- Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework.
- Participate in purple team exercises that are intelligence driven to test cyber detections
- Build and maintain Red and Purple team infrastructure, automating functions where possible.
- Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members .
- Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools.
- Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables.
- Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset.
- Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
- Active contributor to Red and Purple Team activities for internal presentations and conferences
- Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
- Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing.
- Expert understanding of Red Team concepts, tools, and automation strategies.
- Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures.
- Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability.
- Expert understanding of Windows and Linux system hardening concepts and techniques.
- Expert understanding of modifying payloads to bypass detections like EDR.
- Expert understanding of how to compromise a company without using phishing.
- Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
- Experience with at least one cloud environment (AWS, GCP, Azure).
- Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective.
- Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings.
- Experience of using multi operating system command and control tools.
- Experience developing custom attack tradecraft or modifying existing tools.
- Experience using automated configuration management such as Chef.
- Experience discovering and exploiting vulnerabilities in AI systems.
- Experience of conducting Offensive Security and/or Red Team exercises against macOS, iOS, or ChromeOS.
- Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc.
- Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
- Knowledgeable in Agile project management.
- Bonus Programme
- Equity Programme
- Employee Stock Purchase Plan (ESPP)
- Private Medical and Dental coverage
- Income Protection
- Life Assurance
- Cycle To Work
- Family Leave
- Education Assistance – MBA/Advanced Degree/Bachelor Degree
- Ongoing Employee Development Training/Certification
- Hybrid Working
- Lead red team exercises against a hybrid environment using threat intelligence and the MITRE ATT&CK Framework.
- Participate in purple team exercises that are intelligence driven to test cyber detections
- Build and maintain Red and Purple team infrastructure, automating functions where possible.
- Continually research new offensive security tactics, techniques, and procedures and communicate knowledge of the same to other team members .
- Conduct ad-hoc offensive security testing using industry standard tools and/or internally developed tools.
- Lead report creation activities including compromise narratives and detailed technical findings with appropriate risk severity ratings, tactical and strategic recommendations to reduce risk levels, peer review of team's deliverables.
- Assist cyber defense teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset.
- Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation.
- Active contributor to Red and Purple Team activities for internal presentations and conferences
- Approx 8 years' experience with industry standard Red Team testing tools (Cobalt Strike, Mythic C2, Rubeus, Bloodhound, Covenant, etc.); or the ability to demonstrate equivalent knowledge.
- Expert understanding of how an Advanced Persistent Threat could compromise a financial institution without using phishing.
- Expert understanding of Red Team concepts, tools, and automation strategies.
- Expert understanding of MITRE ATT&CK framework tactics, techniques, and procedures.
- Expert understanding of measuring and rating vulnerabilities based on principal characteristics of a vulnerability.
- Expert understanding of Windows and Linux system hardening concepts and techniques.
- Expert understanding of modifying payloads to bypass detections like EDR.
- Expert understanding of how to compromise a company without using phishing.
- Strong understanding with at least one scripting language (Python, Ruby, PowerShell, Bash, etc.).
- Experience with at least one cloud environment (AWS, GCP, Azure).
- Experience attacking cloud, on-prem and/or hybrid environments from initial access all the way through actions on objective.
- Previous experience of Red Team project delivery to include creation and execution of statement of work, risk mitigation strategies, and working with stakeholders to remediate findings.
- Experience of using multi operating system command and control tools.
- Experience developing custom attack tradecraft or modifying existing tools.
- Experience using automated configuration management such as Chef.
- Experience discovering and exploiting vulnerabilities in AI systems.
- Experience of conducting Offensive Security and/or Red Team exercises against macOS, iOS, or ChromeOS.
- Recognized industry certifications such as, but not limited to, GPEN, GXPN, GREM, eCPTX, eCPPT, OSCP, OSWE, CISSP, CPSA, CRT, etc.
- Knowledgeable in Industry Security standards (i.e.: TIBER-EU, CBEST, NIST Cyber Security Framework, ISO27002, etc.).
- Knowledgeable in Agile project management.
