Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.
Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.
Position Summary
The Endpoint Compliance and Hardening - Senior Manager is responsible for designing, implementing, and managing the Enterprise Security Policy Configuration Management and File Integrity Monitoring strategy to safeguard critical systems and data. This role ensures that file systems, file configuration changes, and secure hardening configurations are current and continuously monitored to protect against unauthorized modifications, contributing to the overall cybersecurity posture. The Endpoint Compliance and Hardening Senior Manager combines technical expertise with leadership skills to guide teams and align security operations with business objectives.
Key Responsibilities
Strategy and Leadership
Develop and manage the organization's file integrity monitoring and secure hardening configuration policy framework, ensuring alignment with security and business objectives.
Lead a team of configuration specialists, providing leadership, mentorship, and technical guidance.
Stay informed of emerging security threats, compliance requirements, and best practices related to secure configurations.
File Integrity Monitoring and Secure Hardening Configuration Management
Define and enforce File Integrity Monitoring policies and procedures to ensure the integrity of critical files and systems.
Lead the team to establish baselines for normal file states and monitor for unauthorized or suspicious changes.
Lead regular audits and reviews of FIM processes to identify and address gaps.
Define, implement, and maintain secure configurations for operating systems, databases, applications, and network devices (e.g., firewalls, routers).
Ensure consistent application of security baselines (e.g., CIS Benchmarks, NIST guidelines) across the enterprise.
Oversee the deployment, configuration, and management of File Integrity Monitoring tools and solutions (Qualys, Splunk, etc.).
Regularly review and update policies to reflect changes in the threat landscape or regulatory requirements.
Collaboration and Integration
Work closely with IT, DevOps, and Security Operations teams to ensure file integrity monitoring and secure hardening configuration policies are integrated into system and application lifecycles.
Partner with compliance and risk teams to ensure file integrity monitoring and secure hardening configurations meet regulatory standards (e.g., PCI DSS, HIPAA, SOX).
Provide guidance and support during internal and external audits.
Incident Detection and Response
Collaborate with Security Operations Center (SOC) and Incident Response teams to investigate file integrity monitoring alerts and security incidents.
Ensure proper logging, alerting, and reporting mechanisms are in place for timely detection and response.
Contribute to forensic investigations by providing detailed logs and evidence from FIM systems.
Monitoring and Reporting
Implement tools and processes to continuously monitor and enforce secure configurations (e.g., vulnerability scanners, configuration management tools).
Develop and deliver executive-level reports on compliance with configuration policies, including metrics on policy adherence and risk mitigation.
Lead root cause analysis and remediation efforts for configuration-related security incidents.
Continuous Improvement and Training
Promote a culture of security awareness and best practices within the organization.
Drive automation initiatives to streamline configuration management processes.
Provide training and resources to ensure teams understand and adhere to secure configuration policies.
Risk Prioritization and Management
Prioritize vulnerabilities based on risk assessments, considering factors such as exploitability and business impact.
Develop and maintain a risk-based approach to remediation to focus efforts on high-priority vulnerabilities.
Collaborate with threat intelligence teams to understand the context of vulnerabilities within the threat landscape.
Automation and Process Improvement
Automate continuous secure hardening configuration management scanning on build images before production deployment to proactively mitigate risks.
Maintain and update File Integrity Monitoring and Secure Hardening Configuration Management documentation on updated protective detection policies, remediation procedures and best practices.
Reporting and Communication
Provide regular updates to stakeholders on the status of remediation efforts and overall risk reduction.
Create detailed reports and dashboards for leadership, highlighting trends, risks, and compliance metrics.
Communicate technical findings and recommendations to both technical and non-technical audiences.
Compliance and Policy Enforcement
Ensure timely response to internal audit compliance evidence requests.
Ensure remediation efforts align with regulatory and compliance requirements (e.g., PCI DSS, SOX, HIPAA).
Support audit processes by providing documentation and evidence of remediation activities.
Enforce adherence to security policies and standards across teams.
Required Qualifications
7+ years of experience in vulnerability management, IT operations, or a related field
5+ years of experience with translating vulnerability risk information into actionable insights
5+ years of experience team leadership experience
5+ years of experience working with patch management systems and practices (e.g., WSUS, SCCM, JAMF)
Preferred Qualifications
Proficiency in operating systems (Windows, Linux) and understanding of network security principles
Knowledge of common vulnerabilities, CVE databases, and exploit frameworks
Experience with scripting languages and automation tools (e.g., Python, PowerShell, Ansible)
Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes)
Strong analytical and problem-solving abilities
Excellent organizational and project management skills
Effective communication skills to collaborate across teams and present findings
CompTIA Security+
CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker)
GIAC certifications (e.g., GSEC, GCIA, GPEN)
Education
Bachelor’s degree, or equivalent experience (HS diploma + 4 years relevant experience)
Business Overview
Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.
Pay Range
The typical pay range for this role is:
$118,450.00 - $284,280.00
This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company’s equity award program.
In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities. The Company offers a full range of medical, dental, and vision benefits. Eligible employees may enroll in the Company’s 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees. The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners. As for time off, Company employees enjoy Paid Time Off (“PTO”) or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies.
For more detailed information on available benefits, please visit Benefits | CVS Health
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.