Cardinal Health
Manager,CyberOperations
“Manager, Cyber Operations at Cardinal Health. Skills: Purple Team operations, adversarial emulation, penetration testing, detection validation, security automation, detection-as-code. Lead Purple Team operations across adversarial emulation, penetration testing, detection validation, and control assurance.. Define and evolve the Purple Team strategy and roadmap.”
What You'll Achieve.
continuously validate and strengthen Cardinal Health’s cyber defenses.; building and operating a highly effective Purple Team; guiding the organization through a transformational evolution toward automation-first, detection-as-code, and emerging agentic security capabilities.; ensuring activities reflect real-world threat actor behavior and enterprise risk priorities.; Ensure Purple Team findings lead to measurable improvements in detections, response playbooks, logging coverage, and platform resilience.; measurable improvements in detections, response playbooks, logging coverage, and platform resilience.; measurable risk reduction.; Adversarial emulations reflect current and emerging threat actor behaviors.; Detection and response improvements are directly traceable to Purple Team findings.; Automation and agentic capabilities increase coverage while reducing manual effort.; Team members show technical growth, engagement, and clear development paths.; Security partners actively seek Purple Team input on architecture and operational decisions.
Industry & Context.
translate complex security outcomes into actionable improvements aligned to business risk; Ability to translate adversarial testing outcomes into measurable risk reduction.
What They're Looking For.
Must Have
Deep experience in offensive security, detection engineering, Purple Team operations, or related cyber disciplines., Demonstrated technical leadership across attack simulation, detection validation, and security automation., Proven experience leading inclusive, high-performing technical teams., communication and influencing skills across engineering, leadership, and business stakeholders., Ability to operate effectively in complex, matrixed enterprise environments and through transformation., Experience implementing detection-as-code, automated validation frameworks, or agentic security capabilities., Background supporting large-scale enterprise, cloud, or M&A integration environments., Ability to translate adversarial testing outcomes into measurable risk reduction.
What You'll Do.
Lead Purple Team operations across adversarial emulation
and control assurance.
Define and evolve the Purple Team strategy and roadmap.
Drive the transition toward detection-as-code
and agentic security workflows.
Provide hands-on technical guidance across attack simulation frameworks
and telemetry quality.
Ensure Purple Team findings lead to measurable improvements in detections
and platform resilience.
and lead a diverse and inclusive Purple Team.
Foster an environment of psychological safety
and continuous learning.
Balance hands-on technical leadership with effective delegation
and long-term capacity planning.
Coach engineers to grow from task execution into systems thinking
and cross-functional influence.
Partner with Incident Response
Detection Engineering
and Application Security.
Serve as a trusted advisor to security and technology leaders on adversarial risk
and assurance maturity.
Communicate Purple Team outcomes clearly to technical and non-technical stakeholders.
well-governed processes for adversarial testing
and post-exercise follow-through.
Ensure Purple Team activities support regulatory
and customer assurance needs.
and coverage gaps to inform continuous improvement and executive reporting.
How You'll Work.
Team & Collaboration
partnering closely with Incident Response, Threat Intelligence, Detection Engineering, Platform Engineering, and Application Security; Partner with Incident Response, Threat Intelligence, Detection Engineering, Platform Engineering, and Application Security to align adversarial testing with active threats and evolving architectures.; Serve as a trusted advisor to security and technology leaders on adversarial risk, detection gaps, and assurance maturity.; Communicate Purple Team outcomes clearly to technical and non-technical stakeholders, translating findings into risk-informed decisions.; Security partners actively seek Purple Team input on architecture and operational decisions.
Communication Scope
communication and influencing skills across engineering, leadership, and business stakeholders; Communicate Purple Team outcomes clearly to technical and non-technical stakeholders, translating findings into risk-informed decisions.
Process & Methodology
prioritization, long-term capacity planning
Applying for this Manager, Cyber Operations role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Cardinal Health?
Real rants from real employees. Read before you apply.