Hoag Memorial Hospital Presbyterian

Job Description

The Lead Offensive Security Engineer leads the design, execution, and continuous improvement of Hoag's offensive security program. This role proactively identifies, validates, and assesses vulnerabilities by simulating advanced adversary tactics, techniques, and procedures (TTPs). Provides expert guidance and mentorship, ensuring the organization's security posture is rigorously tested against real-world threats and fully aligned with healthcare regulatory requirements.

• Leads and conducts advanced, objective-based penetration tests and red team engagements against corporate networks, cloud environments (AWS/Azure), web applications, and mobile applications.
• Designs and executes security assessments of critical healthcare infrastructure, including the Internet of Medical Things (IoMT), operational technology (OT), and other clinical systems, to identify vulnerabilities affecting patient care and data integrity.
• Performs targeted social engineering (phishing, vishing, physical) simulations to test and improve human- and process-level security controls.
• Develops and maintains a modern offensive security toolset; automates engagement tasks and TTP simulation using scripting (Python, PowerShell, etc.).
• Partners with defensive (Blue Team) and engineering teams to conduct 'Purple Team' exercises, testing and enhancing the effectiveness of defensive controls (SIEM, EDR, CASB).
• Develops detailed, high-quality reports with actionable remediation recommendations and presents findings to both technical and executive leadership.
• Mentors junior engineers and provides offensive security subject matter expertise across the organization.
• Continuously researches emerging adversary TTPs, new vulnerabilities, and exploitation techniques, integrating this intelligence into the testing methodology.
• Provides technical validation for compliance and risk management (HIPAA, NIST, CIS), demonstrating the real-world impact of identified risks.
• Assist with advanced incident response and forensic investigations by providing an attacker's perspective and root cause analysis.

Qualifications

Qualifications

Education and Experience

• Bachelor’s degree in Cyber Security, Computer Science, Computer Information Systems, or related technical field, or equivalent work experience.
• 5+ years’ experience in a dedicated Offensive Security role (e.g., Penetration Tester, Red Team Operator, Security Consultant).
• Expert-level understanding of network protocols, cryptography, application security (OWASP Top 10), and common attack frameworks (MITRE ATT&CK).
• Advanced knowledge of Windows, Linux, and cloud platform (AWS, Azure) exploitation, configuration, and hardening.
• Proven experience with common penetration testing tools (e.g., Burp Suite, Cobalt Strike, Metasploit, Nmap) and custom script/tool development.
• Strong understanding of regulatory frameworks (HIPAA, NIST, CIS) and their application to offensive security.
• Excellent communication and report-writing skills, with the ability to articulate complex technical vulnerabilities to diverse audiences.
• Experience assessing specialized systems (e.g., IoMT, OT, embedded devices) is preferred.

Certifications Preferred:

• OSCP (Offensive Security Certified Professional) , CPTS (Certified Penetration Testing Specialist)
• OSWE (Offensive Security Web Expert), CWEE (Certified Web Exploitation Expert)
• OSEP (Offensive Security Experienced Penetration Tester)
• Other advanced, hands-on offensive certifications (e.g., CAPE, OSED, OSEE)

About Us

Hoag Memorial Hospital Presbyterian is a nonprofit regional health care delivery network in Orange County, California, consisting of three acute-care hospitals with sixteen urgent care centers, eleven health centers and a network of more than1,800 physicians, 100 allied health members, 8,000 employees, and 2,000 volunteers. More than 30,000 inpatients and 550,000 outpatients choose Hoag each year.

For over 70 years, Hoag has delivered a level of personalized care that is unsurpassed among Orange County’s health care providers. Since 1952, Hoag has served the local communities and continues its mission to provide the highest quality health care services through the core strategies of quality and service, people, physician partnerships, strategic growth, financial stewardship, community benefit and philanthropy.

Hoag offers a comprehensive blend of health care services including six institutes providing specialized care in the areas of cancer, heart and vascular, neurosciences, women's health, orthopedics, and digestive health through our institutes.

Hoag was the highest ranked hospital in Orange County in the 2024-2025 U.S. News &World Report, the only Orange County hospital ranked in the top 10 for California. The organization was ranked the #5 hospital in the Los Angeles Metro Area and the #10 hospital in California.

To learn more about Hoag’s awards and accreditations, visit: https://www.hoag.org/about-hoag/awards-accreditations/.

Hoag is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind. Hoag is committed to the principle of equal employment opportunity for all employees and providing employees with a work environment free of discrimination and harassment. Hoag hires a diverse group of people in a manner that allows them to reach their full potential in the pursuit of organizational objectives.