- Bonus Programme
- Equity Programme
- Employee Stock Purchase Plan (ESPP)
- Private Medical and Dental coverage
- Mental Health Benefit Programme
- Group Pension Plan
- Income Protection
- Life Assurance
- Cycle To Work
- Gym Membership
- Family Leave
- Education Assistance – MBA/Advanced Degree/Bachelor Degree
- Ongoing Employee Development Training/Certification
- Hybrid Working
-
Senior Security Engineer
1 week ago
eFinancialCareers Belfast, United Kingdom**Description** · This is a perfect opportunity for the right person to become a key part of a team of cybersecurity professionals who execute a pivotal role in protecting and defending the nation's critical infrastructure. · The Sr Cyber Security Engineer - Red Team will be an e ...
-
Sr. Security Engineer
1 week ago
eFinancialCareers Belfast, United Kingdom**Description** · Description · The IAM Senior Engineer will be responsible for supporting the development and delivery of Privileged Account Management (PAM) solutions for our on-prem and cloud infrastructure. This is a multifaceted role that involves engineering, hands-on suppo ...
-
Senior Security Engineer
1 week ago
eFinancialCareers Belfast, United Kingdom**Description** · **Position Description**: · The IAM Senior Engineer will be responsible for developing and delivering comprehensive solutions to our internal and external customers. This role will have hands-on architectural and engineering responsibilities as well as technical ...
-
Sr. Security Engineer
1 week ago
eFinancialCareers Belfast, United Kingdom**Description** · **Position Description**: · The IAM Senior Engineer will be responsible for developing and delivering comprehensive solutions to our internal and external customers. This role will have hands-on architectural and engineering responsibilities as well as technical ...
-
Fire & Security Installation Engineer
1 week ago
Brook Street UK Belfast, United Kingdom Full timeBrook Street Recruitment is working with our Belfast client who are specialists in the design and installation of major security systems, they are currently seeking to add a Fire / Security Engineer to their expanding team. · The position is a full time, permanent role, working ...
-
Security Engineer
11 hours ago
InterEx Group Belfast, United KingdomJob Description*** LARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE *** · The Security Engineer develops, implements, and provides 3rd-level support for the Firm's information technology infrastructure. The engineer will assist in the creation, implementation and ongoing manageme ...
-
Security Engineer
6 hours ago
InterEx Group Belfast, United Kingdom*** LARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE *** · The Security Engineer develops, implements, and provides 3rd-level support for the Firm's information technology infrastructure. The engineer will assist in the creation, implementation and ongoing management (including f ...
-
Security Engineer
1 week ago
InterEx Group Belfast, United KingdomLARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE *** · The Security Engineer develops, implements, and provides 3rd-level support for the Firm's information technology infrastructure. The engineer will assist in the creation, implementation and ongoing management (including foren ...
-
Security Engineer
1 week ago
InterEx Group Belfast, United KingdomJob Description *** LARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE *** · The Security Engineer develops, implements, and provides 3rd-level support for the Firm's information technology infrastructure. The engineer will assist in the creation, implementation and ongoing managem ...
-
Security Engineer
1 week ago
InterEx Group Belfast, United Kingdom*** LARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE ***The Security Engineer develops, implements, and provides 3rd-level support for the Firm's information technology infrastructure. The engineer will assist in the creation, implementation and ongoing management (including fore ...
-
Cloud Security Engineer
1 week ago
Ocho Belfast, United KingdomJob Description · Position: Cloud Security Engineer · Our client are keen to hire a Cloud Security Engineer with an interest in making a difference to their cybersecurity team. · Requirements: · 2+ years in tech support, networking, or SOC. · Strong communication and analytical ...
-
Cloud Security Engineer
6 days ago
Ocho Belfast, United KingdomPosition: Cloud Security Engineer · Our client are keen to hire a Cloud Security Engineer with an interest in making a difference to their cybersecurity team. · Requirements: · 2+ years in tech support, networking, or SOC. · Strong communication and analytical skills. · Python s ...
-
Fire and Security Engineer
1 week ago
Black Fox Solutions Belfast, United KingdomFire and Security Engineer Field position Open Salary The is responsible for the provision of safe compliant and installation and maintenance of our clients Security and Fire Alarms. Throughout all service interactions, excellent customer service and compliant technical advice mu ...
