Offensive Security Specialist

We’re ASOS, the online retailer for fashion lovers all around the world. We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you’re free to be your true self without judgement, and channel your creativity into a platform used by millions.

ASOS is recruiting for an Offensive Security Specialist within the SOC. This role will report into the SOC and IR Manager. This role will be key to leading offensive security assessments that strengthen defence capabilities for ASOS. Working closely with the cyber teams, you will identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to enhance our security posture. You will contribute to the SOC team’s continuous validation and improvement in security controls and detection capabilities.

The role will involve the following:

• Threat Hunting - Proactively searching for signs of malicious activity within the network, identifying threats that might go undetected by automated systems.
• Penetration Testing - Simulating real-world attacks to test the effectiveness of security controls and identify weaknesses.
• Red Teaming - Engaging in adversarial simulations to assess the organisation's overall security posture and identify areas for improvement.
• Collaboration with Defensive Teams - Working closely with defensive security teams to share insights, improve detection capabilities, and enhance incident response processes.
• Developing Offensive Security Strategies - Designing and implementing strategies to proactively identify and mitigate security risks.
• Endpoint Monitoring - Contributing to incidents through to resolution and root cause analysis.
• Malware Analysis and Investigation.
• Contributing to Processes and SOPs.
• Developing and Mentoring Junior Team Members - Improving their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in departments.
• Maintaining Awareness - Keeping up to date with real-world cyber security threats and engaging in the innovation of new analytic methods for proactively detecting threats.
• On-Call Requirements - The role includes on-call duties on a 4-week rota basis. You will be required to be available for on-call shifts, ensuring prompt response to emergencies and urgent situations. Flexibility and reliability are essential for this aspect of the role.

About You:

• Relevant industry certifications like GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND.
• Experience in Penetration testing, ethical hacking, red team methodologies and tools.
• Effectively communicate findings and remediation strategy to stakeholders.
• Develop comprehensive and accurate reports and presentations for both technical and non-technical audiences.
• Strong problem-solving skills and leadership abilities, with good interpersonal skills to build relationships and communicate findings professionally.
• Working knowledge of creating and tuning detection signatures, Indicators of Compromise (IOCs), and other content to detect malicious activity.
• Preferred experience with Microsoft’s security stack.
• Committed to continuous learning and professional development, and passionate about developing others.

Benefits:

• Employee discount (hello ASOS discount!)
• ASOS Develops (personal development opportunities across the business)
• Employee sample sales
• Access to a huge range of LinkedIn learning materials
• 25 days paid annual leave + an extra celebration day for a special moment
• Discretionary bonus scheme
• Private medical care scheme