Senior Application Security Engineer - Dast

We are looking for someone who is motivated and keenly interested in the security of applications. Someone willing to speak up, present, and collaborate as needed. Especially when it comes to application security within CVS Health’s application security program. You will be a senior member of the application security team contributing to and executing improvements that impact the entire program as well as the completion of individual contributor tasks. Your primary focus will be dynamic application security testing. Not only will you be executing dynamic application security testing, you’ll also work with management representing the program to CVS Health. Your direct peers will be skilled Penetration Testers and those executing Red Team Simulations. You will also have peers on a broader application security team with a focus on maintaining and improving enterprise security through the implementation of a secure software development lifecycle. This is an exciting opportunity for an appropriately experienced individual to join our application security team.
Primary Job Duties and Responsibilities:

• Validate all defects identified through testing
• DAST Reporting with due diligence (findings management, tracking, true/false positive analysis, etc)
• DAST Dashboarding/reporting/Key Performance Indicators/Key Risk Indicators
• Authoring, Improving, and Managing DAST Documentation (GIT, etc.)
• DAST Training/DAST Program Training
• Dynamic Application Security Testing (DAST)
• Validate all defects remediate
• DAST Program Contributor and Lead
• Assist developers with understanding of security defects

Pay Range
The typical pay range for this role is:
Minimum: 115,000
Maximum: 230,000
Please keep in mind that this range represents the pay range for all positions in the job grade within which this position falls. The actual salary offer will take into account a wide range of factors, including location.
Required Qualifications
8 years prior relevant experience in IT, Security, Professional Development, Leadership experience

• 3+ years of experience of contributing by tuning and improving the DAST program – Proactively identifying opportunities to mature processes and control requirements.
• 5 years of Dynamic Application Security Testing (DAST) or relevant experience
• 3+ years of experience of performing independently the analysis of each test target, properly configure within one or more testing tools, and execute DAST
• Able to independently perform DAST upon hire.
• 3+ years of performing independent post testing analysis to validate complete and successful testing

Preferred Qualifications

• Strong written and verbal communication skills (highly preferred)

• Pen Test Experience
• Deep understanding of common application security vulnerabilities and attack vectors
• Tool experience:
• Development background – Professional application development
• Experience implementing automation in support of DAST
• Experience Coding for automation
• Qualys WAS/ HCLAppScan/ BurpSuitePro/ ZAP/Rapid7/ Whitehat Sentinel/ Acunetix/ Invicti/ Veracode Dynamic Analysis/GitLab Ultimate/etc.

-Familiar with common Secure SDLC methodology, controls, and tools. -DAST Tool Certifications

• Pen Test Certification

Education
Bachelor's Degree (Highly preferred ) Or Equivalent Experience
Business Overview
Bring your heart to CVS Health Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver. Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable. We strive to promote and sustain a culture of diversity, inclusion and belonging every day. CVS Health is an affirmative action employer, and is an equal opportunity employer, as are the physician-owned businesses for which CVS Health provides management services. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law. We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.