Cyber Security Offensive Security Engineer - Lead: Corporate Information Security

About The Position

Requirements

• Bachelor’s degree in Cyber Security, Computer Science, Computer Information Systems, or related technical field, or equivalent work experience.
• 5+ years’ experience in a dedicated Offensive Security role (e.g., Penetration Tester, Red Team Operator, Security Consultant).
• Expert-level understanding of network protocols, cryptography, application security (OWASP Top 10), and common attack frameworks (MITRE ATT&CK).
• Advanced knowledge of Windows, Linux, and cloud platform (AWS, Azure) exploitation, configuration, and hardening.
• Proven experience with common penetration testing tools (e.g., Burp Suite, Cobalt Strike, Metasploit, Nmap) and custom script/tool development.
• Strong understanding of regulatory frameworks (HIPAA, NIST, CIS) and their application to offensive security.
• Excellent communication and report-writing skills, with the ability to articulate complex technical vulnerabilities to diverse audiences.

Nice To Haves

• Experience assessing specialized systems (e.g., IoMT, OT, embedded devices) is preferred.
• OSCP (Offensive Security Certified Professional)
• CPTS (Certified Penetration Testing Specialist)
• OSWE (Offensive Security Web Expert)
• CWEE (Certified Web Exploitation Expert)
• OSEP (Offensive Security Experienced Penetration Tester)
• Other advanced, hands-on offensive certifications (e.g., CAPE, OSED, OSEE)

Responsibilities

• Leads the design, execution, and continuous improvement of Hoag's offensive security program.
• Proactively identifies, validates, and assesses vulnerabilities by simulating advanced adversary tactics, techniques, and procedures (TTPs).
• Provides expert guidance and mentorship, ensuring the organization's security posture is rigorously tested against real-world threats and fully aligned with healthcare regulatory requirements.
• Leads and conducts advanced, objective-based penetration tests and red team engagements against corporate networks, cloud environments (AWS/Azure), web applications, and mobile applications.
• Designs and executes security assessments of critical healthcare infrastructure, including the Internet of Medical Things (IoMT), operational technology (OT), and other clinical systems, to identify vulnerabilities affecting patient care and data integrity.
• Performs targeted social engineering (phishing, vishing, physical) simulations to test and improve human- and process-level security controls.
• Develops and maintains a modern offensive security toolset; automates engagement tasks and TTP simulation using scripting (Python, PowerShell, etc.).
• Partners with defensive (Blue Team) and engineering teams to conduct 'Purple Team' exercises, testing and enhancing the effectiveness of defensive controls (SIEM, EDR, CASB).
• Develops detailed, high-quality reports with actionable remediation recommendations and presents findings to both technical and executive leadership.
• Mentors junior engineers and provides offensive security subject matter expertise across the organization.
• Continuously researches emerging adversary TTPs, new vulnerabilities, and exploitation techniques, integrating this intelligence into the testing methodology.
• Provides technical validation for compliance and risk management (HIPAA, NIST, CIS), demonstrating the real-world impact of identified risks.
• Assist with advanced incident response and forensic investigations by providing an attacker's perspective and root cause analysis.