Job Description

Job Summary

As a Senior Cybersecurity Engineer in the Security Validation team, you will be a key member of our Red Team operations, leading efforts to emulate real-world threat scenarios and validate the effectiveness of enterprise defenses across our expansive healthcare environment. This role requires advanced offensive security capabilities, deep knowledge of adversary tactics, and the ability to communicate findings clearly to both technical and executive stakeholders.

You will design and execute advanced threat simulations against our infrastructure—cloud, clinical systems, APIs, IoT medical devices, and enterprise platforms—helping CHS proactively identify and mitigate systemic weaknesses. You will also work with internal teams and third parties to provide feedback on the relevance of vulnerabilities to CHS systems, ensuring alignment between threat findings and risk remediation efforts. Your work will directly impact patient safety, data integrity, and regulatory compliance across a network of hospitals and clinics.

Essential Functions

Lead Red Team engagements emulating real-world threat actors, including APTs and insider threats, aligned with MITRE ATT&CK. Conduct Security Validation Exercises across cloud, on-prem, hybrid, and medical environments to measure resilience against defined threat scenarios. Develop and maintain custom tools, exploits, and payloads to simulate evolving adversarial behavior. Collaborate with Blue and Purple Teams to refine detections, validate logging, and improve response capabilities. Identify and characterize security risks in critical systems such as EMRs, PACS, medical IoT, and enterprise SaaS platforms. Produce detailed reports and executive summaries, translating technical findings into actionable mitigation strategies. Design tabletop and live-fire exercises that evaluate organizational readiness, incident response workflows, and security control efficacy. Monitor threat intelligence specific to the healthcare industry and adjust validation activities accordingly. Perform continuous threat hunting to identify vulnerabilities and gaps in monitoring across the CHS enterprise. Ensure Red Team operations follow defined rules of engagement, safeguarding patient care and system availability. Participate in compliance-driven assessments (e.g., HIPAA Security Rule, HITRUST) by providing validation evidence and attack simulations. Mentor junior staff and foster a culture of offensive security awareness and continuous improvement.

Qualifications

Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field Master’s Degree or professional coursework in Offensive Security, Information Assurance, or Threat Intelligence

Duration:

5+ years of cybersecurity experience 3+ years in offensive security or Red Team roles

Activities:

Proven experience performing Red Team or Purple Team engagements in large enterprise environments Expertise in security validation, threat modeling, and adversary simulation Demonstrated experience in regulated environments—healthcare industry experience highly preferred Hands-on proficiency with tools such as Cobalt Strike, Metasploit, BloodHound, Covenant, Caldera, or similar Familiarity with security challenges in cloud platforms (Azure/AWS/GCP), medical IoT, and EHR/EMR systems

Competencies:

Deep understanding of attack lifecycle, threat emulation frameworks, and operational security Strong written and verbal communication skills—ability to brief executive leadership