Humana · 1 day ago
Senior Engineer, Offensive Security
United States
Full-time
Remote
Mid, Senior Level
$118K/yr - $162K/yr
3+ years expHumana is committed to putting health first and is looking for a Senior Engineer in Offensive Security to execute high-fidelity threat actor and control validation campaigns within their BAS program. This role involves influencing strategy through technical expertise, managing complex assignments, and contributing to the overall direction of the program while collaborating with specialized teams to enhance security measures.
Health CareHealth InsuranceInsuranceVenture Capital
Responsibilities
Run high-fidelity threat-actor and control-validation campaigns, maintain agent health, convert raw BAS platform test results into actionable findings, and track them in the enterprise risk management platform
Leverage offensive security expertise to determine the most effective approach for executing simulations, design appropriate test cases for specific security countermeasures, and manage multiple projects simultaneously
Review the latest products from the Threat Intelligence team on a specific threat actor, chaining custom Tactics, Techniques, and Procedures (TTPs) for a Threat Simulation, and developing complementary custom test cases using the platform’s Python API
Initiate a bi-weekly Security Baseline, collaborate with SIEM Engineering to tune detection logic after analyzing recent baseline results, write concise findings for documentation in the enterprise risk management system, and conduct in-depth analysis of IOC Validation gaps
Build and execute threat-actor and control-validation campaigns using the BAS platform's pre-built threat simulation libraries, supplemented by custom test cases developed through the Python API to address specific TTPs not covered by the vendor
Ensure campaigns meet service level agreements, such as a two-week turnaround for prebuilt threat simulations, while operating with limited guidance on moderately complex campaign development
Maintain agents, payload sets, and scheduling with considerable autonomy
Automate bi-weekly security baseline runs and create synthetic unit tests when there are changes in countermeasure configurations or architecture
Apply advanced technical knowledge to resolve complex issues
Draft actionable findings for SOC/IR and organize risk items within the Findings-Analysis workstream for documentation
Use independent judgment to analyze and evaluate variable factors such as network architecture, agent configuration, and detection capabilities
Collaborate with the CTI team on priority TTPs, verify annual coverage, and share new test cases with the broader team
Make recommendations regarding testing approaches based on offensive security expertise and experience
Propose enhancements to security countermeasures, address detection or alerting gaps, and suggest new service-line use cases to the Lead for roadmap consideration
Qualification
Required
Minimum 3 years of experience in offensive security roles such as Red Team, Penetration Testing, or Bug Bounty programs
Intermediate to advanced proficiency in Python programming, or equivalent experience with interpreted languages such as PowerShell, Bash, or Ruby
Independent technical problem-solving and analysis
Experience with major Cloud Service Providers, including AWS, GCP, and Azure
Demonstrated ability to work autonomously on complex technical assignments
Experience utilizing Threat Intelligence to guide offensive security operations
Experience testing endpoints protected by solutions such as Microsoft Defender for Endpoint, CrowdStrike, or SentinelOne
Interest in building and testing large language models (LLMs), machine learning models, AI infrastructure, MCP, prompt engineering, and applying these technologies to offensive security operations
Preferred
Minimum 5 years of experience in any of the following areas:
Malware development
Advanced Red Team operations and threat simulation
Threat hunting or digital forensics in enterprise environments
Analyzing and gathering intelligence on threat actors and their TTPs
Published speaking engagements at industry conferences such as DEF CON, BSIDES, x33fcon, Black Hat, etc
Relevant industry certifications, including but not limited to: OSCP, OSWE, OSED, OSCE3, CRTP, CRTE, CRTO, CRTL, CPTS, CBBH, CWEE, CAPE, MalDev Academy, OpenSecurityTraining2
Experience with building and breaking LLMs, machine learning models, AI infrastructure MCP, prompt engineering, and applying these technologies to offensive security operations
Benefits
Medical, dental and vision benefits
401(k) retirement savings plan
Time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave)
Short-term and long-term disability
Life insurance
Company
Humana
Humana is a health insurance provider for individuals, families, and businesses.
10001+ employees
H1B Sponsorship
Humana has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (282)
2024 (246)
2023 (284)
2022 (274)
2021 (212)
2020 (84)
Funding
Current Stage
Public CompanyTotal Funding
$13.07B2025-05-30Post Ipo Debt· $5B
2025-03-03Post Ipo Debt· $1.25B
2024-03-11Post Ipo Debt· $2.25B
Leadership Team
Jim Rechtin
CEO and President
Cynthia Zipperle
Vice President, Chief Accounting Officer and Controller
Recent News
2026-02-04
HealthCareIT News
2026-02-04
HealthCareIT News
2026-02-04
Company data provided by crunchbase