Senior Associate — Offensive Security / Compromise Assessment (Fusion Center, M&A)
Role Overview
Execute time‑boxed offensive security and compromise assessment work during M&A due diligence and the 120‑day post‑close integration window. Conduct targeted assessments to detect active compromise, validate control gaps, and prioritise remediation to enable safe connectivity and rapid risk reduction across acquired environments.
Key Outcomes
* Deliver compromise assessments (host, identity, cloud, email, endpoint) with severity‑ranked findings and day‑0/day‑30 remediation plans.
* Run threat‑led testing / purple‑team exercises mapped to MITRE ATT&CK, emphasising ransomware and identity abuse paths.
* Stand up rapid evidence collection playbooks and executive readouts for deal teams.
Responsibilities
* Plan and execute targeted red/purple‑team engagements and forensic triage to detect ongoing attacks.
* Perform identity and tenant hygiene checks (M365/Entra, MFA coverage, conditional access, role drift).
* Assess endpoint/EDR and email controls; review SIEM/EDR telemetry and containment readiness.
* Validate cloud posture (Azure/AWS) and network segmentation for interim connectivity.
* Document findings, risk, and remediation; collaborate with platform owners to land fixes within SLA.
Required Qualifications
* 3–6+ years in offensive security, incident response, or threat detection.
* Hands‑on with EDR, SIEM, identity security, and Windows/Linux triage; familiarity with Microsoft 365/Entra.
* Knowledge of attack simulation tools and MITRE ATT&ck; strong report‑writing under tight timelines.
Preferred Qualifications
* Certifications such as OSCP/CRTO/eJPT and/or GCFA/GIAC IR track.
* Experience in M&A due diligence or compromise assessment programs.
Key Performance Indicators (KPIs)
* Mean time to first credible finding.
* Percentage of day‑0 criticals remediated within SLA.
* Evidence package completeness and quality.
* Deal timeline adherence.
LI-KS1