Principal Adversary Operations Engineer - Red Team

We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.

Position Summary

The Principal Threat Adversary Operations Engineer – Red Team is a senior, highly technical individual contributor responsible for designing and executing advanced offensive security operations across complex enterprise, cloud, and hybrid environments. This role leads the development of custom attack techniques and novel adversary simulations, exploring fringe and emerging attack vectors beyond standard penetration testing methodologies. Penetration testing is a core function of the role, with a focus on uncovering high‑impact, previously unidentified security weaknesses across networks, applications, identities, and systems.

Operating at a principal engineering level, the role builds and executes sophisticated attack campaigns using a combination of industry‑standard tooling and extensive custom exploit and tooling development. The Principal Engineer applies deep expertise in adversary tradecraft, scripting, and automation to emulate real‑world threat actors at scale, aligning attack scenarios with modern and emerging Tactics, Techniques, and Procedures (TTPs). Offensive activities are informed by current threat intelligence and adversary modeling to ensure realistic, intelligence‑driven simulations that meaningfully stress defensive controls.

The role serves as a critical purple team partner and trusted advisor to detection, response, and incident investigation teams, translating complex offensive findings into measurable improvements in defensive capability, telemetry, and operational readiness. Through clear articulation of technical risk and business impact, the Principal Engineer influences enterprise security strategy, informs long‑term defensive investments, and supports high‑severity investigations and post‑incident analysis. All offensive activities are executed with strong governance awareness, ensuring alignment with regulatory, audit, and compliance expectations while advancing the organization’s adversary‑informed security posture.

Role Responsibilities:

Penetration Testing & Adversary Operations

• Lead and execute advanced internal and external penetration tests across enterprise, cloud, and emerging technology environments.
• Design and execute custom adversary emulation campaigns to pressure‑test detection, response, and control effectiveness.
• Own and evolve the offensive security toolset, including development of custom exploits, scripts, and attack frameworks.
• Produce executive‑ready assessments that clearly articulate technical risk, business impact, and remediation priorities.

Purple Team & Defensive Enablement

• Partner closely with detection, response, and security engineering teams to drive purple team exercises and adversary‑informed improvements at scale.
• Translate offensive findings into measurable enhancements in monitoring, telemetry, alerting, and response workflows.
• Lead technical deep dives and knowledge‑sharing sessions to elevate enterprise understanding of adversary behavior and attack paths.

Security Strategy, Automation & Incident Support

• Influence enterprise adversary operations and threat management strategy through risk‑based assessments and adversary trend analysis.
• Architect and implement automation to scale penetration testing and adversary simulation capabilities.
• Provide expert adversary insight during incident response and threat hunting, informing hypotheses, detections, and post‑incident improvements.

Required Qualifications

• 10+ years of hands‑on experience in penetration testing, red teaming, adversary emulation, and/or offensive security.
• 7+ years of deep experience with tools such as Kali Linux, Metasploit, Nmap, Burp Suite, and comparable frameworks.
• 5+ years of advanced scripting experience (Python, PowerShell, Bash, or similar languages).
• 5+ years of experience securing and testing cloud platforms (AWS, Azure, GCP) and containerized environments.

Preferred Qualifications

• Advanced certifications such as OSCP, OSCE, CISSP, CEH, or GPEN.
• Demonstrated leadership in purple team programs and adversary simulation initiatives.
• Strong familiarity with PCI‑DSS, HIPAA, ISO 27001, and enterprise compliance environments.
• Expert knowledge of MITRE ATT&CK, NIST, and CIS security frameworks.
• Exceptional communication skills with the ability to influence technical and non‑technical senior stakeholders.

Education

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Pay Range

The typical pay range for this role is:

$144,200.00 - $288,400.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.

This full‑time position is eligible for a comprehensive benefits package designed to support the physical, emotional, and financial well‑being of colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Additional details about available benefits are provided during the application process and on Benefits Moments.

We anticipate the application window for this opening will close on: 05/11/2026

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.