-
Senior Cyber Security Engineer, Security…
- Community Health Systems (Franklin, TN)
-
Job Summary
As a Senior Cybersecurity Engineer in the Security Validation team, you will be a key member of our Red Team operations, leading efforts to emulate real-world threat scenarios and validate the effectiveness of enterprise defenses across our expansive healthcare environment. This role requires advanced offensive security capabilities, deep knowledge of adversary tactics, and the ability to communicate findings clearly to both technical and executive stakeholders.
You will design and execute advanced threat simulations against our infrastructure—cloud, clinical systems, APIs, IoT medical devices, and enterprise platforms—helping CHS proactively identify and mitigate systemic weaknesses. You will also work with internal teams and third parties to provide feedback on the relevance of vulnerabilities to CHS systems, ensuring alignment between threat findings and risk remediation efforts. Your work will directly impact patient safety, data integrity, and regulatory compliance across a network of hospitals and clinics.
Essential Functions
+ Lead Red Team engagements emulating real-world threat actors, including APTs and insider threats, aligned with MITRE ATT&CK.
+ Conduct Security Validation Exercises across cloud, on-prem, hybrid, and medical environments to measure resilience against defined threat scenarios.
+ Develop and maintain custom tools, exploits, and payloads to simulate evolving adversarial behavior.
+ Collaborate with Blue and Purple Teams to refine detections, validate logging, and improve response capabilities.
+ Identify and characterize security risks in critical systems such as EMRs, PACS, medical IoT, and enterprise SaaS platforms.
+ Produce detailed reports and executive summaries, translating technical findings into actionable mitigation strategies.
+ Design tabletop and live-fire exercises that evaluate organizational readiness, incident response workflows, and security control efficacy.
+ Monitor threat intelligence specific to the healthcare industry and adjust validation activities accordingly.
+ Perform continuous threat hunting to identify vulnerabilities and gaps in monitoring across the CHS enterprise.
+ Ensure Red Team operations follow defined rules of engagement, safeguarding patient care and system availability.
+ Participate in compliance-driven assessments (e.g., HIPAA Security Rule, HITRUST) by providing validation evidence and attack simulations.
+ Mentor junior staff and foster a culture of offensive security awareness and continuous improvement.
Qualifications
+ Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related field
+ Master’s Degree or professional coursework in Offensive Security, Information Assurance, or Threat Intelligence
Duration:
+ 5+ years of cybersecurity experience
+ 3+ years in offensive security or Red Team roles
Activities:
+ Proven experience performing Red Team or Purple Team engagements in large enterprise environments
+ Expertise in security validation, threat modeling, and adversary simulation
+ Demonstrated experience in regulated environments— **healthcare industry experience highly preferred**
+ Hands-on proficiency with tools such as Cobalt Strike, Metasploit, BloodHound, Covenant, Caldera, or similar
+ Familiarity with security challenges in cloud platforms (Azure/AWS/GCP), medical IoT, and EHR/EMR systems
Competencies:
+ Deep understanding of attack lifecycle, threat emulation frameworks, and operational security
+ Strong written and verbal communication skills—ability to brief executive leadership
Equal Employment Opportunity
This organization does not discriminate in any way to deprive any person of employment opportunities or otherwise adversely affect the status of any employee because of race, color, religion, sex, sexual orientation, genetic information, gender identity, national origin, age, disability, citizenship, veteran status, or military or uniformed services, in accordance with all applicable governmental laws and regulations. In addition, the facility complies with all applicable federal, state and local laws governing nondiscrimination in employment. This applies to all terms and conditions of employment including, but not limited to: hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. If you are an applicant with a mental or physical disability who needs a reasonable accommodation for any part of the application or hiring process, contact the director of Human Resources at the facility to which you are seeking employment; Simply go to http://www.chs.net/serving-communities/locations/ to obtain the main telephone number of the facility and ask for Human Resources.
-
Recent Jobs
-
Senior Cyber Security Engineer, Security Validation
- Community Health Systems (Franklin, TN)
-
Case Manager (RN) | Case Management & Social Work
- Houston Methodist (Houston, TX)
-
Surgery Scheduler
- Banner Health (Mesa, AZ)
-
Adjunct Assistant Professor - Philosophy
- Farmingdale State College (Farmingdale, NY)