Cyber Defense Specialist

Your role:

The Cyber Defense Specialist (L3) is a highly technical and specialist role responsible for proactively protecting Global Relay’s digital infrastructure through advanced cyber defense strategies, including penetration testing, red and purple team engagements, threat detection enhancements and incident response preparedness. This position requires deep technical expertise, strong leadership abilities and a passion for evolving security capabilities. The role will jointly collaborate with the Cyber Security Operations Center and Cyber Engineering teams to perform hands-on offensive activities and research as part of “Purple Team” engagements, including training, mentoring of team members and over time, grow a team. Collaboration with stakeholder across Operations, Engineering and business units is critical to drive the maturity and improvements of Global Relay’s defensive posture.

The successful candidate will have a proven track record in analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen Global Relay’s defense capability. They must have direct experience in conducting network exploitation activities, including penetration tests, Red Team and Purple Team assessments. Furthermore, the candidate must demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies, incident response, threat hunting, penetration testing and adversary emulation tools.

Your responsibilities:

• Conduct safe, simulated cyber-attack simulations against our technology estates, acting as a real-world adversary might, to test Global Relay’s defenses.
• Design and execute threat intelligence-based cyber-attack simulations, including long-term campaign planning, persistence, and post-exploitation operations against Global Relay.
• Communicating technical findings in clear risk and impact-focused terms to senior stakeholders, enabling effective understanding and support for strategic decisions and roadmaps.
• Develop and implement technology platforms, tools and methodologies to augment and to automate team offensive and analytical capability.
• Mentor junior team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams.
• Plan, conduct and oversee internal and external penetration testing activities.
• Lead red and purple team exercises to simulate real-world attack scenarios and measure detection and response effectiveness.
• Identify and exploit vulnerabilities across Global Relay’s infrastructure and applications across network and endpoint systems.
• Mature Global Relay’s security operations through continuous tuning and optimization of SIEM, EDR, IDSP/IPS and threat intelligence platforms.
• Analyse internal systems and processes to map potential attack paths and lateral movement techniques.
• Collaborate with threat intelligence teams to integrate adversary TTPs (based on MITRE framework) into Global Relay’s tools and processes.
• Design and lead regular incident response simulations and tabletop exercises to ensure ‘match fitness’ to improve the effectiveness and response to cyber threats.
• Provide Global Relay’s management and leadership reports on cyber defense posture, risks and maturity metrics.
• Develop and implement tools and capability to automate threat hunting, detection and response actions.
• The ability to perform targeted, penetration tests with vulnerability identification, exploitation, and post-exploitation activities with no or minimal use of automated tools.

About you:

• Excellent understanding of cyber security operations, risk management processes, threats and vulnerabilities, including incident response methodologies.
• Ability to analyze vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence.
• 7+ years of Information Security experience in one or more of the following disciplines: network penetration testing, application (web, mobile) penetration testing, Red Team/Purple Team operations or application security assessments.
• Strong understanding of the following:
• Windows/Linux/Unix/Mac operating systems
• Commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite)
• Networking fundamentals (all OSI layers, protocols)
• Incident response
• Threat hunting
• Review log output from networking devices, operating systems, and infrastructure services.
• Offensive Security qualifications such as OSCP, OSEP, OSED, OSEE, OSCE, CREST.
• Knowledge of reverse engineering malware, obfuscation, persistence, exfiltration techniques.
• Technical knowledge or experience developing proof of concept exploits and in house scripting, using interpreted languages such as Python, Ruby, or Perl, compiled languages such as C, C++, C#, or Java.
• Experience in configuring and tuning security tools or technology such as Firewalls, IDS/IPS, Web Proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team/Purple Team results is highly desirable.