Bring your heart to CVS Health. Every one of us at CVS Health shares a single, clear purpose: Bringing our heart to every moment of your health. This purpose guides our commitment to deliver enhanced human-centric health care for a rapidly changing world. Anchored in our brand — with heart at its center — our purpose sends a personal message that how we deliver our services is just as important as what we deliver.
 
Our Heart At Work Behaviors™ support this purpose. We want everyone who works at CVS Health to feel empowered by the role they play in transforming our culture and accelerating our ability to innovate and deliver solutions to make health care more personal, convenient and affordable.

Who You Are

• Deeply experienced in building and leading high-performance security teams focused on proactive defense, adversary simulation, and resilience strategies.
• Strong technical expertise in identifying, analyzing, mitigating, and simulating advanced threats, with a deep understanding of adversarial tactics, techniques, and procedures (TTPs).
• Skilled in building frameworks for threat hunting, adversary simulation, and detection engineering while fostering cross-functional collaboration to integrate insights and strategies seamlessly.
• Demonstrated ability to innovate and automate security processes and functions through code, delivering measurable impact.
• Demonstrated leader with a proven ability to drive meaningful change, implement effective strategies, and cultivate high-performing global security organizations grounded in innovation and continuous operational excellence.
• A leader in next-generation security approaches, leveraging AI, machine learning, and automation to enhance both offensive and defensive capabilities.
• Proven ability to foster collaboration across security domains, including threat intelligence, incident response, adversary simulation, detection engineering, and automation, to enhance organizational security maturity.
• Experienced in developing and tracking key security metrics (KPIs/KRIs) to continuously measure and enhance the effectiveness of threat detection, incident response, and security resilience strategies.

Role Responsibilities

Threat Hunting & Defensive Strategy

• Lead the development and execution of advanced, proactive threat-hunting strategies, leveraging cutting-edge technologies such as AI, machine learning, and advanced analytics to detect, respond, and mitigate complex threats at scale.
• Build and oversee robust threat-hunting frameworks that integrate MITRE ATT&CK, Cyber Kill Chain, and the Diamond Model of Intrusion Analysis, alongside state-of-the-art tools such as SIEM platforms, endpoint detection, and threat intelligence solutions, to continuously identify and eliminate security threats.
• Continuously assess and enhance detection and defense strategies based on evolving threat landscapes, ensuring the organization remains resilient against sophisticated and emerging attack vectors.
• Oversee the adoption of detection and mitigation strategies for advanced AI and LLM-based threats, including adversarial attacks, model exploitation, and abuse, ensuring early identification and elimination of complex vulnerabilities.

Adversary Simulation & Offensive Strategy

• Drive the development and execution of offensive security and adversary simulation strategies, employing cutting-edge techniques to identify, test, and exploit vulnerabilities across all organizational systems.
• Oversee and enhance red teaming frameworks that leverage MITRE ATT&CK, Cyber Kill Chain, and OWASP frameworks, alongside tools such as Metasploit, Cobalt Strike, and custom-built solutions, to rigorously evaluate security defenses.
• Continuously evaluate and refine offensive strategies based on the evolving threat landscape, ensuring readiness against sophisticated attack vectors and proactive identification of weaknesses.
• Champion the implementation of advanced simulation techniques, including AI and machine learning-based attack methods, adversarial AI exploitation, and model abuse, to identify potential system weaknesses and enhance the organization’s defensive posture.

Incident Response, Exploitation, and Cyber Resilience

• Direct the implementation of both incident detection and adversary simulation capabilities, ensuring readiness to identify, exploit, contain, and remediate potential threats.
• Guide the development of playbooks, automated workflows, and resilience strategies to ensure rapid and effective response to both simulated and real incidents.
• Collaborate with external stakeholders, including threat intelligence providers and law enforcement, to enhance incident response and ensure a cohesive approach to high-impact threats.

Next-Generation Security Innovation & AI/LLM Exploitation

• Leverage AI, machine learning, and automation to enhance detection, adversary emulation, and remediation processes, improving scalability and effectiveness across teams.
• Oversee strategies for defending against AI/LLM-based threats, including adversarial attacks, model exploitation, and abuse, ensuring proactive protection against emerging risks.
• Drive innovation in leveraging AI/LLM technologies for enhanced detection, response, and simulation capabilities, including the use of generative AI for adversary emulation and detection engineering.
• Adopt advanced technologies such as SOAR platforms, deception technologies, adversarial AI exploitation frameworks, and behavioral analytics to simulate and counteract evolving threats.

Performance Metrics & Continuous Improvement

• Develop and implement key security metrics (KPIs/KRIs) to track the effectiveness of threat-hunting strategies and overall cyber resilience efforts.
• Establish a metrics-driven approach to threat detection and incident response, continuously evaluating and improving the organization’s defense posture.
• Leverage incident data, threat intelligence, and predictive analysis to continuously enhance threat-hunting techniques and improve defensive controls.

