Purple Team Analyst

Details:
Job Description

As a Purple Team analyst, you will be responsible for analyzing, detecting, and mitigating cyber threats targeting enterprise environments. You will design and implement robust detection mechanisms to proactively identify malicious activities across on-premise, cloud, and hybrid infrastructures. This role requires strong expertise in threat hunting, security frameworks, and advanced detection technologies to ensure comprehensive protection against emerging threats.

Collaborate closely with cross-functional teams, including Threat Intelligence, Security Operations, and Incident Response, to stay ahead of the evolving threat landscape and build solutions that enhance the organization's security posture.

What will you do?

• Develop and maintain detection rules for Microsoft XDR.
• Continuously monitor and analyze the threat landscape to update detection logic.
• Conduct research and analysis on the latest threats and techniques to improve detection capabilities.
• Collaborate with other teams to ensure effective integration of detection mechanisms.

Job Requirements

Details:
What do you need to succeed?

• Bachelor's or Master's Degree in Computer Science, Information Security, Cybersecurity, or a related field. Equivalent experience may be considered in lieu of formal education.
• Minimum of 3-5 years in cybersecurity roles, such as Threat Hunter or Detection Engineer.
• Demonstrated success in developing and refining detection mechanisms in enterprise environments.

*Technical Capabilities*
Threat Detection Expertise:

• Experience with endpoint detection and response (EDR) solutions (e.g., SentinelOne, CrowdStrike, FortiEDR, Defender for Endpoint).
• Familiarity with behavioral analytics and anomaly detection techniques.

Threat Intelligence And Analysis:

• Understanding of threat intelligence sources (e.g., MITRE ATT&CK, D3FEND) and their application in detection strategies.
• Ability to research and adapt to emerging threats and attack methodologies.

Programming And Automation:

• Scripting skills in Python, PowerShell, or Bash for automating security tasks.
• Experience developing integrations and automated workflows using APIs.

Cloud And Network Security:

• Hands-on experience with cloud security tools (e.g., AWS GuardDuty).
• In-depth knowledge of IP networks, firewalls, intrusion detection/prevention systems (IDS/IPS), and packet analysis.

Operating Systems:

• Strong knowledge of Linux and Windows internals, including log analysis and common attack vectors.

Tool Proficiency:

• Familiarity with open-source tools like Zeek, Falco, Wireshark, and OSQuery.
• Knowledge of malware analysis tools and techniques.

*Organisational Skills And Competences*
Collaboration and Communication:

• Ability to work effectively with cross-functional teams, including Incident Response, IT, and Risk Management.
• Strong written and verbal communication skills to document detection logic and present findings to technical and non-technical stakeholders.

Problem Solving And Analytical Thinking:

• Excellent troubleshooting skills for identifying root causes of detected threats.
• Analytical mindset to assess complex technical issues and develop creative detection solutions.

Adaptability And Continuous Learning:

• Ability to quickly adapt to new technologies, frameworks, and threat landscapes.
• Willingness to stay current with industry trends and certifications.

Attention To Detail:
High level of precision in rule creation and tuning to minimize false positives and ensure detection accuracy.

Languages: English (High level)

Shift flexibility and schedule adherence are required for this position.

*Desired Certifications, Courses And Training:*

• Certified Detection Analyst (CDA)
• Certified Red Team Professional (CRTP) or expert (CRTE)
• Certified Azure Red Team Professional (CARTP) or expert (CARTE)
• OffSec Certified Professional (OSCP)
• GIAC Defending Advanced Threats (GDAT)