Work cross-functionally to simulate, assess, and harden defenses, enabling secure-by-design principles across our enterprise. Proactively Anticipate Threats - Conduct proactive threat hunting and analysis using threat intelligence, tactics, techniques and procedures (TTPs) as per MITRE ATT&CK framework. Also if needed collaborate with Threat Intel teams to emulate MITRE ATT&CK and threat actor behaviors relevant to the organization /business environment. Proactively validate Defenses and Technical Security Controls with Adversary-Informed Testing - Lead and execute Breach and Attack Simulations (BAS) end to end using industry-leading BAS platforms such as SafeBreach, Mandiant Security Validation , AttackIQ, Picus Security, or custom-built scripts to test control efficacy. Map defenses and detections to MITRE ATT&CK to uncover blind spots and improve control resiliency. Integrate BAS outcomes with EDR, SIEM, SOAR, Identity, Cloud layers and security telemetry to validate detection capabilities and security stack effectiveness. Analyze BAS results to identify control gaps and ensure timely mitigation or remediation via required tools. Proactive Remediation via Engineering and Hardening - Further, recommend control enhancements and help harden detection rules, prevention policies, response playbooks, and security configurations. Work Cross functionally and collaborate with teams including SOC, Identity & Access Management, Detection Engineering, Security Architecture, Infrastructure, and Application teams to validate technical controls and enhance detection and response capabilities against simulated threats and draft playbooks. Automate false positive reduction in BAS Tool and evolve detection logic based on real-world threat trends. Provide strategic input in secure architecture controls validation, completeness and incident response planning across cloud, on-prem, and hybrid infrastructure. Lead implementation and optimization of tools across endpoint, network, identity, and cloud security domains basis BAS or purple teaming outcomes. Drive BAS results remediation end to end for identified detection, prevention, and response control gaps. Proactive Security Metrics, Reporting & Communication- Define and track metrics/KPIs (for e.g. - % MITRE ATT&CK techniques validated, detection coverage improvements before and after, control drift remediation rate etc.) and prepare reports to track--attack surface coverage, control completeness, effectiveness, and detection gaps closed. Stay current with emerging threats, vulnerabilities, and industry trends. Bachelor's degree in Computer Science, Information Security, or a related field. o MITRE ATT&CK Framework and TTPs o Security Operations Center (SOC) o Threat Intelligence, Detection Engineering o Breach and Attack Simulation (BAS) tools, Purple Teaming o Endpoint Detection and Response (EDR) o Security Information and Event Management (SIEM), SOAR o Vulnerability Management o Identity and Access Management (IAM) o Information Security Architecture Experience with threat hunting, log analysis, alert tuning, and BAS tools. In depth knowledge of attack lifecycle, MITRE ATT&CK, cyber kill chain, and modern threat actors. Deep understanding of enterprise security architecture, including cloud (AWS/Azure/GCP) and hybrid environments. Proficiency with tools like Splunk, Sentinel, CrowdStrike, EDR/XDR platforms, Network NDR , Firewall , WAF and security APIs. Excellent verbal and written communication skills, stakeholder management skills with the ability to convey complex technical concepts to diverse audiences across. Share knowledge, mentor others, and help drive a culture of curiosity, technical depth, and continuous improvement. Strong scripting skills in Python, PowerShell, or Bash and Exposure to Agile, CI/CD, or IaC pipelines are a plus. CISSP (Certified Information Systems Security Professional) Vendor-specific: Mandiant (MSV) Certified Professional, SafeBreach Certified, MITRE ATT&CK Defender credentials.
