Mission

Purple Team is responsible to develop and run an ongoing program of simulated cyber-attacks based on prioritised threats to Santander. The remit of the team is to provide assurance on Santander’s cyber detection and response capability and during high profile Cyber incidents to support Investigations and Incident management to aid the speedy resolution and mitigation of the cyber risk.

Functions

• Enhanced response: Review and coordinate technical activities and projects to support the global response to high profile incidents to ensure the timely completion of all cyber investigations.
• Cyber defence validation: In response to all major cyber security threats and attacks, review and validate the strength of Santander’s protective cyber defences to mitigate future cyber risk.
• Cyber Threat Hunting: Review and coordinate activities for a continuous programme of cyber threat hunting to identify advanced malicious activity that has evaded traditional security monitoring capability. Purple Team members must be able to work together regardless of they are performing attacking (red team) or defensive (blue team) activities

Requirements

Education
Educated to degree level in a Computer Science / Information Technology related field. At least one of the following certifications (CISSP, CISA, CISM, CEH, OSCP, etc.). Other: SANS (GPEN, GWAPT, GXPN). Offensive Security Certifications (OSCP, OSCE, OSWE). EC-Council (CEH – Certified Ethical Hacking

Competencies

• Certification on Development Suite on the Cloud Services Provider
• Service approach, empathy
• Expert skill in any of the following tools and systems: (will vary depending on the job): Docker, Jenkins, UrbanCode, Ansible, Git, etc.
• Strong operational experience in Linux/Unix environment and scripting languages: Shell, Perl, Python.

Experience

• Minimum required: 7 + years of experience working in a technical security position, information security hardening technologies and techniques, cyber-attack simulation programs or similar background.
• In depth knowledge of information security and risk.
• Excellent technical understanding of IT and Information Security solutions, processes and systems.
• Deep technical specialism in the area of cyber-attack and defense technology.
• Experienced in coordinating and managing high performing teams through growing people, nurturing trust in the group and establishing a shared sense of purpose.
• Reporting skills Desirable: 10 + years of experience working in a technical security position, information security hardening technologies and techniques, cyber-attack simulation programs or similar background. Ability to apply risk based decisions balancing cost/opportunity and risk. Proficient leadership skills to develop and lead a high performing team of experts