Junior Information Security Engineer

Junior Information Security Engineer at CVS Health

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary

We are looking for a Junior Information Security Engineer who is eager to learn, grow, and help build secure and reliable systems. This role is ideal for someone with a foundational understanding of security principles, some hands‑on coding experience, and a strong interest in developing skills across application, cloud, data, and network security. You’ll work alongside experienced engineers and gain exposure to modern technologies and real‑world security practices.

What You'll Do

• Help develop and maintain engineering and data security policies and standards.
• Contribute to security awareness efforts across the organization.
• Support Engineering and Business teams in applying secure engineering practices.
• Assist with application security reviews and participate in security discussions.
• Learn how to integrate security into each stage of the software development lifecycle.
• Assist in configuring and analyzing security tools across cloud and on‑prem environments.
• Support security testing, vulnerability analysis, and documentation.
• Participate in an on‑call rotation with guidance and mentorship.
• Help develop incident response procedures and learn recovery strategies.

Required Qualifications

• 1–2 years of experience developing or deploying security technologies (internships and academic projects count).
• Familiarity with modern software development practices and CI/CD pipelines.
• Experience using vulnerability scanning tools (SAST, SCA, mobile scanning, API scanning) and handling basic remediation.
• Foundational understanding of public cloud platforms (AWS, Azure, or GCP) and core network security concepts.
• Exposure to Docker, Kubernetes, Security‑as‑Code, or Infrastructure‑as‑Code tools.
• Experience with at least one programming or scripting language (Java, Python, C#, JavaScript, Shell, PowerShell, etc.).
• Interest in data protection, encryption, and privacy regulations (GDPR, CCPA).

Preferred Qualifications

• Familiarity with cloud architecture concepts.
• Understanding of networking fundamentals and software‑defined networking (SDN).
• Ability to read or create basic network, sequence, or data flow diagrams.
• Awareness of the OWASP Application Security Verification Standard (ASVS).
• Experience collaborating with remote or distributed teams.
• Knowledge of compliance frameworks such as HIPAA, HITRUST, PCI, NIST, or CSA.
• Exposure to security tools like GitHub Advanced Security, CodeQL, Checkmarx, or Snyk.
• Interest in building resilient, fault‑tolerant systems in cloud environments.

Education

A Bachelor’s degree in Computer Science, Software Development, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required.

Benefits & Culture

CVS Health offers a comprehensive and competitive mix of pay and benefits, investing in the physical, emotional, and financial wellness of its colleagues. Benefits include affordable medical plan options, a 401(k) plan with company contributions, an employee stock purchase plan, wellness programs, confidential counseling, financial coaching, paid time off, flexible work schedules, family leave, and tuition assistance. The company is committed to fostering a workplace where every colleague feels valued and belongs, helping to simplify healthcare one person, one family, and one community at a time.

Key skills/competency

• Information Security
• Cloud Security
• Application Security
• Vulnerability Management
• CI/CD Security
• Data Protection
• Network Security
• Scripting/Programming
• Incident Response
• Compliance Frameworks