Security Engineer (Purple Team Engineer : Red Team + SOC)

About Gartner IT:

Join a worldclass team of skilled engineers who build creative digital solutions to support our colleagues and clients. We make a broad organizational impact by delivering cuttingedge technology solutions that power Gartner. Gartner IT values its culture of nonstop innovation an outcomedriven approach to success and the notion that great ideas can come from anyone on the team.

About the role:

This is a new role on the Security Analytics and Automation team within Gartners expanding Security Operations practice. As part of the team you will help enhance our capabilities to identify and validate vulnerabilities in Gartners security controls procedures and infrastructure. As a Purple Team Engineer you will use your knowledge of attacker tools and techniques (red team) to improve our capability to detect and respond to threats (blue team). You will play a key role in defending Gartners network and intellectual properties. Our team is filled with lifelong learners who are consistently researching ways to better defend and stay ahead of the threats of tomorrow. We are a collaborative flexible group where good ideas are brought forth and acted upon whether they come from the most experienced or the newest members of the team.

What you will need:

• Previous experience conducting analysis and investigation of cybersecurity incidents
• Experience using SIEM or XDR for log analysis and alert creation
• Extensive experience utilizing security tools such as EDR (including live response) web proxy WAF and email security tools
• Experience with cloud environments (AWS Azure GCP)
• Digital Forensics and Incident Response (DFIR) skills
• Ability to query using various query languages such as SPL SQL KQL.
• Threat hunting experience preferred
• Ability to communicate effectively and possess excellent prioritization skills.
• Ability to automate tasks and code solutions to repetitive problems (Python PowerShell Bash)
• Previous red/purple team experience (practical or lab based) is a plus
  

What you will do:

• Develop new attack emulations based on usecases and strategy drawing from threat intelligence and current events
• Review and tune existing emulations to ensure highfidelity tests are conducted in a thoughtful manner which allows rapid identification of any faps in controls
• Work closely with teams such as the Security Operations Center (SOC) Threat Intelligence and Detection Engineering to help identify gaps in existing controls
• Assist and support SOC analysts during adhoc Incident Response activities
• Utilize scripting to automate workflows
• Conduct proactive Penetration Testing activities and offensive exercises
• Assist in the development of innovative and cuttingedge detection content aligned with ATT&CK Cyber Kill Chain and various other cyber security frameworks
• Bring your own ideas and solutions to a fastpaced growing and evolving team centered around operational excellence
• Effectively collaborate with team members spread across multiple geographies ensuring seamless communication and coordination for successful outcomes

Who you are

• Knowledge of MITRE ATT&CK Cyber Kill Chain or other behavioral information security frameworks.
• Familiarity with offensive techniques and tools
• Python Bash Powershell or other scripting language experience
• 12 years of relevant Information Security or Penetration Testing experience
• Bachelors in Computer Science Information Security Engineering or commensurate experience in Information security is preferred
• Passion for security and solving tomorrows problems
• Willingness to learn new technology platforms
• Strong team player
• Innovation mindset Takes opportunities to make existing processes more efficient and thinks automation first

What will make you stand out:

• Penetration Testing skills
• Experience implementing integrations between tools utilizing APIs
• Previous experience with Attack Emulation Platforms
• Exposure to Cloud platforms (AWS Azure GCP)

Dont meet every single requirement We encourage you to apply anyway. You might just be the right candidate for this or other roles.

#LINS4