State Street
State Street provides investment servicing, investment management, investment research and trading services to institutional investors worldwide.
The Purple Team Engineer will perform as a member of the Offensive Security team within the Global Cyber Security group. The Purple Team Engineer will participate in comprehensive assessments of the operational and technical prevention and detection capabilities and will assist in the review, development, testing, and implementation of security initiatives across a large, diverse, and complex financial environment.
What you will be responsible for:
* Individuals who work on a purple team use offensive and defensive methods to identify weaknesses and recommend necessary measures to improve security prevention and detection.
* Use simulation tools to script and execute attack path campaigns.
* Support the creation of detection rules and alerts to reduce risk.
* Prepare final security assessment reports containing the results and findings from the assessment.
* Conduct follow-up and assist with the resolution of all findings, as needed.
What we value:
* Perform Infrastructure and Application Penetration Testing.
* Deep knowledge of attack frameworks, such as MITRE ATT&CK.
* Execute Vulnerability Scanning.
* Cloud Security Concepts.
* IT and Network infrastructure technologies.
* Familiarity with various penetration test utilities and tool suites.
* Ability to perform light programming tasks using common languages such as Python and Bash.
* Demonstrated ability to identify core issues and work with leaders and team members to resolution.
* Strong organizational, task switching, and prioritizing skills.
* Ability to work independently and solve challenging problems while collaborating with stakeholders.
* Knowledge and interest in current vulnerability-related trends.
* Driving to results.
* Collaboration and influencing.
* Working professionally with confidential information.
* Presentation skills, both orally and written.
* Ability to work well with others and under pressure.
* Demonstrated professionalism in approach to communicating ideas and solutions in simple language.
Experience Desired:
Education: Bachelor's
* 3+ years of network and/or application penetration testing, CTI, Threat Hunting, and/or Incident Response.
* 5+ years of experience in security/systems/network engineering and/or development.
CEH, OSCP, CISSP, or equivalent preferred.
#J-18808-Ljbffr