View All Jobs/Careers

Job Information

Aetna Info Security Advisor Ethical Hacker/Penetration Tester - 65751BR in Phoenix, Arizona

Req ID: 65751BR

Job Description

  • Work at home opportunity anywhere in the US for the right candidate.

We are looking for someone who is a motivated and keenly interested in the security of applications. Someone willing to speak up, present, and collaborate as needed. Especially when it comes to application security or our application security program. The Information Security Advisor will be part of an experienced team of skilled penetration testers. You ll participate in all phases of penetration testing as well as other individual and team based work all focused on the information security of our enterprise. This is an exciting opportunity for an appropriately experienced penetration tester to work with our application security team.

Be a part of our team!

Fundamental Components included but are not limited to:

  • 100% Work at Home from any location in the United States.

  • We invest in your career development.

  • CVS has extensive Internet presence.

  • Protect money movement, Healthcare and other sensitive consumer information.

  • Be a part of transforming Healthcare in America.

  • Be a part of expanding opportunities to test Application Programming Interfaces (APIs), cloud, Industrial Control Systems (ICS) and Internet of Things (IoT).

  • Collaborate with many other bright and experienced security professionals, application developers and data scientists.

  • We proudly support and encourage people with military experience (active, veterans, reservists and National Guard) as well as military spouses to apply for CVS Health job opportunities.

  • We care about protecting our planet!

Qualifications Requirements and Preferences:

  • Understanding of and experience with other types of vulnerabilities such as in binary executables, mobile, cloud, Industrial Control Systems (ICS) and Internet of Things (IoT) is a plus.

  • Participation in Capture the Flags (CTFs), Bug Bounties, and open source projects as well as publication of Common Vulnerabilities and Exposures (CVEs), security advisories, exploits, and custom testing tools or scripts receives special consideration.

  • Governance/execution over risk assessment/risk advisory process and tools of CVS Health assets.

  • Represent team through communications/meetings with auditors and regulators during compliance and regulatory reviews.

  • Contributing by identifying roadmaps, tuning, and improvement opportunities for the team – Proactively identifying opportunities to mature processes and control requirements.

  • Partner with infrastructure teams and affiliates to implement processes and technology to support control requirements – Maintain control standard requirements.

  • Proven experience driving implementation of a tool or process.

  • Experience working with teams in large complex environments and contractors.

  • Willingness to perform work some evenings/overnights/weekends as needed for planned penetration testing activity. (not typical).

  • Ability to execute on a task and improve the process for executing that task.

  • Strong written and verbal communication skills required to communicate findings to developers in a fashion that facilitates remediation of those vulnerabilities. (Adequately explains, presents, demonstrates [when applicable], and documents the operational impact of a particular vulnerability/exploit.)

  • Background demonstrates an evolving information technology skillset with an interest in penetration testing and information security.

  • The candidate should be able to assess web applications using automated and manual techniques to identify web application vulnerabilities.

  • Level of experience should be commensurate with that required to test in PRODUCTION when necessary.

  • Deep understanding of web technologies and programming languages such as ASP.NET, Java, and JavaScript.

  • Experience with Burp Suite and one or more security scanning products.

  • Understanding of the entire taxonomy of web application security vulnerabilities, and experience with exploitation of web application vulnerabilities.

  • ​Willing to change, willing to be flexible, and ready to adapt (new roles, responsibilities, methodologies, procedures, etc.) as needed given the dynamic state of information/application security.

#LI-DI1

Benefit Eligibility

Benefit eligibility may vary by position. Click here to review the benefits associated with this position.

Job Function: Information Technology

Aetna is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veterans status.

DirectEmployers