Hoag Health System · 2 days ago
Cyber Security Systems Engineer - Lead: Corporate Information Security
1190 Baker St, Costa Mesa, CA, 92626, US
Full-time
Onsite
Senior Level, Lead/Staff
$65.83/hr - $101.76/hr
5+ years expHoag Health System is a nonprofit regional health care delivery network in Orange County, California. They are seeking a Lead Offensive Security Engineer to lead the design and execution of their offensive security program, ensuring the organization's security posture is rigorously tested against real-world threats.
Hospital & Health Care
Responsibilities
Leads and conducts advanced, objective-based penetration tests and red team engagements against corporate networks, cloud environments (AWS/Azure), web applications, and mobile applications
Designs and executes security assessments of critical healthcare infrastructure, including the Internet of Medical Things (IoMT), operational technology (OT), and other clinical systems, to identify vulnerabilities affecting patient care and data integrity
Performs targeted social engineering (phishing, vishing, physical) simulations to test and improve human- and process-level security controls
Develops and maintains a modern offensive security toolset; automates engagement tasks and TTP simulation using scripting (Python, PowerShell, etc.)
Partners with defensive (Blue Team) and engineering teams to conduct 'Purple Team' exercises, testing and enhancing the effectiveness of defensive controls (SIEM, EDR, CASB)
Develops detailed, high-quality reports with actionable remediation recommendations and presents findings to both technical and executive leadership
Mentors junior engineers and provides offensive security subject matter expertise across the organization
Continuously researches emerging adversary TTPs, new vulnerabilities, and exploitation techniques, integrating this intelligence into the testing methodology
Provides technical validation for compliance and risk management (HIPAA, NIST, CIS), demonstrating the real-world impact of identified risks
Assist with advanced incident response and forensic investigations by providing an attacker's perspective and root cause analysis
Qualification
Required
Bachelor's degree in Cyber Security, Computer Science, Computer Information Systems, or related technical field, or equivalent work experience
5+ years' experience in a dedicated Offensive Security role (e.g., Penetration Tester, Red Team Operator, Security Consultant)
Expert-level understanding of network protocols, cryptography, application security (OWASP Top 10), and common attack frameworks (MITRE ATT&CK)
Advanced knowledge of Windows, Linux, and cloud platform (AWS, Azure) exploitation, configuration, and hardening
Proven experience with common penetration testing tools (e.g., Burp Suite, Cobalt Strike, Metasploit, Nmap) and custom script/tool development
Strong understanding of regulatory frameworks (HIPAA, NIST, CIS) and their application to offensive security
Excellent communication and report-writing skills, with the ability to articulate complex technical vulnerabilities to diverse audiences
Preferred
Experience assessing specialized systems (e.g., IoMT, OT, embedded devices) is preferred
OSCP (Offensive Security Certified Professional)
CPTS (Certified Penetration Testing Specialist)
OSWE (Offensive Security Web Expert)
CWEE (Certified Web Exploitation Expert)
OSEP (Offensive Security Experienced Penetration Tester)
Other advanced, hands-on offensive certifications (e.g., CAPE, OSED, OSEE)
Company
Hoag Health System
Hoag is a nonprofit, regional health care delivery system in Orange County, California.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Robert Braithwaite
President and Chief Executive Officer
Eric Cheung
Chief Legal Officer, General Counsel, Senior Vice President
Recent News
PR Newswire
2025-07-14
Company data provided by crunchbase