Principal Application Security Engineer Purplered Team Job In London

Principal Application Security Engineer (Purple/Red team)

City of London (Hybrid)

£100,000 - £115,000 per annum

On behalf of a leading financial services organisation, I am seeking a Principal App Sec Engineer

Operating as a function of Cyber Defence under Information Security, you will lead the purple teaming and build out functionality, and ensure the firm is well positioned to prevent and detect modern cyber-attacks. As the business embarks on their flagship refresh projects, you will be responsible for ensuring these tools are fit for purpose through the delivery of threat-led sprints, and the creation or customisation of attack detection rules.

Due to the organisation operating a hybrid work model, you will need to be within commuting distance of their City of London offices and able to commit to 3 days per week in office, working hours are typically 9-5 with flex on start and finish.

Responsibilities:

• Define and execute purple team sprints that materially and demonstrably improve the businesses ability to prevent and detect modern attacks.
• Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures.
• Through the delivery of purple team sprints, identify opportunities to reduce the businesses attack surface using preventative controls.
• Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection.
• Develop processes for attack surface monitoring and constant validation through automation.
• Act as an escalation point for the SOC and assist with incident response.

Experience/Skills required:

• Previous experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity.
• Deep understanding of modern attacker tools, techniques and procedures eg Prelude, Cobalt Strike, and Vectr.
• Comfortable identifying appropriate telemetry sources to collect, and using these to build custom attack detection rules where out the box capability doesn't exist.
• A strong communicator who is capable of working with professionals across the business.
• Strong documentation skills and the ability to present back to the business.