At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Who You Are

• Experienced Penetration Tester: Deep expertise in conducting both internal and external penetration testing to identify vulnerabilities across networks, applications, and systems. Proficient in exploiting security gaps to assess potential risks effectively.

• Offensive Security Specialist: Proficient in using tools like Kali Linux, Metasploit, Burp Suite, Nmap, and custom scripting with Python, PowerShell, or Bash. Knowledgeable about emerging attack techniques and TTPs (Tactics, Techniques, and Procedures).

• Purple Team Advocate: Proven experience in collaborating with blue teams to design and implement purple team exercises that enhance detection and response capabilities. Ability to translate offensive security findings into actionable defense strategies.

• Threat Intelligence Integrator: Skilled at leveraging threat intelligence to inform penetration testing strategies, prioritize threats, and adapt techniques based on emerging adversary tactics.

• Incident Response Collaborator: Proven track record of working with incident response teams to provide insights during active investigations and refine detection capabilities. Experience in conducting post-incident reviews to enhance security controls.

• Risk Management-Focused: Skilled in evaluating security risks and recommending actionable solutions that align with business objectives.

• Compliance Knowledgeable: Experienced in ensuring that penetration testing aligns with regulatory and compliance requirements such as PCI-DSS, HIPAA, NIST, and ISO 27001.

• Innovator: Passionate about integrating offensive security practices into a comprehensive threat management strategy.

Role Responsibilities

Penetration Testing & Adversary Emulation

• Conduct internal and external penetration tests to identify and exploit vulnerabilities.

• Develop and execute adversary emulation scenarios to assess the effectiveness of the organization’s detection and response capabilities.

• Utilize and maintain a comprehensive suite of penetration testing tools, including Kali Linux, Metasploit, Nmap, and custom scripts.

• Create detailed reports with findings and actionable recommendations for remediation.

Collaboration & Purple Teaming

• Work closely with blue teams to design and execute purple team exercises that bridge offensive and defensive security efforts.

• Provide actionable insights to improve security monitoring, alerting, and incident response based on penetration testing results.

• Facilitate knowledge-sharing sessions to upskill internal teams on adversary tactics, techniques, and procedures (TTPs).

Security Strategy & Risk Management

• Contribute to the development of a comprehensive adversary operations strategy aligned with organizational risk management goals.

• Provide executive leadership with detailed reports on security gaps, risks, and the effectiveness of security controls.

• Prioritize remediation efforts based on risk impact and operational feasibility.

Tool Development & Automation

• Automate common penetration testing tasks using Python, PowerShell, or Bash scripting to increase efficiency.

• Contribute to the development of custom tools for red teaming and penetration testing.

Incident Response Support

• Assist the incident response team by providing adversary tactics insights during active investigations.

• Collaborate on developing threat-hunting use cases and refining detection capabilities based on attack simulations.

Required Qualifications:

• 5+ years of hands-on experience in penetration testing, red teaming, or offensive security.

• 3+ years of experience in Kali Linux, Metasploit, Nmap, Burp Suite, and/or other related tools.

• 3+ years of experience in scripting languages (Python, PowerShell, Bash,etc).

• 3+ years of experience with cloud security (AWS, Azure, GCP) and container security.

Preferred Qualifications:

• Relevant certifications such as OSCP, OSCE, CISSP, CEH, or GPEN.

• Experience in managing or participating in purple team exercises.

• Familiarity with compliance standards like PCI-DSS, HIPAA, or ISO 27001.

• Strong understanding of security frameworks such as MITRE ATT&CK, NIST, and CIS.

• Strong communication skills with the ability to translate complex security issues to non-technical stakeholders.

Education

• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$101,970.00 - $203,940.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan .

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 04/01/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

We are an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.