Responsibilities
1. Define and execute purple team sprints that materially and demonstrably improve TP ICAP's ability to prevent and detect modern attacks.
2. Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures.
3. Through the delivery of purple team sprints, identify opportunities to reduce TP ICAP's attack surface using preventative controls.
4. Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection.
5. Develop processes for attack surface monitoring and constant validation through automation.
6. Act as an escalation point for the SOC and assist with incident response.
Experience /petences
Essential
7. Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity.
8. Deep understanding of modern attacker tools, techniques and procedures.
Desired
9. Active contributor to offensive security research and/or tooling, perhaps presenting this research at industry-recognised conferences and forums.
10. Experience working with a SOC to:
Tune existing rules and increase alert fidelity/decrease alert fatigue Include analysts on the purple team journey, aiding in staff retention Train analysts in modern attacker TTPs and the 'attacker mindset'
11. Able to evade defensive controls such as EDR and AV, tailoring open source tooling and rolling your own where required.
12. Experience using Infrastructure-as-Code to support emulation activities, for example Terraform/Ansible.
13. Experience attacking or securing AWS infrastructure.
14. Development experience in one or more programming languages, with one of them ideally being python.
Not The Perfect Fit?
Concerned that you may not meet the criteria precisely? At TP ICAP, we wholeheartedly believe in fostering inclusivity and cultivating a work environment where everyone can flourish, regardless of your personal or professional background. If you are enthusiastic about this role but find that your experience doesn't align perfectly with every aspect of the job description, we strongly encourage you to apply. You may be the ideal candidate for this position or another opportunity within our organisation. Our dedicated Talent Acquisition team is here to assist you in recognising how your unique skills and abilities can be a valuable contribution. Don't hesitate to take the leap and explore the possibilities. Your potential is what truly matters to us.
We know that the best innovation happens when diverse people with different perspectives and skills work together in an inclusive atmosphere. That's why we're building a culture where everyone plays a part in making people feel wee, ready and willing to contribute. TP ICAP Accord - our Employee Network - is a central to this. As well as representing specific groups, TP ICAP Accord helps increase awareness, collaboration, shares best practice, and holds our firm to account for driving continuous cultural improvement.
Location
UK - City Quays - Belfast Job ID R2389