Security Engineer
Director of Application Security leading enterprise strategy to embed security into the SDLC, reduce application-layer risk, and protect digital assets through threat detection, incident response, and secure API design at Cardinal Health.
What Cybersecurity Defense contributes to Cardinal Health
Cybersecurity Defense focuses heavily on threat detection, incident response, and implementing security measures to protect our digital assets and infrastructure at Cardinal Health . The Director, Application Security is responsible for establishing, leading, and evolving the enterprise application security strategy to embed security into the software development lifecycle (SDLC) and reduce application-layer risk across the business segments. This leader ensures that applications and APIs are designed, developed, and deployed in alignment with security policies & standards, regulatory requirements, and risk management objectives. This Director oversees segment-aligned application security capabilities across Pharma, Medical, and Commercial Technology environments, enabling consistent governance, scalable processes, and effective risk mitigation across diverse application portfolios.
Location - Open to candidates nationwide working in a fully remote capacity, with preference towards those based local to Central Ohio (willingness to travel into our Corporate HQ in Dublin, OH during certain period of the year is a plus)
Responsibilities
Lead the enterprise application security strategy aligned with cybersecurity, risk management, and business objectives.
Establish governance frameworks to embed security into the software development lifecycle (SDLC) across all application domains.
Collaborate with enterprise architecture, engineering, and product teams to align application security with technology strategies and transformation initiatives.
Serve as an advisor to executive and business leadership on application security risks, priorities, and investment decisions.
Drive a secure-by-design culture across development and engineering teams.
Oversee application security capabilities across Pharma, Medical, and Commercial Technology segments, ensuring consistent implementation of security practices.
Define segment-specific requirements and approaches to address unique regulatory, operational, and risk considerations.
Ensure alignment of application security practices across segments while enabling flexibility to support business-specific needs.
Drive standardization of processes, tooling, and reporting across segment application security teams.
Oversee enterprise application security testing programs, including SAST, DAST, SCA, and IAST across all application environments.
Ensure vulnerabilities are identified, assessed, prioritized, and remediated during the development lifecycle prior to deployment.
Establish secure coding standards and integrate security controls into CI/CD pipelines and development workflows.
Collaborate with development teams to reduce application security technical debt and improve code quality.
Oversee implementation of runtime security controls for appli
Posted June 18, 2026