Location: London (hybrid)
Salary: £60,000 - £65,000
The Role
We employ over 6,000 professionals, in over 85 offices, across 46 jurisdictions throughout the Americas, Europe, Middle East, and Asia Pacific.
What you will do:
We are looking for a Cyber Security Specialist, with a focus on deception capabilities and techniques. The successful candidate will have previous experience in offensive security and/or defensive security and will be highly motivated to help make our defences better in an active, collaborative, and hands-on way.
The successful candidate will contribute to and assist with delivering the daily operations of our Security Purple Teaming Program. The goal of this program is to continually improve the threat detection, prevention and response capabilities in collaboration with all relevant teams, including but not limited to:
• Adversary Emulation
• Threat Intelligence
• Information Fusion
• Detection and Response
Key Responsibilities Include:
• Perform technical security assessments, audits and compliance checks, including red teaming, penetration tests, table top exercises, vulnerability scans, configuration reviews and network traffic analysis.
• Perform security risk assessments that support business requirements, and recommend mitigations and countermeasures to address risks, vulnerabilities and threats
• Ensure operational effectiveness of SOC, network traffic monitoring, detection and blocking of malicious traffic
• Research security enhancements and make recommendations to management
• Stay up-to-date on information technology trends and security standards
• Monitor and develop threat intelligence feeds for Security Operations.
• Analysis of email and web-based threat defences
• Forensic investigation of suspicious devices
• Offer security subject matter expertise during design and implementation of new security products, policies, and procedures
• Regularly monitor the ticket queue, to look for and prioritise security incidents
• Excellent technical writing and verbal skills
• Previous experience with any of the following: offensive security, penetration testing, vulnerability management, malware analysis, threat intelligence, security operations, exploit development, threat hunting, network security, digital forensics
• Good understanding of not only typical attack paths and threat scenarios and how they could realistically apply to our environment and context, but also of detection or prevention controls that could apply to said attack path
• Good OS internals knowledge (Windows, Linux and/or MacOS)
• Some knowledge of security telemetry sources (e.g., endpoint, network, applicational, etc.), security controls and hardening configurations that can be leveraged
• Some understanding of common defence evasion strategies
• Some reverse engineering experience – you will need to find ways to understand on a deeper and hands-on level how attacker tradecraft works so you can advise on how our defences can be feasibly improved
• Good troubleshooting skills
• Some programming and scripting experience (e.g. Python, C#, Bash, PowerShell, C++, etc.)
• Familiarity with Mitre ATT&CK and other relevant frameworks Manage business continuity plans, ensuring annual testing and maintenance by relevant offices in the region.
Qualifications: Attributes and Technical Skills
• Hands on experience with ethical hacking and exploit tolls, defence and gateway technology alongside SIEM data analytics.
• Excellent interpretation and presentation skill with an in-depth understanding of preventative security technology, including email phishing/spam filtering/malware detection/blocking)
• Experience with SIEM platforms such as ArcSight, Splunk, or LogRhythm
• Full-stack knowledge from network to server
• Used to working with third party security specialist services
• Ability to think ahead and plan/build the infrastructure with scale and resiliency for the business
• Knowledge of McAfee Enterprise suite including antivirus, HIPS, and rogue device detection
• Good experience in setting up monitoring tools and integration with Service management
• Good working Knowledge & experience on Cloud infrastructure such as MS O365, MS Azure, AWS and Email filtering
• Run attack simulations and validate if their results reflect a gap in detection and/or prevention capabilities expected and provide advice and active assistance with making the necessary changes and improvements
• Operate and help manage Breach Simulation tools
• Assist with scoping of purple team engagements and other projects
• Assist with detection engineering tasks – writing, evaluating and improving existing or new detection rules, including rules specific to our products
• Assist with development of automations related to purple team operations and/or detection/prevention/defensive operations in general
• Research and stay up to date with new attacker behaviour and techniques, plus their respective detection and prevention opportunities
• Liaise with other teams within Security (including Threat Intel Fusion), Engineering and IT on what concerns improving our detection, prevention and response capabilities, knowledge sharing and training on adversary tradecraft and TTPs
• Assist with setting up and maintaining purple team infrastructure
• Assist with writing and maintaining documentation for any work and projects carried out
• Good presentation, oral and written communication skills
Experience, education and professional accreditations
• Over 5 years’ experience within Information & Cyber Security working within a business services organisation
• Degree educated in an IT related discipline
• Technology certifications in at least one discipline such as Microsoft Certified Security Expert/Architect/Administrator/Analyst, Cisco CCNA/CCNP, CREST CRT/CPSA, Offensive Security OSCP or equivalent.
• An ITIL Foundation Certificate would be an advantage.
• An IT Security related qualification such as CISSP/CISM/CCSP.