Red Team Analyst

About eClinicalWorks

eClinicalWorks is a privately held leader in healthcare IT, dedicated to providing comprehensive, cloud-based EHR/PRM solutions to medical professionals globally. Our mission is to improve workflows and reduce physician burnout. We are committed to positive change and value creativity, innovation, dedication, education, and teamwork. Join our fast-paced, fun, and culturally diverse environment and make a real difference in healthcare.

Overview of the Red Team Analyst Role

The Red Team Analyst plays a crucial role in eClinicalWorks' overall cybersecurity strategy and risk management. This position primarily focuses on offensive security operations, including identifying, analyzing, and exploiting vulnerabilities across our digital landscape. You will be responsible for penetration testing, infrastructure and application reviews, red/purple team assessments, and other related support activities. Success in this role requires a solid background in offensive security tactics, techniques, and procedures, along with proficiency in common security tools and frameworks. You will have the ability and responsibility to work independently while also collaborating effectively with team members and other personnel across the enterprise. Flexibility and a positive attitude are highly valued.

Key Responsibilities

• Implement network and application penetration testing engagements to uncover vulnerabilities.
• Execute red team operations, emulating various threat actors with wide-ranging size and scope.
• Perform other security assessments and reviews using applicable methods and analysis.
• Provide recommendations based on identified risk factors and security best practices.
• Deploy, maintain, and enhance infrastructure (systems, tools) for offensive security operations.
• Conduct various periodic social engineering exercises.
• Produce clear documentation detailing activities, findings, and results.
• Bolster relevant domain knowledge through continuous content consumption, training, and professional development.
• Support processes and teammates with optimism and versatility.

Qualifications

Core Skills / Experience

• 5+ years of experience in enterprise cybersecurity, with at least 2 years in penetration testing or red teaming.
• Proficient working with common IT infrastructure components, including Windows, Linux, Networking, Active Directory, and Azure.
• Experienced and adept with common security tools such as Kali, Metasploit, Nmap, and Burp Suite.
• Competent scripting skills in languages like Python, Bash, and PowerShell, with the ability to apply them creatively.
• Well-versed in information security controls and best practices.
• Knowledgeable in the MITRE ATT&CK framework and various attack methodologies.
• Knowledgeable in vulnerability analysis, classification, and risks (CVSS, CVE, CWE).

Additional Skills / Experience

• Relevant certifications from bodies like OffSec, Altered Security, SANS, Zero-Point, or HTB.
• Advanced knowledge and expertise in AV/EDR evasion and exploit development.
• Advanced knowledge and experience with Azure security controls and configuration.

Compensation and Benefits

The salary range for the Red Team Analyst role is $150,000 - $190,000 USD, exclusive of potential bonuses. Your base salary will be determined by professional background, skills, education, and experience. eClinicalWorks offers a rich suite of benefits including eighteen days of Paid Time Off (scaling with tenure), nine Paid Holidays, one Floating Holiday, and comprehensive insurance (medical, dental, vision, basic life, short-term disability, long-term disability, business travel accident, accidental death and dismemberment). Additionally, we provide a 401(k) plan with a Company safe harbor contribution, Flexible Spending Accounts for Health Care and Dependent Care, limited personal leave, and various voluntary benefits like additional insurance, genetic testing, and a legal plan. An annual discretionary bonus is also offered to eligible employees.

Key skills/competency

• Offensive Security
• Penetration Testing
• Red Teaming
• Vulnerability Analysis
• MITRE ATT&CK
• Azure Security
• Scripting (Python, Bash, PowerShell)
• Network Security
• Application Security
• Exploit Development