Social network you want to login/join with:
Operating as a function of Cyber Defence under Information Security, you will lead TP ICAP’s purple teaming function, ensuring the firm is well positioned to prevent and detect modern cyber-attacks. As TP ICAP embarks on extensive EDR and SIEM refresh projects, you will be responsible for ensuring these tools are fit for purpose through the delivery of threat-led sprints and the creation or customization of attack detection rules.
Being able to model sophisticated and persistent adversaries is essential, and you will be given existing tools such as Prelude, Cobalt Strike, and Vectr to support you, plus any others that you identify.
Role Responsibilities
Define and execute purple team sprints that materially and demonstrably improve TP ICAP’s ability to prevent and detect modern attacks. Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures. Identify opportunities to reduce TP ICAP’s attack surface using preventative controls through the delivery of purple team sprints. Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection. Develop processes for attack surface monitoring and constant validation through automation. Act as an escalation point for the SOC and assist with incident response. Experience / Competences
Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity. Deep understanding of modern attacker tools, techniques, and procedures. Comfortable identifying appropriate telemetry sources to collect and using these to build custom attack detection rules where out-of-the-box capability doesn’t exist. Active contributor to offensive security research and/or tooling, perhaps presenting this research at industry-recognized conferences and forums. Experience working with a SOC to: Tune existing rules and increase alert fidelity/decrease alert fatigue. Include analysts on the purple team journey, aiding in staff retention. Train analysts in modern attacker TTPs and the ‘attacker mindset’. Able to evade defensive controls such as EDR and AV, tailoring open-source tooling and rolling your own where required. Experience using Infrastructure-as-Code to support emulation activities, for example Terraform/Ansible. Experience attacking or securing AWS infrastructure. Development experience in one or more programming languages, with one of them ideally being Python.
#J-18808-Ljbffr
Define and execute purple team sprints that materially and demonstrably improve TP ICAP’s ability to prevent and detect modern attacks. Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures. Identify opportunities to reduce TP ICAP’s attack surface using preventative controls through the delivery of purple team sprints. Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection. Develop processes for attack surface monitoring and constant validation through automation. Act as an escalation point for the SOC and assist with incident response. Experience / Competences
Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity. Deep understanding of modern attacker tools, techniques, and procedures. Comfortable identifying appropriate telemetry sources to collect and using these to build custom attack detection rules where out-of-the-box capability doesn’t exist. Active contributor to offensive security research and/or tooling, perhaps presenting this research at industry-recognized conferences and forums. Experience working with a SOC to: Tune existing rules and increase alert fidelity/decrease alert fatigue. Include analysts on the purple team journey, aiding in staff retention. Train analysts in modern attacker TTPs and the ‘attacker mindset’. Able to evade defensive controls such as EDR and AV, tailoring open-source tooling and rolling your own where required. Experience using Infrastructure-as-Code to support emulation activities, for example Terraform/Ansible. Experience attacking or securing AWS infrastructure. Development experience in one or more programming languages, with one of them ideally being Python.
#J-18808-Ljbffr
