Staff Security Engineer, Threat Hunting

At CVS Health, we're building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation's leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues - caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Job Description:

The CVS Threat Hunting team's mission is to proactively discover, document, and report evidence of previously undetected threats on enterprise networks, servers, workstations, and network devices. Through investigation of the environment, the Threat Hunting teams goals is to reduce dwell time of adversaries and thus reduce their impact on the organization, and directly enhance incident detection capabilities through advanced analysis techniques, both human-driven and automated.

CVS is looking for a results-driven Threat Hunter to join our growing cybersecurity team. In this role, you will take a proactive approach to identifying, analyzing, and mitigating cyber threats before they can cause significant damage to our organization. As a Threat Hunter, you will actively seek out threats advanced and simple across our infrastructure, leveraging tools, threat intelligence, and in-depth knowledge of attack techniques to identify potential risks. Unlike traditional security operations roles, this position focuses on actively hunting for threats that may evade automated defenses or go unnoticed by conventional detection methods.

This role is ideal for someone with a deep understanding of cybersecurity, who thrives in a collaborative environment and enjoys the challenge of solving complex security puzzles. You will be an essential part of a forward-thinking security operations team, helping to continually evolve our threat detection capabilities, improve response times, and ultimately protect the integrity of our critical systems and sensitive data. If you're passionate about staying ahead of emerging threats and have a penchant for proactive defense, we want to hear from you.

Key Responsibilities:

• Proactively identify, hunt, and investigate advanced threats and attacks within the organization's networks and endpoints.
• Analyze large volumes of data from various sources to identify suspicious activities and anomalous behavior patterns.
• Develop and implement custom detection rules, hunting strategies, and automation to detect complex, hidden threats.
• Collaborate with incident response teams to investigate and mitigate security incidents, ensuring timely and effective remediation.
• Conduct deep-dive forensic analysis and threat intelligence research to understand the tactics, techniques, and procedures (TTPs) of threat actors.
• Provide mentoring and guidance to junior threat hunters and cybersecurity staff.
• Stay up to date with the latest cybersecurity threats, trends, and technologies to continuously enhance detection capabilities.
• Document findings, create reports, and present actionable insights to stakeholders, including leadership teams.
• Develop and improve threat-hunting playbooks, processes, and methodologies.

Required Qualifications:

• 5+ years of experience in a cybersecurity role, with a strong focus on threat hunting, incident response, or advanced threat detection.
• 5+ years of experience with analyzing attack vectors, utilizing intrusion detection systems (IDS), endpoint detection and response (EDR) tools, SIEM, and other security technologies.
• 2+ years of proficiency with scripting languages (Python, PowerShell, etc.) for automation and analysis tasks.
• 2+ years of experience with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK, STIX/TAXII).
• 3+ years of experience conducting analysis, with the ability to identify patterns and correlations within large datasets.
• 1+ years of experience with malware analysis, reverse engineering, and common exploit techniques.

Preferred Qualifications:

• Strong communication skills, both written and verbal, with the ability to present technical findings to non-technical stakeholders.
• Ability to work in an evolving environment while managing multiple priorities.

• Relevant certifications such as Certified Ethical Hacker (CEH), GIAC Cyber Threat Intelligence (GCTI), Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC).
• 2+ years of experience with cloud security (AWS, Azure, Google Cloud Platform).
• Familiarity with network traffic analysis and protocols (e.g., DNS, HTTP, SSL/TLS).
• Knowledge of advanced malware techniques and/or reverse engineering.

Education:

• Bachelor's degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$142,140.00 - $284,280.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above. This position also includes an award target in the company's equity award program.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits - investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan.
• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.
• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit ;br>
We anticipate the application window for this opening will close on: 05/07/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.