Senior Manager - Application Security Engineering
Harrisburg, Dauphin County, Pennsylvania, 17124, USA
Listed on 2026-07-14
-
IT/Tech
Cybersecurity, Security Management & Operations
We’re building a world of health around every individual – shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable, and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care, one person, one family, and one community at a time.
PositionSummary
CVS Health is seeking a Senior Manager, Application Security Engineering to lead enterprise application security, vulnerability management, secure software delivery, and security engineering capabilities across a complex technology environment. Within the Cybersecurity organization, this leader will be responsible for managing and advancing application security programs that help protect CVS Health applications and technology platforms throughout the software development lifecycle. The role will partner closely with Engineering, Architecture, Infrastructure, Product, Risk, Compliance, and Cybersecurity teams to integrate security into development processes and support secure delivery of business solutions.
The Senior Manager will lead a team responsible for application security engineering, vulnerability management, software supply chain security, security automation, and developer security enablement. This role will oversee security standards, tooling, governance, risk reduction activities, and operational processes that support enterprise technology portfolios and strategic initiatives, including Health 100. Additionally, this leader will help build and scale security capabilities that improve developer adoption, increase automation, strengthen secure software development practices, and support enterprise Dev Sec Ops initiatives.
This is a U.S.
-based remote position. Candidates must reside within the United States.
- Lead the design, implementation, and governance of enterprise application security programs, secure development standards, and software supply chain security practices.
- Establish security requirements, security definitions of done, launch readiness criteria, and automated controls that enable secure software delivery across cloud‑native, hybrid, and legacy environments.
- Drive adoption of secure coding practices and developer‑focused security capabilities across enterprise engineering organizations.
- Oversee the end‑to‑end vulnerability management lifecycle, including identification, prioritization, remediation, exception management, validation, and reporting.
- Establish operational metrics, service level objectives, governance processes, and executive reporting mechanisms that drive accountability and measurable risk reduction.
- Lead enterprise response efforts for critical and zero‑day vulnerabilities, including risk assessment, stakeholder communication, remediation coordination, and executive reporting.
- Drive adoption of modern security technologies and Dev Sec Ops capabilities, including SAST, SCA, container security, secrets management, software bill of materials (SBOM), and software supply chain security solutions.
- Lead automation of security controls within CI/CD pipelines to improve operational efficiency, strengthen risk mitigation, and accelerate secure software delivery.
- Evaluate, implement, and optimize application security, cloud security, and software supply chain security technologies across on‑premises, cloud, and hybrid environments.
- Assess and adopt emerging technologies, including AI‑powered security and developer productivity solutions, that improve security outcomes and operational effectiveness.
- Lead and develop a high‑performing team of security professionals while fostering a culture of technical excellence, accountability, innovation, and continuous improvement.
- Build and scale security programs that drive developer adoption, self‑service security capabilities, and Dev Sec Ops maturity…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).