Social network you want to login/join with:
Role Overview
Operating as a function of Cyber Defence under Information Security, you will lead TP ICAP’s purple teaming function, ensuring the firm is well positioned to prevent and detect modern cyber-attacks. With ongoing EDR and SIEM refresh projects, you will be responsible for ensuring these tools are fit for purpose through threat-led sprints and the creation or customization of attack detection rules.
Modeling sophisticated and persistent adversaries is essential. You will utilize existing tools such as Prelude, Cobalt Strike, and Vectr, along with any others you identify, to support your efforts.
Role Responsibilities
* Define and execute purple team sprints to improve TP ICAP’s attack prevention and detection capabilities.
* Simulate attacker TTPs and develop detection rules and response procedures accordingly.
* Identify opportunities to reduce the attack surface through preventative controls during purple team activities.
* Collaborate with the Security Engineering team to support deployment and tuning of security tools related to prevention and detection.
* Develop automated processes for attack surface monitoring and validation.
* Act as an escalation point for the SOC and assist with incident response.
Experience / Competences
* Practical experience emulating sophisticated cyber-attacks, preferably in a purple or red team role.
* Deep understanding of attacker tools, techniques, and procedures.
* Ability to identify telemetry sources and build custom attack detection rules where out-of-the-box capabilities are insufficient.
* Active contribution to offensive security research or tooling, with experience presenting at industry conferences.
* Experience working with a SOC to tune rules, reduce alert fatigue, and train analysts in attacker TTPs and mindset.
* Ability to evade defensive controls like EDR and AV, customizing open-source tools and developing new ones as needed.
* Experience with Infrastructure-as-Code tools such as Terraform or Ansible to support emulation activities.
* Experience attacking or securing AWS infrastructure.
* Development skills in one or more programming languages, preferably Python.
#J-18808-Ljbffr