This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

Become a part of our caring community and help us put health first. The Senior Engineer, Offensive Security, executes high-fidelity threat actor and control validation campaigns within our BAS program. This role influences functional area strategy through technical expertise, operates with considerable autonomy on moderately complex assignments, and makes recommendations to leadership based on advanced knowledge and experience. The position focuses on Breach and Attack Simulation operations, campaign delivery, and detailed analysis, while also contributing to the overall direction of the program.

The Bigger Picture

• Join a 100% remote, highly specialized offensive security team.
• Access to Hack TheBox Pro Labs, all HTB role-based training paths and certifications, discretionary certification funding, and conference/training budgets.
• Collaborate with Red Team, Penetration Testing, and Bug Bounty professionals.
• Fridays are dedicated to research and development in emerging offensive security technologies.

Mission & Impact

• Run high-fidelity threat-actor and control-validation campaigns.
• Maintain agent health and convert raw BAS platform test results into actionable findings.
• Track findings in the enterprise risk management platform.
• Leverage offensive security expertise to determine effective simulation execution.
• Design appropriate test cases for specific security countermeasures.
• Manage multiple projects simultaneously.
• Review the latest products from the Threat Intelligence team.
• Chain custom Tactics, Techniques, and Procedures (TTPs) for Threat Simulation.
• Develop complementary custom test cases using the platform’s Python API.
• Initiate a bi-weekly Security Baseline and collaborate with SIEM Engineering.
• Write concise findings for documentation in the enterprise risk management system.
• Conduct in-depth analysis of IOC Validation gaps.

Campaign Delivery

• Build and execute threat-actor and control-validation campaigns using the BAS platform's pre-built threat simulation libraries.
• Supplement campaigns with custom test cases developed through the Python API.
• Ensure campaigns meet service level agreements, such as a two-week turnaround for prebuilt threat simulations.
• Operate with limited guidance on moderately complex campaign development.

Tool Operation & Tuning

• Maintain agents, payload sets, and scheduling with considerable autonomy.
• Automate bi-weekly security baseline runs.
• Create synthetic unit tests for changes in countermeasure configurations or architecture.
• Apply advanced technical knowledge to resolve complex issues.

Data & Reporting

• Draft actionable findings for SOC/IR.
• Organize risk items within the Findings-Analysis workstream for documentation.
• Use independent judgment to analyze and evaluate variable factors.

Strategic Collaboration

• Collaborate with the CTI team on priority TTPs.
• Verify annual coverage and share new test cases with the broader team.
• Make recommendations regarding testing approaches based on offensive security expertise.

Continuous Improvement

• Propose enhancements to security countermeasures.
• Address detection or alerting gaps.
• Suggest new service-line use cases to the Lead for roadmap consideration.

Qualifications

• Minimum 3 years of experience in offensive security roles such as Red Team, Penetration Testing, or Bug Bounty programs.
• Intermediate to advanced proficiency in Python programming, or equivalent experience with interpreted languages such as PowerShell, Bash, or Ruby.
• Independent technical problem-solving and analysis.
• Experience with major Cloud Service Providers, including AWS, GCP, and Azure.
• Demonstrated ability to work autonomously on complex technical assignments.
• Experience utilizing Threat Intelligence to guide offensive security operations.
• Experience testing endpoints protected by solutions such as Microsoft Defender for Endpoint, CrowdStrike, or SentinelOne.
• Interest in building and testing large language models (LLMs), machine learning models, AI infrastructure, MCP, prompt engineering, and applying these technologies to offensive security operations.

Preferred Qualifications

• Minimum 5 years of experience in any of the following areas:
• Malware development.
• Advanced Red Team operations and threat simulation.
• Threat hunting or digital forensics in enterprise environments.
• Analyzing and gathering intelligence on threat actors and their TTPs.
• Published speaking engagements at industry conferences such as DEF CON, BSIDES, x33fcon, Black Hat, etc.
• Relevant industry certifications, including but not limited to: OSCP, OSWE, OSED, OSCE3, CRTP, CRTE, CRTO, CRTL, CPTS, CBBH, CWEE, CAPE, MalDev Academy, OpenSecurityTraining2.
• Experience with building and breaking LLMs, machine learning models, AI infrastructure MCP, prompt engineering, and applying these technologies to offensive security operations.

Additional Information

• WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office.
• Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
• A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
• Satellite and Wireless Internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.
• Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.

Scheduled Weekly Hours

40

Pay Range

The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.

$117,600 - $161,700 per year. This job is eligible for a bonus incentive plan based on company and/or individual performance.

Description of Benefits

• Humana, Inc. offers competitive benefits that support whole-person well-being.
• Benefits designed to encourage personal wellness and smart healthcare decisions for you and your family.
• Includes medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance, and many other opportunities.

Application Deadline

03-17-2026

Equal Opportunity Employer

It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status.