The TP ICAP Group is a world leading provider of market infrastructure. Our purpose is to provide clients with access to global financial and commodities markets, improving price discovery, liquidity, and distribution of data, through responsible and innovative solutions. Through our people and technology, we connect clients to superior liquidity and data solutions. The Group is home to a stable of premium brands. Collectively, TP ICAP is the largest interdealer broker in the world by revenue, the number one Energy & Commodities broker in the world, the world's leading provider of OTC data, and an award winning all-to-all trading platform. The Group operates from more than 60 offices in 27 countries. We are 5,300 people strong. We work as one to achieve our vision of being the world's most trusted, innovative, liquidity and data solutions specialist. Role Overview Operating as a function of Cyber Defence under Information Security, you will lead TP ICAP's purple teaming function, and ensure the firm is well positioned to prevent and detect modern cyber-attacks. As TP ICAP embarks on extensive EDR and SIEM refresh projects, you will be responsible for ensuring these tools are fit for purpose through the delivery of threat-led sprints, and the creation or customisation of attack detection rules. Being able to model sophisticated and persistent adversaries is essential, and you will be given existing tools such as Prelude, Cobalt Strike, and Vectr to support you, plus any others that you identify. Role Responsibilities Define and execute purple team sprints that materially and demonstrably improve TP ICAP's ability to prevent and detect modern attacks. Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures. Through the delivery of purple team sprints, identify opportunities to reduce TP ICAP's attack surface using preventative controls. Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection. Develop processes for attack surface monitoring and constant validation through automation. Act as an escalation point for the SOC and assist with incident response. Experience / Competences Essential Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity. Deep understanding of modern attacker tools, techniques and procedures. Comfortable identifying appropriate telemetry sources to collect, and using these to build custom attack detection rules where out the box capability doesn't exist. Desired Active contributor to offensive security research and/or tooling, perhaps presenting this research at industry-recognised conferences and forums. Experience working with a SOC to: Tune existing rules and increase alert fidelity/decrease alert fatigue Include analysts on the purple team journey, aiding in staff retention Train analysts in modern attacker TTPs and the 'attacker mindset' Able to evade defensive controls such as EDR and AV, tailoring open source tooling and rolling your own where required. Experience using Infrastructure-as-Code to support emulation activities, for example Terraform/Ansible. Experience attacking or securing AWS infrastructure. Development experience in one or more programming languages, with one of them ideally being python. Not The Perfect Fit? Concerned that you may not meet the criteria precisely? At TP ICAP, we wholeheartedly believe in fostering inclusivity and cultivating a work environment where everyone can flourish, regardless of your personal or professional background. If you are enthusiastic about this role but find that your experience doesn't align perfectly with every aspect of the job description, we strongly encourage you to apply. You may be the ideal candidate for this position or another opportunity within our organisation. Our dedicated Talent Acquisition team is here to assist you in recognising how your unique skills and abilities can be a valuable contribution. Don't hesitate to take the leap and explore the possibilities. Your potential is what truly matters to us. Company Statement We know that the best innovation happens when diverse people with different perspectives and skills work together in an inclusive atmosphere. That's why we're building a culture where everyone plays a part in making people feel welcome, ready and willing to contribute. TP ICAP Accord - our Employee Network - is a central to this. As well as representing specific groups, TP ICAP Accord helps increase awareness, collaboration, shares best practice, and holds our firm to account for driving continuous cultural improvement. Location UK - City Quays - Belfast