Threat Emulation Team Member

Working within the Information Security Operations Team, the Threat Emulation Team are focused on understanding the threats that may target the business and assisting the Security Operations Centre in developing novel and effective detections for the Admiral estate.

The successful applicant will be part of an in-house "purple function" where purple teaming will be operationalised to provide continuous improvement to the security posture of our IT estate.

In addition to the purple nature of our team here in Admiral, we will explore the offensive side of life internally and perform adversarial exercises without the prior knowledge of the blue team, aka Red Teaming.

As part of the broader Information Security Operations Team, members of the Threat Emulation team are expected to assist in the Incident Response Process when required.

The role would suit someone who has worked with a diverse set of IT/security products. Has had professional experience in either Penetration Testing, Red Teaming or perhaps someone wishing to move from a Blue Team position, having experience defending against attackers for a large corporate IT estate. Evidence of a solid technical background and a clear understanding and working knowledge of Tactics, Techniques and Procedures used by attackers during real-world attacks would be of great benefit.

Responsibilities

• Identify areas of improvement and provide recommendations to the other Technology Engineering teams. 
• Participate in both Purple and Red Team exercises. 
• Take a threat-led approach to generating mitigations and countermeasures. 
• Understand the organisation's key risks, tactics, techniques and procedures that likely threat actors will exploit and create control boundaries to intersect these domains through working with our internal CTI teams.
• Work collaboratively with wider Information Security teams. This includes working with: The Incident Response team, assisting with incidents and enhancing Incident Response tooling; Risk and Governance to visualise risks to the business; Security Culture to provide real-world demonstrations and examples for educational purposes within the business, and with Security Consultants to provide additional technical knowledge sharing their experience and knowledge of attacks and techniques. 
• Take part in post-incident reviews and propose resolutions to improve results in any future recurrence. 
• Perform threat hunting to look for unidentified threats or new attack vectors. 
• Stay up-to-date on the changing threat landscape.
• Work with the third-party suppliers of the Security Products.
• Work with third-party Security testing firms in a collaborative manner. 

Essential Experience/Skills

• Excellent knowledge of Information Security principles and an understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks. 
• The ability to pick up and learn new technology approaches and make rapid decisions on the best way to use these technological advancements to improve the overall security posture. 
• Knowledge and understanding of Active Directory, Operating Systems and Systems administration.
• Experience in delivering offensive security testing. 
• Technical report writing. 
• Excellent communication skills.
• Keen attention to detail and excellent analytical skills. 
• Ability to actively manage workloads to meet business and department requirements. 
• Understanding of enterprise-grade technical security controls and in-depth defence practices. 
• Experience with a programming or scripting language. 

Desirable Skills

• Penetration Testing. 
• Delivering attack simulations such as STAR, TIBER-EU, CBEST, etc. 
• Reverse Engineering & Malware Analysis. 
• Deception & Honeypot Technologies. 
• EDR/AV Evasion.
• Networking. 
• Endpoint Detection and Response Tooling. 
• Familiarity with at least one cloud platform such as Microsoft Azure or Google GCP.
• 2+ years within the information security industry.
• One or more general Information Security Certifications.
• One or more technical/role-specific Information Security, such as: GIAC GCED, GDAT, CREST CRT, Offensive Security OSCP, OSWA. 

Our Commitment to You

At Admiral, we are committed to being a diverse and inclusive workplace. Admiral is proud to be an equal opportunities employer and does not discriminate on the basis of race, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), national origin, gender, gender identity, sexual orientation, disability, age, or any other legally protected status.

All qualified applicants will receive equal consideration for employment.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.

You can also view some of our other key benefits here.

#LI-NT1