMware Workspace ONE
Preferred Qualifications
Detail-oriented and capable of managing multiple priorities in a fast-paced environment
Knowledge of programming languages used in mobile app development (e.g., Swift, Kotlin, Java)
Familiarity with API security, data encryption, and secure communication protocols
Solid understanding of cybersecurity principles and mobile security best practices
Familiarity with security frameworks like OWASP Mobile Security Top 10 and CIS Benchmarks
Knowledge of threat modeling and secure coding practices for mobile applications
CISSP (Certified Information Systems Security Professional)
GIAC Mobile Device Security Analyst (GMOB)
CrowdStrike Falcon Certified Falcon Administration (CCFA)
Education
Bachelor’s degree, or equivalent experience (HS diploma + 4 years relevant experience)
Pay Range
The Typical Pay Range For This Role Is
$101,970.00 – $222,480.00
How to Apply:
APPLY