Director, Offensive Security(remote)

Become a part of our caring community and help us put health first
 

The Director, Offensive Security designs, organizes, and oversees program and team-level activities intended to simulate threat actors and pressure test Humana’s defenses, ability to respond to adversaries, and security controls. The Director, Offensive Security requires an in-depth understanding of how organization capabilities interrelate across the function or segment.

We are searching for experienced leader who can utilize solid business knowledge and expert technical experience in Cyber Threat Simulation (CTS) to deliver strategy, roadmap, and execution for our Penetration testing, Red Team, and Breach Attach Simulation lines of service..  As a Director you will be accountable for the strategy, planning, execution, and staffing associated with Cyber Threat Simulation services. You will lead and develop a team of associates to deliver services that meet customer expectations while continuously iterating. This role works closely with all areas of Enterprise Information Protection (EIP)’s, business units, and strategic partners and vendors to ensure security initiatives and operations are in line with all other key initiatives that may have interdependencies.

 

 Primary Responsibilities

• Define CTS vision, strategy, and roadmap.
• Define and achieve annual OKR’s (Objectives and Key Results)
• Define maturity targets and deliver iterative maturity improvements continuously as assessed by internal and 3rd party maturity assessors.
• Accountable for the strategy, planning, and execution of the following services;
• Penetration testing,
• Red Teaming,
• Purple Teaming,
• Cyber Control Testing,
• Bug Bounty
• Breach Attack Simulation.
• Partner with Product Security and Threat Management & Responses teams to improve outcomes, cyber posture, and delivery velocity.
• Improve planning, scheduling, and funding of Penetration Testing delivery by partnering with Information Security Officer teams and Application owners.
• Provide service or campaign support during business hours and after hours as needed.
• Conduct regular product self-audits and produce product metrics illustrating KPI’s and KRI’s.
• Ensure the CTS culture is positive and aligns to EIP’s culture.
• Recruit, lead, develop, and mentor a team of 20+ highly specialized associates.
• Set team specific goals and conduct performance reviews.
• Manage the team’s budget and provide budget forecasts (labor and non-labor).
• Act as a subject matter expert on the implementation and capabilities of Cyber Threat Simulation.
• Identifies the need for new security technology solutions; designs, reviews and collaborates on the deployment of new solutions.
• Actively contribute to working groups and consortiums as needed.

Use your skills to make an impact
 

Required Qualifications:

• Strong communication, organization, and presentation skills.
• Offensive security and complex attack structure experience.
• Experience with cyber practices such as (not all are required):
• Penetration testing
• Control testing
• Red Teaming
• Purple Teaming
• Software development
• Digital forensics and incident response
• Cyber countermeasure operations
• Cloud security
• Threat modeling skills and abuse case development with focuses such as (not all are required):
• Active Directory
• Cloud (Azure, GCP, or AWS)
• Mobile (android or Apple)
• Containers and K8
• SaaS and Salesforce
• AI/ML
• Network
• Identity AuthN/Z platforms
• Experience with NIST, PCI, or equivalent.
• Experience with a formal requirements definition and RFI/RFP process.
• Experience managing, developing, and leading teams of professionals
• Experience with at least 1 programming language.

Preferred Qualifications:

• Bachelor's degree in an IT-related field required; post-graduate degree is a bonus, but not required
• Knowledge of the Mitre ATT&CK framework and NIST Cyber Security Framework
  Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
• Experience with incident response (DFIR)
• Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms.
• Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
• Experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
• Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
• Solid knowledge and understanding of systems development life cycle (SDLC).
• Demonstrated experience communicating technical information to business clients and less experienced technologists.
• OSCP or equivalent.
• CISSP, CISM or equivalent
• Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
• Cloud Security Alliance (CCSP, CCSK) (ISC)2

Remote/WAH requirements:

• WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
• A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.  
• Satellite and Wireless Internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

This is a remote role

#LI-Remote

Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.

Scheduled Weekly Hours

40

Pay Range

The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.

 

$189,400 - $260,500 per year

 

This job is eligible for a bonus incentive plan. This incentive opportunity is based upon company and/or individual performance.

Description of Benefits

Humana, Inc. and its affiliated subsidiaries (collectively, “Humana”) offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.

Application Deadline: 04-15-2025

About us
 

Humana Inc. (NYSE: HUM) is committed to putting health first – for our teammates, our customers and our company. Through our Humana insurance services and CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare, Medicaid, families, individuals, military service personnel, and communities at large.

Equal Opportunity Employer

It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or veteran status. It is also the policy of Humana to take affirmative action to employ and to advance in employment, all persons regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.