Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead TP ICAP’s purple teaming function to prevent and detect cyber-attacks.
- Company: Join TP ICAP, a leader in Cyber Defence and Information Security.
- Benefits: Enjoy flexible working options and opportunities for professional growth.
- Why this job: Make a real impact in cybersecurity while working with cutting-edge tools and techniques.
- Qualifications: Experience in emulating cyber-attacks and understanding modern attacker tactics is essential.
- Other info: Work with a dynamic team and contribute to industry-recognised security research.
The predicted salary is between 43200 - 72000 £ per year.
Operating as a function of Cyber Defence under Information Security, you will lead TP ICAP’s purple teaming function, and ensure the firm is well positioned to prevent and detect modern cyber-attacks. As TP ICAP embarks on extensive EDR and SIEM refresh projects, you will be responsible for ensuring these tools are fit for purpose through the delivery of threat-led sprints, and the creation or customisation of attack detection rules. Being able to model sophisticated and persistent adversaries is essential, and you will be given existing tools such as Prelude, Cobalt Strike, and Vectr to support you, plus any others that you identify.
Role Responsibilities
- Define and execute purple team sprints that materially and demonstrably improve TP ICAP’s ability to prevent and detect modern attacks.
- Simulate both established and emerging attacker TTPs and personally build the respective detection rules and response procedures.
- Through the delivery of purple team sprints, identify opportunities to reduce TP ICAP’s attack surface using preventative controls.
- Work with the Security Engineering team as necessary to support the deployment and tuning of security-related tooling, particularly those that pertain to prevention and detection.
- Develop processes for attack surface monitoring and constant validation through automation.
- Act as an escalation point for the SOC and assist with incident response.
Experience / Competences
- Practical experience emulating sophisticated cyber-attacks, likely in a purple or red team capacity.
- Deep understanding of modern attacker tools, techniques and procedures.
- Comfortable identifying appropriate telemetry sources to collect, and using these to build custom attack detection rules where out the box capability doesn’t exist.
- Active contributor to offensive security research and/or tooling, perhaps presenting this research at industry-recognised conferences and forums.
- Experience working with a SOC to tune existing rules and increase alert fidelity/decrease alert fatigue.
- Include analysts on the purple team journey, aiding in staff retention.
- Train analysts in modern attacker TTPs and the ‘attacker mindset’.
- Able to evade defensive controls such as EDR and AV, tailoring open source tooling and rolling your own where required.
- Experience using Infrastructure-as-Code to support emulation activities, for example Terraform/Ansible.
- Experience attacking or securing AWS infrastructure.
- Development experience in one or more programming languages, with one of them ideally being python.
Please note that if you are NOT a passport holder of the country for the vacancy you might need a work permit.
Adversary Emulation Manager employer: TP ICAP
Contact Detail:
TP ICAP Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Adversary Emulation Manager
✨Tip Number 1
Familiarise yourself with the tools mentioned in the job description, such as Prelude, Cobalt Strike, and Vectr. Having hands-on experience or even a solid understanding of how these tools work will give you an edge during interviews.
✨Tip Number 2
Engage with the cybersecurity community by attending conferences or webinars where you can learn about the latest trends in purple teaming and adversary emulation. Networking with professionals in the field can also lead to valuable insights and potential referrals.
✨Tip Number 3
Consider creating a portfolio that showcases your experience with emulating cyber-attacks and developing detection rules. This could include case studies or examples of your work, which can be a great conversation starter during interviews.
✨Tip Number 4
Stay updated on the latest attacker TTPs (Tactics, Techniques, and Procedures) by following relevant blogs, podcasts, and research papers. Being able to discuss current threats and how they relate to the role will demonstrate your passion and expertise.
We think you need these skills to ace Adversary Emulation Manager
Some tips for your application 🫡
Understand the Role: Before applying, make sure you fully understand the responsibilities and requirements of the Adversary Emulation Manager position. Familiarise yourself with terms like purple teaming, TTPs, and EDR/SIEM tools to demonstrate your knowledge in your application.
Tailor Your CV: Customise your CV to highlight relevant experience in cyber security, particularly in emulating attacks and working with SOC teams. Include specific examples of how you've contributed to improving detection capabilities or reducing attack surfaces in previous roles.
Craft a Compelling Cover Letter: Write a cover letter that showcases your passion for offensive security and your understanding of modern attacker techniques. Mention any relevant projects or research you've conducted, especially if you've presented at industry conferences.
Highlight Technical Skills: In your application, emphasise your technical skills, particularly in programming languages like Python, and your experience with Infrastructure-as-Code tools such as Terraform or Ansible. This will show that you have the practical skills needed for the role.
How to prepare for a job interview at TP ICAP
✨Showcase Your Technical Skills
Be prepared to discuss your practical experience with tools like Prelude, Cobalt Strike, and Vectr. Highlight specific instances where you've emulated sophisticated cyber-attacks and how you developed detection rules tailored to those scenarios.
✨Understand the Role of Purple Teaming
Demonstrate a clear understanding of purple teaming and its importance in modern cybersecurity. Be ready to explain how you would define and execute purple team sprints to improve an organisation's ability to prevent and detect attacks.
✨Discuss Collaboration with SOC Teams
Talk about your experience working with Security Operations Centres (SOCs). Emphasise how you've tuned existing rules, increased alert fidelity, and trained analysts in modern attacker techniques to enhance overall security posture.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think about how you would approach reducing an organisation's attack surface or responding to a simulated attack, and be ready to articulate your thought process.
