Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.
Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.
Position Summary
The Senior Vulnerability Remediation Engineer is responsible for coordinating and implementing solutions to mitigate and remediate vulnerabilities in the organization’s IT infrastructure. This role works closely with security teams, IT, and application developers to prioritize remediation efforts, ensure timely resolution, and strengthen the organization's security posture. The ideal candidate combines technical expertise with project management skills to drive effective remediation processes.
Key Responsibilities
Vulnerability Remediation Coordination
Collaborate with vulnerability management teams to review identified vulnerabilities and assess risk levels.
Work with IT operations, development, and security teams to develop and implement remediation plans.
Track progress on remediation efforts and ensure timely resolution of critical vulnerabilities.
Technical Analysis and Solution Implementation
Analyze vulnerability scan results to identify root causes and recommend effective mitigation techniques.
Implement technical fixes such as patch deployment, configuration adjustments, or workaround solutions.
Validate remediation efforts by re-scanning systems and verifying successful mitigation.
Risk Prioritization and Management
Prioritize vulnerabilities based on risk assessments, considering factors such as exploitability and business impact.
Develop and maintain a risk-based approach to remediation to focus efforts on high-priority vulnerabilities.
Collaborate with threat intelligence teams to understand the context of vulnerabilities within the threat landscape.
Automation and Process Improvement
Identify opportunities to automate remediation processes using tools like Ansible, PowerShell, or Python.
Enhance vulnerability management workflows to improve efficiency and reduce manual intervention.
Maintain and update documentation on remediation procedures and best practices.
Reporting and Communication
Provide regular updates to stakeholders on the status of remediation efforts and overall risk reduction.
Create detailed reports and dashboards for leadership, highlighting trends, risks, and compliance metrics.
Communicate technical findings and recommendations to both technical and non-technical audiences.
Compliance and Policy Enforcement
Ensure remediation efforts align with regulatory and compliance requirements (e.g., GDPR, PCI DSS, HIPAA).
Support audit processes by providing documentation and evidence of remediation activities.
Enforce adherence to security policies and standards across teams.
Required Qualifications
5 + years of experience in vulnerability management, IT operations, or cyber security field
5+ years of working knowledge and understanding of patch management systems and practices (e.g., WSUS, SCCM, JAMF)
Preferred Qualifications
Proficiency in operating systems (Windows, Linux) and understanding of network security principles
Knowledge of common vulnerabilities, CVE databases, and exploit frameworks
Experience with scripting languages and automation tools (e.g., Python, PowerShell, Ansible)
Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes)
Strong analytical and problem-solving abilities
Excellent organizational and project management skills
Effective communication skills to collaborate across teams and present findings
CompTIA Security+
CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker)
GIAC certifications (e.g., GSEC, GCIA, GPEN)
Education
Bachelor’s degree, or equivalent experience (HS diploma + 4 years relevant experience)
Business Overview
Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.
Pay Range
The typical pay range for this role is:
$92,700.00 - $222,480.00This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.
In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities. The Company offers a full range of medical, dental, and vision benefits. Eligible employees may enroll in the Company’s 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees. The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners. As for time off, Company employees enjoy Paid Time Off (“PTO”) or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies.
For more detailed information on available benefits, please visit Benefits | CVS Health
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.