We’re building a world of health around every individual — shaping a more connected, convenient and compassionate health experience. At CVS Health®, you’ll be surrounded by passionate colleagues who care deeply, innovate with purpose, hold ourselves accountable and prioritize safety and quality in everything we do. Join us and be part of something bigger – helping to simplify health care one person, one family and one community at a time.
Position Summary
The Senior Adversary Operations Engineer plays a critical role in strengthening the organization’s security posture by executing advanced penetration testing and adversary simulation activities that uncover high‑risk vulnerabilities across enterprise, cloud, identity, API, and application environments. This role operates with a high degree of autonomy, leading engagements end‑to‑end from scoping through execution, reporting, and remediation guidance while maintaining a strong focus on real‑world exploitability and business impact. By developing and chaining sophisticated attack paths, the engineer delivers clear, actionable insights that enable leadership to make informed, risk‑based decisions and prioritize remediation aligned to business objectives.
Beyond identifying weaknesses, this role directly improves the organization’s detection and response capabilities. Through close collaboration with detection engineering, SOC, and incident response teams, the Senior Adversary Operations Engineer translates offensive findings into measurable defensive enhancements, including improved telemetry, alerting, and response workflows. Leveraging threat intelligence and continuously refining adversary tradecraft, the role ensures testing remains aligned with evolving attacker behavior while supporting incident investigations and post‑event analysis contributing to a more resilient, intelligence‑driven security program.
Role Responsibilities:
Penetration Testing & Adversary Emulation
- Conduct internal and external penetration tests to identify and exploit vulnerabilities.
- Develop and execute adversary emulation scenarios to assess the effectiveness of the organization’s detection and response capabilities.
- Utilize and maintain a comprehensive suite of penetration testing tools, including Kali Linux, Metasploit, Nmap, and custom scripts.
- Create detailed reports with findings and actionable recommendations
- for remediation.
Collaboration & Purple Teaming
- Work closely with blue teams to design and execute purple team exercises that bridge offensive and defensive security efforts.
- Provide actionable insights to improve security monitoring, alerting, and incident response based on penetration testing results.
- Facilitate knowledge-sharing sessions to upskill internal teams on adversary tactics, techniques, and procedures (TTPs).
Security Strategy & Risk Management
- Contribute to the development of a comprehensive adversary operations strategy aligned with organizational risk management goals.
- Provide executive leadership with detailed reports on security gaps, risks, and the effectiveness of security controls.
- Prioritize remediation efforts based on risk impact and operational feasibility.
Tool Development & Automation
- Automate common penetration testing tasks using Python, PowerShell, or Bash scripting to increase efficiency.
- Contribute to the development of custom tools for red teaming and penetration testing.
Incident Response Support
- Assist the incident response team by providing adversary tactics insights during active investigations.
- Collaborate on developing threat-hunting use cases and refining detection capabilities based on attack simulations.
Required Qualifications
- 5+ years of hands-on experience in penetration testing, red teaming, or offensive security.
- 3+ years of experience in Kali Linux, Metasploit, Nmap, Burp Suite, and/or other related tools.
- 3+ years of experience in scripting languages (Python, PowerShell, Bash,etc).
- 3+ years of experience with cloud security (AWS, Azure, GCP) and container security.
Preferred Qualifications
- Relevant certifications such as OSCP, OSCE, CISSP, CEH, or GPEN.
- Experience in managing or participating in purple team exercises.
- Familiarity with compliance standards like PCI-DSS, HIPAA, or ISO 27001.
- Strong understanding of security frameworks such as MITRE ATT&CK, NIST, and CIS.
- Strong communication skills with the ability to translate complex security issues to non-technical stakeholders.
Education
- Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)
Anticipated Weekly Hours
40Time Type
Full timePay Range
The typical pay range for this role is:
$83,430.00 - $222,480.00This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.
Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.
Great benefits for great people
We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families.
Additional details about available benefits are provided during the application process and on Benefits Moments.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.
Skills Required
- 5+ years of hands-on experience in penetration testing, red teaming, or offensive security
- 3+ years of experience in Kali Linux, Metasploit, Nmap, Burp Suite, and/or other related tools
- 3+ years of experience in scripting languages (Python, PowerShell, Bash,etc)
- 3+ years of experience with cloud security (AWS, Azure, GCP) and container security
CVS Health Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about CVS Health and has not been reviewed or approved by CVS Health.
-
Healthcare Strength — Healthcare coverage is positioned as comprehensive for benefits-eligible colleagues, including medical, dental, and vision with free preventive care and access to virtual care and select no-cost MinuteClinic services. Mental health support is also highlighted with no-cost confidential counseling sessions per issue.
-
Retirement Support — Retirement benefits include a 401(k) with a dollar-for-dollar match up to 5% after meeting service and hours requirements. Ownership programs are also offered through an employee stock purchase plan with a stated purchase discount.
-
Pay Growth & Progression — A companywide minimum wage floor establishes a baseline that is framed as a positive starting point in some roles and markets. Unionized or high-cost areas are described as having clearer wage scales and step-ups that can materially lift pay over time.
CVS Health Insights
What We Do
CVS Health is the leading health solutions company that delivers care in ways no one else can. We reach people in more ways and improve the health of communities across America through our local presence, digital channels and our nearly 300,000 dedicated colleagues – including more than 40,000 physicians, pharmacists, nurses and nurse practitioners. Wherever and whenever people need us, we help them with their health – whether that’s managing chronic diseases, staying compliant with their medications, or accessing affordable health and wellness services in the most convenient ways. We help people navigate the health care system – and their personal health care – by improving access, lowering costs and being a trusted partner for every meaningful moment of health. And we do it all with heart, each and every day.
