Principal Adversary Operations Engineer - Red Team

CVS Health•New York, NY

About The Position

The Principal Threat Adversary Operations Engineer – Red Team is a senior, highly technical individual contributor responsible for designing and executing advanced offensive security operations across complex enterprise, cloud, and hybrid environments. This role leads the development of custom attack techniques and novel adversary simulations, exploring fringe and emerging attack vectors beyond standard penetration testing methodologies. Penetration testing is a core function of the role, with a focus on uncovering high‑impact, previously unidentified security weaknesses across networks, applications, identities, and systems. Operating at a principal engineering level, the role builds and executes sophisticated attack campaigns using a combination of industry‑standard tooling and extensive custom exploit and tooling development. The Principal Engineer applies deep expertise in adversary tradecraft, scripting, and automation to emulate real‑world threat actors at scale, aligning attack scenarios with modern and emerging Tactics, Techniques, and Procedures (TTPs). Offensive activities are informed by current threat intelligence and adversary modeling to ensure realistic, intelligence‑driven simulations that meaningfully stress defensive controls. The role serves as a critical purple team partner and trusted advisor to detection, response, and incident investigation teams, translating complex offensive findings into measurable improvements in defensive capability, telemetry, and operational readiness. Through clear articulation of technical risk and business impact, the Principal Engineer influences enterprise security strategy, informs long‑term defensive investments, and supports high‑severity investigations and post‑incident analysis. All offensive activities are executed with strong governance awareness, ensuring alignment with regulatory, audit, and compliance expectations while advancing the organization’s adversary‑informed security posture.

Requirements

10+ years of hands‑on experience in penetration testing, red teaming, adversary emulation, and/or offensive security.
7+ years of deep experience with tools such as Kali Linux, Metasploit, Nmap, Burp Suite, and comparable frameworks.
5+ years of advanced scripting experience (Python, PowerShell, Bash, or similar languages).
5+ years of experience securing and testing cloud platforms (AWS, Azure, GCP) and containerized environments.
Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Nice To Haves

Advanced certifications such as OSCP, OSCE, CISSP, CEH, or GPEN.
Demonstrated leadership in purple team programs and adversary simulation initiatives.
Strong familiarity with PCI‑DSS, HIPAA, ISO 27001, and enterprise compliance environments.
Expert knowledge of MITRE ATT&CK, NIST, and CIS security frameworks.
Exceptional communication skills with the ability to influence technical and non‑technical senior stakeholders.

Responsibilities

Lead and execute advanced internal and external penetration tests across enterprise, cloud, and emerging technology environments.
Design and execute custom adversary emulation campaigns to pressure‑test detection, response, and control effectiveness.
Own and evolve the offensive security toolset, including development of custom exploits, scripts, and attack frameworks.
Produce executive‑ready assessments that clearly articulate technical risk, business impact, and remediation priorities.
Partner closely with detection, response, and security engineering teams to drive purple team exercises and adversary‑informed improvements at scale.
Translate offensive findings into measurable enhancements in monitoring, telemetry, alerting, and response workflows.
Lead technical deep dives and knowledge‑sharing sessions to elevate enterprise understanding of adversary behavior and attack paths.
Influence enterprise adversary operations and threat management strategy through risk‑based assessments and adversary trend analysis.
Architect and implement automation to scale penetration testing and adversary simulation capabilities.
Provide expert adversary insight during incident response and threat hunting, informing hypotheses, detections, and post‑incident improvements.