Humana
Join our dedicated team focused on prioritizing health and security! As a Lead Offensive Security Engineer, you will execute advanced threat actor simulations and validate control measures within our Breach and Attack Simulation (BAS) program. This position offers you the opportunity to shape functional area strategies, work autonomously on complex projects, and provide critical insights to leadership based on your expertise.
In this fully remote role, you will have access to comprehensive training resources, including Hack The Box Pro Labs and discretionary funding for certifications and conferences. You will collaborate with top professionals in Cyber Threat Simulation (CTS), Red Team, Penetration Testing, and Bug Bounty operations, enabling your continuous growth while tackling industry-leading BAS challenges.
Key Responsibilities:
Campaign Execution:
Develop and deploy high-fidelity threat simulations using our BAS platform, enhancing existing libraries with custom test cases via Python API. Tuning and Maintenance:
Keep agents and payloads operational, addressing complex issues with a high level of independence. Analysis and Reporting:
Convert raw simulation data into actionable security findings, utilizing your judgment to navigate varying factors like network configurations and detection capabilities. Collaborative Engagement:
Work closely with the Cyber Threat Intelligence (CTI) team to align testing strategies with priority Tactics, Techniques, and Procedures (TTPs), and share findings with team members for enhanced coverage. Continuous Improvement:
Propose improvements to security measures and detection protocols, making strategic recommendations based on your offensive security insights. Why It Matters:
Your efforts will help identify and address vulnerabilities before adversaries can exploit them, equipping Engineering and Threat Management teams with essential data to bolster security postures and refine architectural security strategies. Qualifications: Minimum 3 years in offensive security roles (Red Team, Penetration Testing, Bug Bounty). Intermediate to advanced Python programming skill (or equivalent interpreted languages). Experience with AWS, GCP, and Azure. Proven ability to work autonomously on challenging technical assignments. Experience using Threat Intelligence in operational contexts. Familiarity with endpoint protection solutions like Microsoft Defender, CrowdStrike, or SentinelOne. Interest in integrating AI and machine learning with security operations. As a member of our team, you'll contribute to our mission of enhancing security and health for our organization and members. We look forward to your application!
Develop and deploy high-fidelity threat simulations using our BAS platform, enhancing existing libraries with custom test cases via Python API. Tuning and Maintenance:
Keep agents and payloads operational, addressing complex issues with a high level of independence. Analysis and Reporting:
Convert raw simulation data into actionable security findings, utilizing your judgment to navigate varying factors like network configurations and detection capabilities. Collaborative Engagement:
Work closely with the Cyber Threat Intelligence (CTI) team to align testing strategies with priority Tactics, Techniques, and Procedures (TTPs), and share findings with team members for enhanced coverage. Continuous Improvement:
Propose improvements to security measures and detection protocols, making strategic recommendations based on your offensive security insights. Why It Matters:
Your efforts will help identify and address vulnerabilities before adversaries can exploit them, equipping Engineering and Threat Management teams with essential data to bolster security postures and refine architectural security strategies. Qualifications: Minimum 3 years in offensive security roles (Red Team, Penetration Testing, Bug Bounty). Intermediate to advanced Python programming skill (or equivalent interpreted languages). Experience with AWS, GCP, and Azure. Proven ability to work autonomously on challenging technical assignments. Experience using Threat Intelligence in operational contexts. Familiarity with endpoint protection solutions like Microsoft Defender, CrowdStrike, or SentinelOne. Interest in integrating AI and machine learning with security operations. As a member of our team, you'll contribute to our mission of enhancing security and health for our organization and members. We look forward to your application!