Senior Threat Emulation Team Member

Senior Threat Emulation Team Member 

As a senior member of the Threat Emulation team within Admiral’s Cyber Security Department, you will be responsible for taking a leading role within the efforts of the Threat Emulation team on a day-to-day basis, providing technical leadership of workstreams/projects, driving initiatives and capability improvements and working closely with the Team Lead to achieve these aims as well as being expected to provide mentoring and coaching to other members of the team.

The Threat Emulation team are focused on understanding the threats that may target the business and assisting the Security Operations Centre in developing novel and effective detections for the Admiral estate along with ensuring that the people, processes and technologies are operating as effectively as possible using a variety of exercises conducted under both purple and red teaming approaches.

Main Duties 

The Team Senior will take an actively leading role in:

• Owning the delivery of Threat Emulation services through the full lifecycle, including taking responsibility for delivery of key projects and workstreams through to completion.
• Proactively analyse business needs, research; recommend solutions and drive their adoption.
• Identifying key opportunities to provide current and new security testing services across the business.
• Developing novel and innovative capabilities within the team.
• Performing post exercise or incident reviews and proposing resolutions using their subject matter expertise.
• Act as a point of escalation for the team and wider cyber department.
• Mentor and develop team members and peers.
• Define, develop and improve procedures, and processes for the team and wider operations department.
• Publish reporting and communications to key stakeholders, including briefings, presentations, control group calls/updates.
• Promoting the team’s services/achievements via information sharing opportunities e.g. Town Halls, Blog Posts, Cyber Security Awareness Days.
• Establish and maintain strong relationships across all of Admiral.
• Provide subject matter expert level consultancy services to teams across Admiral.
• Defining and ensuring application of risk mitigation strategies to ensure safe delivery of services provided by the Threat Emulation team.
• Manage technical escalations to a successful resolution.
• Take on responsibility for team management tasks when the Team lead/manager is unavailable.

In addition to the responsibilities already expected of a Threat Emulation Team Member, for example:

• Understanding the key risks the organisation faces, the tactics techniques and procedures that likely threat actors will exploit.
• Working collaboratively with wider Cyber Security teams.
• As a member of the Security Operations department, you will be expected to perform some “out of role” tasks such as conducting threat hunts to look for unidentified threats or new attack vectors or provide surge capability to incident response teams.
• Continue to stay updated on the changing threat landscape.
• Work with the third-party suppliers of our Security Products.
• Work with third-party security testing firms in a collaborative manner.

Experience required 

Essential 

• 3+ Years of delivering offensive security exercises.
• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills.
• Experience of being a technical lead on security testing engagements.
• A strong technical background is required with in-depth experience in several of the following areas:
  • CI/CD Pipelines/DevOps
  • Cloud and Cloud Security (Specifically Azure and GCP)
  • LLM Security Considerations
  • Applications of AI in Offensive Security
  • Scenario/objective based Penetration Testing/Red Teaming
  • Purple Teaming
  • Microsoft AD, Entra and In-Tune
  • SASE technologies
  • Malware Development
  • Initial Access Vectors
  • Windows Post Exploitation
  • EDR/AV Evasion
  • Reverse Engineering & Malware Analysis
  • CBEST/STAR-FS, TIBER-EU and other frameworks
• An excellent knowledge of broader Information Security principles.
• Keen attention to detail and excellent analytical skills.
• Ability to actively manage workloads to meet business and department requirements.

Desirable 

• Competent skillset in scripting and programming common high-level languages, e.g. C#, Go, Bash, PowerShell, etc.
• A working knowledge of financial services and the typical business processes involved together with the threat actors and their relevant tactics, techniques and procedures.
• One or more technical Information Security Certifications such as:
  • GIAC Certification: GRTP, GXPN, GCPN, GX-PT, GDAT
  • Crest Certified Tester, Crest Certified Red Team Specialist
  • Cyberscheme Senior Security Tester, Cyberscheme Red Team Lead
  • Cyber Security Council Principal or above accreditation.
• Degree in an Information Security / Computing discipline.