Senior Threat Emulation Team Member

As a senior member of the Threat Emulation team within Admiral’s Cyber Security Department, you will be responsible for taking a leading role within the efforts of the Threat Emulation team on a day-to-day basis, providing technical leadership of workstreams/projects, driving initiatives and capability improvements and working closely with the team manager to achieve these aims as well as being expected to provide mentoring and coaching to other members of the team.

The Threat Emulation team are focused on understanding the threats that may target the business and assisting the Security Operations Centre in developing novel and effective detections for the Admiral estate along with ensuring that the people, processes and technologies are operating as effectively as possible using a variety of exercises conducted under both purple and red teaming approaches.

Main Duties

• Owning the delivery of Threat Emulation services through the full lifecycle, including taking responsibility for delivery of key projects and workstreams through to completion
• Proactively analyse business needs, research; recommend solutions and drive their adoption
• Identifying key opportunities to provide current and new security testing services across the business
• Developing novel and innovative capabilities within the team.
• Performing post exercise or incident reviews and proposing resolutions using their subject matter expertise
• Act as a point of escalation for the team and wider cyber department
• Mentor and develop team members and peers
• Define, develop and improve procedures, and processes for the team and wider operations department
• Publish reporting and communications to key stakeholders, including briefings, presentations, control group calls/updates
• Promoting the team’s services/achievements via information sharing opportunities e.g. Town Halls, Blog Posts, Cyber Security Awareness Days
• Establish and maintain strong relationships across all of Admiral
• Provide subject matter expert level consultancy services to teams across Admiral
• Defining and ensuring application of risk mitigation strategies to ensure safe delivery of services provided by the Threat Emulation team
• Manage technical escalations to a successful resolution.
• Take on responsibility for team management tasks when the Team lead/manager is unavailable.

In addition to the responsibilities already expected of a Threat Emulation Team Member, for example:

• Understanding the key risks the organisation faces, the tactics techniques and procedures that likely threat actors will exploit.
• Working collaboratively with wider Cyber Security teams.
• As a member of the Security Operations department, you will be expected to perform some “out of role” tasks such as conducting threat hunts to look for unidentified threats or new attack vectors, or provide surge capability to incident response teams.
• Continue to stay updated on the changing threat landscape
• Work with the third-party suppliers of our Security Products
• Work with third-party security testing firms in a collaborative manner

Essential Experience 

• 3+ Years of delivering offensive security exercises
• Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills
• Experience of being a technical lead on security testing engagements.
• A strong technical background is required with in-depth experience in several of the following areas:
  • CI/CD Pipelines/DevOps
  • Cloud and Cloud Security (Specifically Azure and GCP)
  • Scenario/objective based Penetration Testing/Red Teaming
  • Purple Teaming
  • Microsoft AD, Entra and In-Tune
  • SASE technologies
  • Malware Development
  • Initial Access Vectors
  • Windows Post Exploitation
  • EDR/AV Evasion
  • Reverse Engineering & Malware Analysis
  • CBEST/STAR-FS, TIBER-EU and other frameworks.
• An excellent knowledge of broader Information Security principles
• Keen attention to detail and excellent analytical skills
• Ability to actively manage workloads to meet business and department requirements

Desirable Experience

• Prior experience acting as technical lead on penetration testing engagements.
• Competent skillset in scripting and programming common high-level languages, e.g. C#, Go, Bash, PowerShell, etc
• A working knowledge of financial services and the typical business processes involved together with the threat actors and their relevant tactics, techniques and procedures.
• One or more technical Information Security Certifications such as:
  • GIAC Certification: GRTP, GXPN, GCPN, GX-PT, GDAT
  • Crest Certified Tester, Crest Certified Simulated Attack Specialist
  • Cyberscheme Senior Security Tester, Cyberscheme Red Team Lead
  • Cyber Security Council Principal or above accreditation.
• Degree in an Information Security / Computing discipline

Benefits and Work-Life Balance

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to work for in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.

You can also view some of our other key benefits here.

Admiral, Where You Can Be You

At Admiral you’re accepted, supported and empowered to be you. Because you’re brilliant.

We’re proud of our people-centric culture which has led us to being recognised as a Great Place to Work for Women, a Great Place to Work for Wellbeing, and an overall Great Place to Work for over 25 years! We’re committed to ensuring that at Admiral, progression is not slowed or haltered by barriers related to protected characteristics.

#LI-KG1