At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.
As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

POSITION SUMMARY

As a Senior SOAR (Security Orchestration, Automation and Response) Developer, you will be responsible for automating and accelerating the analysis and response workflow of the Security Operations Center. Within the large network environment of CVS Health, the Security Operations Center is tasked with providing security analysis across a wide scope throughout the enterprise. The goal of a SOAR Developer is to alleviate the time-consuming tasks of an analyst and improve processes. Here at CVS, we have a complex layered approach to security for our many different lines of business. This role is expected to adapt to changing requirements and suggest improvements to the enterprise’s security posture.

Responsibilities of the Senior SOAR Developer include:

• Familiarizing themselves with the capabilities of each tool in our security stack
• Understanding the standard operating procedures of the SOC and the actions required to accomplish SOC objectives
• Programmatically retrieving and presenting relevant information from several resources such as SIEMs, ITSM, Databases, Email, and Cloud Storage
• Working with security operations teams to enhance case management, improve communication between teams, and provide appropriate incident escalation paths

Skills and Abilities:

• Strong understanding of common information security roles and responsibilities (IR, Threat Intel, SOC, Insider Threat)
• Experience working within a project management driven environment
• Drive process improvements with engineering, product, and cloud infrastructure teams.
• Providing descriptive documentation to leadership of the steps taken to automate specific tasks.
• SOAR Platform development using an SDK to build custom functionality
• Familiarity with several API authentication methodologies and common security standards
• Ability to understand and troubleshoot programming languages and modules/libraries commonly used with REST APIs
• Working with a variety of SaaS, hybrid and on-prem tooling and teams
• Deep understanding of major cloud providers and their REST APIs
• Knowledge of common version control standards and systems

REQUIRED QUALIFICATIONS

• 5+ years of total experience working with stakeholders/customers to deliver their needs
• 2+ years of experience programming with JavaScript, Python, SQL, HTML/CSS, etc
• 1+ years of Information Security experience
• Diverse knowledge of the following security-related technologies in a professional or academic setting: Intrusion Prevention Systems, Web Proxies, Firewalls, Web application scanner, Sandboxes, Vulnerability Scanners, Malware Research or Forensics Tools

PREFERRED QUALIFICATIONS

• Prior security operations experience
• Knowledge in cloud computing and cloud technologies
• Specifically certified by a SOAR vendor
• One or more certifications, including but not limited to CCSP, CCSK, GCIH, GPYC, GCIA, GREM, GCFA, GSEC, CISSP, AWS, Microsoft Azure Security Engineer, Google Cloud Security Engineer
• or equivalent.
• Strong knowledge of operating system architecture (Windows, UNIX, Linux)

EDUCATION

Bachelor degree from accredited university or equivalent work experience (HS diploma + 4 years relevant experience)

• Familiarizing themselves with the capabilities of each tool in our security stack
• Understanding the standard operating procedures of the SOC and the actions required to accomplish SOC objectives
• Programmatically retrieving and presenting relevant information from several resources such as SIEMs, ITSM, Databases, Email, and Cloud Storage
• Working with security operations teams to enhance case management, improve communication between teams, and provide appropriate incident escalation path