Cyber Threat Specialist - FS, Threat Intelligence, PenTesting
I am working with a Financial Services firm, whom are growing their Threat Analytics function within Information Security (the function is greenfield as they in-source their Threat & SOC capability from a 3rd party).
Financial Services, end-user
- The Cyber Threat Specialist role has a responsibility for defending the firm against sophisticated and targeted threats by performing security assessments and pre-emptively implementing defensive mechanisms.
- A member of the Threat Analytics team has responsibilities that include penetration testing, threat hunting, gathering threat intelligence and performing attack simulation activities.
- Being a core member of the penetration testing team you will help build the function and conduct penetration testing of firms systems and applications.
- You will also aide to develop, tune and implement threat detection and possess knowledge of network, endpoint, threat intelligence. This role will be responsible for threat hunting by working to develop and execute hunt missions.
- Perform security assessments and penetration testing against systems and infrastructure.
- Review intelligence feeds and generate advisories as needed. Stay up-to-date with current and emerging trends that represent a threat to the firm.
- Assist in maintaining a threat model for the organisation.
- Perform threat hunting based on the defined threat model and specific attack scenarios. Perform analysis of existing data to discover patterns, and build use cases to detect malicious activity.
- Work with L1/L2/Security Engineering to improve detection and response rules, SIEM coverage, maintain and improve security toolsets.
- Perform PurpleTeam testing activities with the SOC.
- Periodically recertify SIEM rules for all production rules, including against threat models and detection frameworks.
- Perform Forensics and Investigation work as needed including malware analysis
- Develop and maintain Key Operating Procedures (KOPs) with L2 analysts and Security Engineering as needed.
- Advise or implement specific IOC's within tools, or supervise L1 or L2 analysts.
It is estimated that at least 40% of the time will be associated with performing penetration testing activities. The remaining 60% will be allocated for the additional Threat Analytics functions (threat hunting, threat intelligence, attack simulation).
- Proven experience in Information Security and at-least two years in Security Operations.
- At least 3 years relevant experience in Cyber, preferably within Security Testing.
- Relevant experience of cyber threat analytics, and offensive and defensive security. Gained working directly for a testing consultancy or financial services providers.
- Direct experience conducting penetration testing, including application security, infrastructure, and red team testing.
- Experience scoping penetration tests and other security assessments.
- Excellent knowledge of penetration testing toolsets e.g. Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz, Burp Suite, Nessus, etc…
- Knowledge of application security and secure software development lifecycle.
- SIEM technologies.
- Killchain, and associated evasion tactics.
- Advanced Persistent Threats (APT) prevention and detection tools.
- Windows, UNIX and Linux operating systems and command line tools
- Virtualization technologies.
- Database platforms.
- Identity and access management technologies.
- Secure network architectures and technologies.
- Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.).
- Firewall and intrusion detection/prevention protocols.
- Scripting and automation tools.
- Qualifications such as OSCP, CRT, CCT, CEH, CISSP, CSSLP, or GIAC
- Newly established greenfield role
- Great opportunity to join a function, where you can 'shape' the role and make a real impact from day one.
Location: London Salary: £70,000 - £85,000