Posted in

Senior Security Engineer – Remediation Support

Senior Security Engineer – Remediation Support

CompanyCVS Health
LocationHartford, CT, USA
Salary$101970 – $203940
TypeFull-Time
Degrees
Experience LevelSenior

Requirements

  • 5+ years of experience in cybersecurity, IT operations, or vulnerability management roles.
  • 5+ years of experience working with vulnerability scanning and management tools (e.g., Qualys, Tenable, Rapid7).
  • 3+ years supporting audit or regulatory assessments (e.g., SOC 2, HITRUST, PCI, internal audit).
  • 2+ years of experience responding to external customer assurance or due diligence requests.
  • 2+ years of experience with security policies, control standards, and control attestation processes.

Responsibilities

  • Own the creation, maintenance, and periodic updates of policies and control standards related to the vulnerability management program.
  • Respond to support and attestation requests involving team-owned controls and ensure alignment with enterprise policy requirements.
  • Own intake and fulfillment of external customer requests for vulnerability remediation status, program posture, and evidence of security controls.
  • Collaborate with audit teams, control owners, and engineering stakeholders to gather, review, and deliver timely evidence packages and formal responses.
  • Manage any resulting Management Action Plans (MAPs) and track remediation commitments through resolution.
  • Serve as the primary point of contact for internal and external audits related to the enterprise vulnerability management program (e.g., SOC 2, HITRUST, PCI, internal audit, gap assessments).
  • Triage and track externally reported vulnerabilities, engage responsible teams, and ensure timely technical resolution.
  • Drive remediation of PCI vulnerabilities across the enterprise.
  • Lead and manage vulnerability remediation efforts in support of the HS/PCW and HCB annual assessments.
  • Satisfy monthly BAU requests (ASV scans, internal vuln scans, HS/PCW ASV scans, HCB ACS scans).

Preferred Qualifications

  • Strong understanding of audit processes and security control frameworks (e.g., NIST CSF, ISO 27001, PCI DSS)
  • Experience managing evidence collection, validation, and coordination across large, complex environments
  • Excellent written communication skills with the ability to tailor messaging to technical and non-technical audiences
  • Ability to build relationships with internal teams, control owners, and external assessors
  • Comfortable working in fast-paced environments with shifting priorities and tight deadlines
  • Familiarity with vulnerability prioritization and remediation tracking concepts
  • Experience creating and maintaining policy documents or technical standards
  • Familiarity with enterprise cloud environments and associated compliance risks