About Us
CVS Health, the parent company of Signify Health, is investing heavily in digital, data, analytics, and technology. We are excited to be a part of this pioneering business that is transforming healthcare in the United States by making customer experiences more seamless, convenient, and personalized.
Our Purpose
At CVS Health, we are focused on driving business agility and growth through technology, data, digital, and experiential innovations. Our goal is to make our services more personal, convenient, and affordable for everyone.
Job Description
We are looking for an experienced professional to lead our offensive security team. The ideal candidate will have a strong background in building and leading high-performance teams, as well as expertise in identifying, analyzing, and simulating advanced attack techniques.
* Lead the development and execution of offensive security strategies, utilizing cutting-edge techniques to identify, test, and exploit vulnerabilities.
* Build and maintain red teaming frameworks that leverage MITRE ATT&CK, Cyber Kill Chain, and OWASP frameworks, alongside tools such as Metasploit, Cobalt Strike, and custom-built solutions, to rigorously evaluate security defenses.
* Continuously assess and update offensive strategies based on evolving threat landscapes, ensuring that the organization remains prepared against sophisticated attack vectors.
Responsibilities
Adversary Simulation & Offensive Strategy
The successful candidate will be responsible for leading the development and execution of offensive security and adversary simulation strategies. This will involve:
* Developing and executing simulation techniques for advanced AI and machine learning-based attacks, adversarial AI exploitation, and model abuse to proactively identify potential system weaknesses.
* Implementing next-generation attack simulation and automation techniques, such as automated red teaming, deception bypass, and behavioral analytics, to simulate real-world attack scenarios and gauge defense effectiveness.
Vulnerability Exploitation & Penetration Testing
The candidate will also be responsible for overseeing the implementation and continuous improvement of the organization's penetration testing and vulnerability exploitation capabilities. This will involve:
* Developing and executing offensive testing strategies that uncover security gaps and vulnerabilities across cloud, on-prem, and hybrid environments.
* Leading the development of playbooks, testing methodologies, and automated workflows to enhance the team's ability to simulate and execute realistic attack scenarios.
Next-Generation Attack Simulation & Automation
The successful candidate will be expected to leverage artificial intelligence, machine learning, and automation to conduct sophisticated attack simulations and improve the efficacy of offensive security operations. This will involve:
* Implementing advanced adversary simulation techniques, such as automated red teaming, deception bypass, and behavioral analytics, to simulate real-world attack scenarios and gauge defense effectiveness.
* Driving the adoption of next-generation offensive security tools, including SOAR platforms and adversary emulation solutions, to scale red teaming efforts and ensure comprehensive attack surface testing.
Requirements
* 10+ years of experience in leading offensive security or red teaming operations, with a significant portion in a senior leadership role.
* A minimum of a Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience.
* Industry certifications such as OSCP, OSCE, OSEP, GPEN, or GXPN are highly preferred.