Senior Purple Team Engineer

KOHO
CA$160,000 - CA$190,000Remote

About The Position

We’re looking for a Senior Purple Team Engineer to join our team for a role to work remotely based in Canada. Are you someone that has been doing incident response but would like to also have a technical component to your job? Or vice-versa? You are the coach. You build company-wide preparedness for a cyber incident, starting with the security team and extending across KOHO. When an incident hits, you're part of the response team, stepping in as incident commander or supporting, depending on context and what the situation requires. In addition to incident response, this role is responsible for building KOHO's deception engineering program from the ground up. This covers both internal detection assets (honeypots, canary tokens, decoy users, breadcrumbs) and external-facing deception (fake credentials, canary tokens embedded in customer-facing surfaces, and decoy infrastructure seeded in attacker-accessible surfaces). The program generates threat intelligence that feeds back into detection logic, playbooks, and KOHO's broader threat model. Reporting to our Senior Manager, Product Security you’re going to be a part of a team that does.

Requirements

  • Bachelor’s degree in computer science, technology management, or related technical or management field.
  • You are a self-starter who can build programs from the ground up and build operations .
  • Hands on experience and working understanding of AWS.
  • Experience designing and deploying deception programs covering both internal detection assets and external-facing deception infrastructure.
  • Strong knowledge in MITRE ATT&CK and cyber kill chain
  • Hands-on experience planning and executing adversarial simulations, including scoping engagements, defining rules of engagement, and delivering post-engagement reporting.
  • Experience operating offensive security tooling and techniques to emulate real-world threat actor behaviour.

Responsibilities

  • Own and lead incident response readiness across KOHO. Starting with the security team, conduct regular tabletop exercises and playbook reviews.
  • Plan and execute adversarial simulations: scope engagements, operate within defined rules of engagement, conduct offensive operations, and deliver findings that drive measurable security improvements.
  • Expand incident response readiness across KOHO and build response playbooks for marketing, data, legal, people & culture, risk, etc.
  • Conduct table top exercises with c-level to test risk acceptance and limitations.
  • Document lessons learned, operational improvements, and playbook updates. Execute all improvements.
  • Lead incident response/DFIR during a cybersecurity incident.
  • Conduct post incident documentation to determine contributing factors and lessons learned.
  • Design and deploy internal deception assets to detect lateral movement, insider threats, and unauthorized access across KOHO's environment.
  • Build external-facing deception capabilities, including fake credentials, canary tokens embedded in customer-facing surfaces, and decoy infrastructure seeded in breach databases and other attacker-accessible surfaces.
  • Instrument deception assets to generate actionable threat intelligence and feed findings back into detection logic, playbooks, and the broader threat model.
  • Build the triage and response workflow for deception-triggered alerts into existing SOC operations, from signal to investigation to lessons learned.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service