Technical Security Analyst

CVS Health•Prior Lake, VA

About The Position

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time. We are seeking an early-career Analyst to support our enterprise information security program. In this role, your hands-on security engineering or network security background will aid you in translating technical security risks into clear business impacts, advising stakeholders on pragmatic risk treatments, and helping to implement and validate security controls across networks, endpoints, and cloud. You’ll partner with IT, product, and business teams to assess threats, identify control gaps, recommend remediation options. The ideal candidate communicates effectively with both technical and non-technical audiences, and is energized by helping the business make informed, risk-based decisions.

Requirements

2+ years of professional experience in cybersecurity with emphasis in network security and/or security engineering (e.g., cloud, firewalls, IDS/IPS, endpoint protection, vulnerability management, logging/monitoring).
Demonstrated experience conducting or supporting risk assessments (e.g., asset/context discovery, threat & likelihood analysis, control gap identification, residual risk estimation) and documenting outcomes in clear, actionable language.
Familiarity with common security frameworks/controls (e.g., NIST CSF/800-53/800-30, ISO 27001/27002, CIS Critical Security Controls) and ability to map findings to these references.
Working knowledge of network fundamentals (TCP/IP, routing, segmentation, DNS, TLS), identity and access management, and secure configuration baselines.
Ability to write clear advisory reports and present risk/controls to stakeholders; strong documentation habits (runbooks, diagrams, tickets).
Experience collaborating with IT or engineering teams to implement and validate controls (e.g., compensating controls, segmentation changes, logging enrichment).
Bachelor’s degree in Information Security, Computer Science, Information Systems, Engineering, or a related field or equivalent hands-on experience in cybersecurity/security engineering.
Continued professional development through training, labs, capture-the-flag, or home lab projects is a plus and can substitute for formal education where appropriate.

Nice To Haves

Experience facilitating or contributing to risk registers, exception/acceptance processes, and risk treatment plans with measurable milestones.
Familiarity with privacy & data protection concepts (e.g., data classification, retention, DLP controls) and regulatory drivers (e.g., SOX/PCI/HIPAA/GLBA as applicable).
Knowledge of DevSecOps practices (e.g., secrets management, SAST/DAST, SBOMs, CI/CD guardrails).
Contribution to security awareness or secure-by-design initiatives.
Relevant certifications (e.g., Security+, Network+, Cloud Fundamentals) or equivalent practical experience.

Benefits

Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume