Cybersecurity Threat Actor Emulation Specialist
Northern Trust is a globally recognized financial institution with over 130 years of experience, serving the world's most sophisticated clients using leading technology and exceptional service.
Job Description:
The Cyber Purple Team Operator will play a crucial role in our cybersecurity team by planning and executing threat actor emulations to assess Northern Trust's exposure to the latest techniques, tactics, and procedures.
* Perform intelligence-led adversary simulation exercises.
* Provide recommendations to security operations teams for improving controls and defenses based on adversary simulation exercises.
* Assist Security Operations to continuously test and improve detections, logging, SIEM use cases, and incident response playbooks.
* Stay up-to-date on the latest attack tactics, techniques, and procedures (TTPs) used by threat actors.
* Identify gaps in processes and technology, and evaluate existing security controls.
* Develop reports that include technical findings, risk ratings, and strategic recommendations.
* Build and maintain custom tools and scripts to support adversary simulation.
Key Skills and Qualifications:
Required Skills:
* Experience in cybersecurity, with hands-on experience in red teaming, blue teaming, or both.
* Strong understanding of MITRE ATT&CK framework.
* Experience with coding/scripting languages such as Python, PowerShell, or Bash.
* Strong understanding of cybersecurity principles, including SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions.
* Experience with Offensive Security and Purple Team tools Cobalt Strike, Metasploit, Caldera, Mythic.
Benefits:
This role offers a unique opportunity to contribute to the development of advanced threat actor emulation capabilities, staying at the forefront of emerging cybersecurity threats.