Principal Application Security Engineer - Threat Research

CVS Health

Remote

Quick summary

Work type: Remote
Location: New York, NY
Salary: $144,200–$288,400 / yr
Posted: 2 days ago
Closes: Jun 18, 2026

Market check

Salary context

Above market

How this pay compares to similar roles

Similar $180k

This role $216k

$113k most similar roles pay here $307k

This role pays more than 79% of similar roles. Most pay $147,250–$213,250 — the shaded band above. At the midpoint, this role pays about $216k versus about $180k for comparable roles.

Based on 239 similar postings.

Employer

About CVS Health

CVS Health is a leading American healthcare company operating retail pharmacies, pharmacy benefit management services, and a health insurance segment through Aetna, one of the nation''s largest health insurers. Industry: Healthcare & Pharmacy

CVS Health currently has 156 open roles on FindRole.

Listed pay typically runs $118,450–$260,590 across 152 roles with salary data.

Most-posted roles

View all roles at CVS Health

At a glance

TL;DR · Principal Application Security Engineer - Threat Research

Apply Now Log in to save

The Principal Application Security Engineer – Threat Research role is a senior position within the healthcare technology security team, focusing on embedding advanced security practices into development pipelines and ensuring resilience across complex environments. This engineer will develop and enforce comprehensive security policies, collaborate with engineering and business teams to integrate secure practices, analyze and configure multi-cloud security solutions, and lead incident response efforts while fostering a culture of continuous improvement through mentorship and training. The ideal candidate has extensive experience in deploying security technologies, programming languages like Java or Python, public cloud environments, Docker, Kubernetes, and WAF implementations, along with expertise in vulnerability analysis and compliance with data protection regulations such as GDPR and CCPA. This role requires deep knowledge of healthcare-specific security challenges and a commitment to advancing the field through research and community engagement.

Skills

Python Java AWS Docker Kubernetes Terraform CI/CD WAF GDPR CCPA Shell_Script PowerShell Snowflake Prometheus Grafana PCI_DSS HITRUST NIST CSA SDN

What you'll do

Develop and enforce comprehensive security policies and standards.
Analyze and configure security solutions across multi-cloud environments.
Lead security testing, vulnerability analysis, and documentation efforts.
Participate in operational on-call duties for a 24/7 infrastructure.
Mentor junior engineers and organize regular training sessions.
Contribute to the strategic planning of the organization's security roadmap.
Encourage team engagement with next-generation security tools and practices.

What we're looking for

10+ years of experience in developing and deploying security technologies.
7+ years of programming experience with languages like Java, Python, or JavaScript.
5+ years of expertise in Public Cloud (AWS/Azure/GCP) & Network Security.
5+ years of experience with Docker, Kubernetes, and Infrastructure-as-Code.
5+ years of implementing data protection measures and compliance regulations.

Similar roles

Principal Application Security Engineer

Upstart

Remote (San Mateo, CA) 144 days ago $190,600–$263,900

Java Python Ruby SAST DAST SCA CI/CD API Security Microservices REST GraphQL AWS Kubernetes Terraform GitLab Jenkins GitHub PostgreSQL MongoDB OAuth OpenID Connect OAuth2 JSON Web Tokens PCI DSS ISO 27001 NIST Cybersecurity Framework

Remote

Save

Principal Engineer - Application Security: Secure Development

Wells Fargo

Charlotte, NC 5 days ago

Java .NET Python JavaScript TypeScript Node.js Go CI/CD SAST SCA DAST IaC scanning container security API security testing code review threat modeling runtime protection AI security Azure AWS GCP software supply chain security Zero Trust policy-as-code

Hybrid

Save