Job Description
Position Overview: We are seeking an experienced and motivated Red Team Engineer to lead our offensive security efforts. In this role, you will conduct simulated attacks to test the resilience of our network, systems, and applications against real-world threats. This team will eventually evolve into a Purple Team, where collaboration between offensive (Red Team) and defensive (Blue Team) operations will enhance our threat detection, response capabilities, and overall security posture.
Key Responsibilities
Conduct comprehensive Red Team exercises to simulate adversarial tactics, techniques, and procedures (TTPs) in healthcare settings, targeting healthcare-specific vulnerabilities and testing our cyber defenses.
Utilize advanced methodologies to compromise infrastructure without relying on phishing techniques, including identifying and exploiting vulnerabilities, evading detection, and achieving persistent access.
Document and present findings, including actionable recommendations, to the Blue Team and other relevant stakeholders to improve defensive strategies.
Work with the Blue Team to build and refine a collaborative Purple Team framework, fostering open communication and joint exercises to improve detection, response, and remediation capabilities.
Develop and maintain security assessment tools and scripts to automate reconnaissance, testing, and reporting.
Mentor and guide other Red and Blue Team members, helping to develop a deep understanding of offensive and defensive strategies.
Support risk analysis and mitigation by aligning simulated threat scenarios with the MITRE ATT&CK framework and other threat intelligence resources.
Provide insights to aid in the development of incident response (IR) plans, leveraging knowledge of healthcare regulations and compliance standards (e.g., HIPAA, HITECH).
Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, or a related field, or equivalent experience.
4+ years of experience in penetration testing, Red Team operations, or a similar offensive security role.
Advanced knowledge of Red Team tools and frameworks (e.g., Cobalt Strike, Metasploit, Burp Suite) and familiarity with healthcare-specific security threats.
Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automation and customization of security tools.
Strong understanding of network and application security concepts, including cloud and hybrid environment configurations.
Experience working with the MITRE ATT&CK framework to align TTPs and guide threat emulation.
Ability to document findings and communicate clearly with technical and non-technical stakeholders.
Passion for evolving into a Purple Team role, bridging offensive and defensive strategies to strengthen our overall security posture.
Preferred Skills
Experience in healthcare cybersecurity or knowledge of compliance requirements specific to healthcare (HIPAA, HITECH).
Familiarity with endpoint security solutions, SIEM platforms, and incident response workflows.
Certifications such as OSCP, OSCE, OSWE, GPEN, or similar credentials.
This is a remote, work from home position. This role is to be filled outside the states of California and Colorado.
**We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, ethnic origin, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.**