-
Cloud Security Engineer
1 week ago
VANRATH Belfast, United KingdomA Great Opportunity work for a Cyber Security Leader as a Cloud Security Engineer As the Cloud Security Engineer you will engage in diverse activities spanning cloud application and security realms, from integrating tasks like key management and logging to security response activ ...
-
Fire and Security Engineer
1 week ago
CMB Recruitment Belfast, United KingdomFIRE AND SECURITY ENGINEER CMB Recruitment are working with a leading Belfast based Fire + Security Alarm company who are seeking an experienced Engineer to join their expanding team. This represents an excellent opportunity to take the next step in your career. THE ROLE We are l ...
-
Cloud Security Engineer
2 days ago
Hayward Hawk Belfast, United KingdomHAYWARD HAWK is working with a long standing client to help them find a Cloud Security Engineer for their Belfast team. Responsibilities: Become an expert on the Cloud Application Security platform Provide support to clients, including monitoring, configuration, integration assis ...
-
Cloud Security Engineer
1 week ago
VANRATH IT Belfast, United KingdomA Great Opportunity work for a Cyber Security Leader as a Cloud Security Engineer · As the Cloud Security Engineer you will engage in diverse activities spanning cloud application and security realms, from integrating tasks like key management and logging to security response act ...
-
Lead security engineer
2 weeks ago
VANRATH IT Belfast, United KingdomThis is an exciting opportunity to work as a Lead Security Engineer for a global company who are coming to Belfast · As the Lead Security Engineer, you will oversee the evaluation of information risks, pinpoint opportunities to mitigate them, and coordinate the resolution of det ...
-
Cloud Security Engineer
1 week ago
Ocho Belfast, United KingdomCloud Security Engineer · Our client are keen to hire a Cloud Security Engineer with an interest in making a difference to their cybersecurity team. · 2+ years in tech support, networking, or SOC. · ~ Python scripting experience · ~ Cloud experience (AWS preferred) · ~ Famili ...
-
Fire & Security Engineer
11 hours ago
Resourcing Group Belfast, United Kingdom Full timeFire & Security Engineer · Belfast BT36 · Salary up to £36K · Resourcing Group have an exciting new opportunity to join the growing Facilities Management company · ESSENTIAL DUTIES AND RESPONSIBILITIES include the following: · Experience in maintenance, installation and commissio ...
Lead Cyber Security Engineer - Belfast, United Kingdom - CME Group Inc
Description
Lead Cyber Security Engineer - Threat Simulation
We are looking for a Lead Cyber Security Engineer - Threat Simulation to be an integral part of our Offensive Security organization and contribute towards improving CME Group's security posture.
This role will be responsible for participating in the execution of Red Team cyber exercises of internal and internet facing information systems and infrastructure to identify misconfigurations and cyber security vulnerabilities that could be exploited by a threat actor to gain unauthorized access to computer systems and data. In addition, the role will require participation in Purple Team exercises to help the Blue Team improve their detection capabilities.
This is a perfect opportunity for the right person to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure.
Position Requirements
Nice to have
Company Benefits
Description
We are looking for a Lead Cyber Security Engineer - Threat Simulation to be an integral part of our Offensive Security organization and contribute towards improving CME Group's security posture.
This role will be responsible for participating in the execution of Red Team cyber exercises of internal and internet facing information systems and infrastructure to identify misconfigurations and cyber security vulnerabilities that could be exploited by a threat actor to gain unauthorized access to computer systems and data. In addition, the role will require participation in Purple Team exercises to help the Blue Team improve their detection capabilities.
This is a perfect opportunity for the right person to become a key part of a team of highly skilled cybersecurity professionals who execute a pivotal role in protecting and defending national critical infrastructure.
Principal Responsibilities
Position Requirements
Nice to have
Company Benefits
At CME Group, we embrace our employees' diverse experiences, cultures and skills, and work to ensure that everyone's perspectives are acknowledged and valued. As an equal opportunity employer, we recognize the importance of a diverse and inclusive workplace and consider all potential employees without regard to any protected characteristic.
#J-18808-Ljbffr