Innovation and Research

• Drive team research into emerging threat trends, advanced detection techniques, and AI-based predictive models, fostering a culture of innovation and continuous improvement.
• Allocate resources to security research and experimentation, encouraging the exploration of next-generation detection tools, frameworks, and methodologies.
• Stay well-informed on the latest advancements in threat detection, cyber resilience, and AI-based defense mechanisms, integrating them into the team’s practices.

Cultivating Team Excellence

• Build and lead a high-performing threat-hunting team, cultivating leadership talent and fostering an environment of continuous learning and professional development.
• Develop leadership programs to ensure team members grow in both technical expertise and leadership competencies, preparing future leaders for the next generation of cyber defense challenges.
• Foster a collaborative and inclusive team environment that values cross-functional teamwork and knowledge sharing to tackle complex security challenges.

Qualifications

Basic Qualifications

• 12+ years of experience in cybersecurity leadership roles, with proven success in both offensive (red team) and defensive (blue team) domains.
• Industry certifications such as OSCP, OSCE, OSEP, GPEN, GXPN, CISSP, GCIH, GCIA, CEH, or CISM are highly preferred. Cloud-specific certifications such as GCP Cloud Security Engineer, AWS Certified Security, or Azure Security Engineer are a plus but not required.
• Strong expertise in adversary simulation, red teaming, penetration testing, and detection frameworks, with deep knowledge of exploit development, attack methodologies, and advanced detection techniques.
• Proven ability to leverage automation, AI, and machine learning to enhance offensive security testing, vulnerability exploitation, threat detection, and remediation processes across diverse environments.
• Extensive experience with offensive and defensive security tools, including Metasploit, Cobalt Strike, Burp Suite, custom scripting, threat intelligence platforms, SIEM solutions, and endpoint detection and response (EDR) systems.
• Strong technical expertise in testing and detection techniques across cloud, on-prem, and hybrid environments, with a focus on scalability and resilience.
• Proficient in one or more general-purpose programming or scripting languages, such as Java, C/C++, C#, Python, JavaScript, Shell Script, and PowerShell, with an emphasis on automation for security operations.
• Demonstrated ability to build and lead high-performing global teams, cultivate talent, and foster a collaborative culture that drives innovation and operational excellence in both offensive and defensive security practices.
• Demonstrated success in leading large-scale, global security initiatives, with a deep understanding of diverse regulatory environments and the ability to navigate complex international data protection laws.

Preferred Qualifications

• Experience working with advanced security platforms, including offensive tools like Cobalt Strike, Brute Ratel, Sliver, Metasploit, and custom-developed solutions, as well as defensive platforms such as CrowdStrike Falcon Complete, Carbon Black, SentinelOne, and XDR systems, to enhance simulation, detection, and response capabilities.
• Strong expertise in implementing AI and machine learning-driven tools to enhance both offensive and defensive capabilities, including advanced attack simulations, threat hunting, and vulnerability modeling.
• Strong technical expertise in advanced techniques, including adversary emulation, exploit development, behavioral analytics, deception technologies, and bypassing defenses across multi-cloud, hybrid, and on-prem environments.
• Familiarity with generative AI and adversarial machine learning techniques to craft realistic attack simulations, enhance detection strategies, and identify novel vulnerabilities.
• Proven ability to lead global security teams, fostering a collaborative environment focused on cross-functional teamwork, continuous improvement, process automation, and operational excellence.
• Experience in driving transformational security initiatives—offensive and defensive—that align with organizational goals and elevate the overall security posture.

Education

• A minimum of a Bachelor’s degree in Computer Science, Information Security, Software Engineering, or a related field, or equivalent alternative education, skills, and/or practical experience is required.
• 
  
  
   

Pay Range

The typical pay range for this role is:

$175,100.00 - $334,750.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls.  The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors.  This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.  This position also includes an award target in the company’s equity award program. 
 
In addition to your compensation, enjoy the rewards of an organization that puts our heart into caring for our colleagues and our communities.  The Company offers a full range of medical, dental, and vision benefits.  Eligible employees may enroll in the Company’s 401(k) retirement savings plan, and an Employee Stock Purchase Plan is also available for eligible employees.  The Company provides a fully-paid term life insurance plan to eligible employees, and short-term and long term disability benefits. CVS Health also offers numerous well-being programs, education assistance, free development courses, a CVS store discount, and discount programs with participating partners.  As for time off, Company employees enjoy Paid Time Off (“PTO”) or vacation pay, as well as paid holidays throughout the calendar year. Number of paid holidays, sick time and other time off are provided consistent with relevant state law and Company policies. 
 
For more detailed information on available benefits, please visit Benefits | CVS Health

We anticipate the application window for this opening will close on: 03/14/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.