Information Security Advanced Threat Engineer
Description
Working within the Information Security Engineering Team the Advanced Threat Engineers are focussed on understanding the advanced threats that may target the business and developing high value detections and protections. Through the use advanced technologies such as Deception, Honeypots, and Reverse Engineering and by performing advanced threat hunting and by working with Red and Purple Teams the Advanced Threat Engineers will enhance the security posture of the business. As part of the wider Information Security Operations team the Advanced Threat Engineers will also be expected to assist in the Incident Response process when required.
The role would suit someone who has worked with a diverse set of IT/security products and across a large on-premise infrastructure managed in house and who has had professional experience of either Red or Purple Teaming and will have a strong technical background and a strong understanding of attacker’s tools and techniques and the various methods the can be deployed for both detection and prevention.
Responsibilities
The Advanced Threat Engineers will:
- Develop advanced detection alarms.
- Deploy deception, honeypot and other technologies to enhance detection capability.
- Reverse engineer malware samples and to provide IOCs back to the SOC and develop additional detections and protections from the samples.
- Utilise behavioural analytics to identify anomalous behaviour.
- Identify areas of improvement and to provide recommendations to the other Technology Engineering teams.
- Take a threat led approach to generating mitigation and countermeasures.
- Understand the key risks the organisation faces, the key tactics techniques and procedures that likely threat actors will exploit and create control boundaries to intersect these domains.
- Work collaboratively with wider Information Security teams. This would include working with: The Incident Response team, assisting with incidents and enhancing Incident Response tooling; Security Architecture to ensure that any existing constraints are overcome within forward looking plans; with the Security Consultants to provide additional technical knowledge; and sharing their experience and knowledge of attacks and techniques.
- Take part in post incident reviews and propose engineering resolution to improve results in any future recurrence.
- Perform threat hunting to look for unidentified threats or new attack vectors.
- Stay up-to-date on the changing threat landscape.
- Work with the third-party suppliers of the Security Products.
- Work with third-part Security testing firms in collaborative manor.
Essential Experience / Skills
A strong technical background is required with in-depth experience in at least one of the following areas with a working knowledge of the remaining areas:
- Reverse Engineering & Malware Analysis
- Deception & Honeypot Technologies
- EndPoint Detection and Response
- Penetration Testing including simulated attack techniques
- The ability to pick up and learn new technology approaches and make rapid decisions on the best way to use these technology advancements for the betterment of the overall security posture.
- Excellent communication skills as the ability to communicate effectively, constructively, confidently and professionally is key to the success in the role as is the ability to work with IT and Information Security teams and the wider business.
- An excellent knowledge of Information Security principles and an understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
- Keen attention to detail and excellent analytical skills.
- Ability to actively manage workloads to meet business and department requirements.
- Understanding of enterprise grade technical security controls and defence in depth practices.
- Experience with a programming or scripting language.
Highly Desirable Skills:
- Familiarity with at least one cloud platform such as Microsoft Azure, Amazon AWS or Google GCP.
- 3 or more years as a professional security tester.
- One or more general Information Security Certifications such as:
- (ISC)2 CISSP
- CompTIA CASP+
- One or more technical Information Security Certifications such as:
- GIAC Certification: GCED, GDAT
- Crest: CHECK Team Member
- Degree in an Information Security / Computing discipline.
- A working knowledge of financial services and the typical business processes involved together with the threat actors and their relevant tactics, techniques and procedures would be of significant advantage.
About Admiral
We're Wales’ only FTSE 100 company. We have forward-thinking approaches and provide endless opportunities to test, learn and grow. There's a reason we've been named a Best Place to Work: our progressive culture, core values, and commitment to diversity and inclusion have created a working environment where people share ideas, aren’t afraid to speak up and change things, and above all, feel valued.
Admiral has grown from being a small start-up into a multi-national organisation. The company is constantly investigating new products, services and markets and is now present in eight countries with a diverse product portfolio.
Our success goes hand-in-hand with having a strong culture where we put our people and customers first. Our philosophy is simple yet effective: people who like what they do, do it better, and this, in turn, means that our customers receive the level of service and products that they deserve. Our culture is honest, open and wholeheartedly focused on four key areas:
Communication, Equality, Reward & Recognition, and Fun.
Salary, Benefits and Work-Life Balance
We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.
At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.
You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.
If you think this role is for you and would like to be considered for this opportunity, please click “apply now” to complete an online application form.
Please note, we are unable to accept CVs via email and from agencies.
#LI-LP1
