Cyber Purple Team Operator
About the role
The Purple Team operator will play a crucial role in our cybersecurity team by planning and executing threat actor emulations to assess Northern Trust's exposure to the latest techniques, tactics and procedures. The ideal candidate will be responsible for developing, planning, and executing advanced intelligence-lead adversary simulations to identify cybersecurity gaps to improve overall defenses and detections.
Key Responsibilities
- Perform intelligence led adversary simulation exercises.
- Provide recommendations to the security operations team for improving controls and defenses based on adversary simulation exercises.
- Aid Security Operations in continuously testing and improving detection, logging, SIEM use cases, and incident response playbooks.
- Bridge the communication gap by translating technical findings into actionable risk metrics for executive shareholders.
- Stay up-to-date on the latest attack tactics, techniques, and procedures (TTPs) used by threat actors.
- Continuous improvement of the bank’s security posture by identifying gaps in processes and technology and evaluating existing security controls.
- Develop reports that include technical findings, risk ratings, and strategic recommendations.
- Build and maintain custom tools and scripts to support adversary simulation.
- Lead post exploitation reviews to ensure the remediation efforts.
- Maintain and improve team’s tooling infrastructure.
- Enhance log ingestion strategies.
Qualifications and Experience
- 3+ years in cybersecurity, with hands-on experience in purple teaming, red teaming, or blue teaming.
- Strong understanding of MITRE ATT&CK framework.
- Experience with coding/scripting languages such as Python, PowerShell, or Bash.
- Strong understanding of cybersecurity principles, including SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions.
- Experience with Offensive Security and Purple Team tools e.g. Cobalt Strike, Metasploit, Caldera, Mythic, or Breach and Attack Simulation tools.
- Practical experience using AI APIs to automate repetitive tasks or analyze large datasets.
- Experience attacking and defending Azure, AWS or other cloud environments.
- Understanding Active Directory, EntraID, and modern authentication protocols.
- Understanding of OSI model and other networking concepts – TCP/IP, DNS, TLS.
- Custom payload development for EDR evasion.
- Certifications such as OSCP, OSEP, OSCE, CRTO, CRTP, GDAT, and GCDA are a plus.
Pay
Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.