Cyber Purple Team Operator

About The Position

Requirements

• 3+ years in cybersecurity, with hands-on experience in purple teaming, red teaming, or blue teaming.
• Strong understanding of MITRE ATT&CK framework.
• Experience with coding/scripting languages such as Python, PowerShell, or Bash.
• Strong understanding of cybersecurity principles, including SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions.
• Experience with Offensive Security and Purple Team tools e.g. Cobalt Strike, Metasploit, Caldera, Mythic. or Breach and Attack Simulation tools.
• Practical experience using AI APIs to automate repetitive tasks or analyze large datasets.
• Experience attacking and defending Azure, AWS or other cloud environments.
• Understanding Active Directory, EntraID, and modern authentication protocols.
• Understanding of OSI model and other networking concepts – TCP/IP, DNS, TLS
• Custom payload development for EDR evasion.
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.
• Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

Nice To Haves

• Certifications such as OSCP, OSEP, OSCE, CRTO, CRTP, GDAT, and GCDA are a plus.

Responsibilities

• Perform intelligence led adversary simulation exercises.
• Provide recommendations to the security operations team for improving controls and defenses based on adversary simulation exercises.
• Assist Security Operations to continuously test and improve detection, logging, SIEM use cases, and incident response playbooks.
• Bridge the communication gap by translating technical findings into actionable risk metrics for executive shareholders
• Staying up- to date on the latest attack tactics, techniques, and procedures (TTPs) used by threat actors.
• Continuous improvement of the bank’s security posture by Identifying gaps in processes and technology and evaluating existing security controls.
• Develop reports that include technical findings, risk ratings, and strategic recommendations.
• Build and maintain custom tools and scripts to support adversary simulation.
• Lead post exploitation reviews to ensure the remediation efforts
• Maintaining and improving team’s tooling infrastructure
• Enhance log ingestion strategies

Benefits

• retirement benefits (401k and pension)
• health and welfare benefits (medical, dental, vision, spending accounts and disability)
• paid time off
• parental and caregiver leave
• life & accident insurance
• other voluntary and well-being benefits
• discretionary bonus program that may include an equity component