Cyber Security Purple Team Lead

This is a hybrid role based in our Bath head office. As the Cyber Security Purple Team Leader, you'll provide deep Cyber Security operational expertise and will help lead daily Security Operations and Security Engineering activities, encompassing incident detection and investigation, Posture Management, Threat Hunting, Ethical Hacking, IdAM, Digital Forensics and Incident Response (DFIR).  The role will serve as the principal expert for technical cyber security escalations, be a significant presence on the floorplate, within the team, and will act as the Deputy Cyber Security Manager in periods where the Cyber Security Manager is absent.

What you'll do

This exciting role requires demonstrable experience and advanced skills across a range of activities, with a focus on delivering an active and energetic cyber security defence, incorporating intelligence-lead posture management, threat hunting and DFIR preparation/execution.  

Acting as a mentor to the Security Operations and Engineering team, they will ensure continued development and improvement of security practices. They will also act as the POC for detailed technical advice and escalation required by the Security teams, for technical cyber security advice required by colleagues across IT, IoT and OT teams, and will provide operational leadership, acting as the Deputy Cyber Security Manager in periods where the Cyber Security Manager is absent.

Your responsibilities include:

• leading analysis of security events, incidents and threats, identifying root causes and developing effective countermeasures
• ensuring rapid containment and mitigation of threats
• developing and maintain Digital Forensics and Incident Response (DFIR) capabilities
• acting as a continual POC for the Security Coordination Centre (SCC) and Managed Security Service Providers (MSSP)
• coordinating incident response activities for complex security incidents
• monitoring and assessing various threat intelligence sources, including open-source data, proprietary intelligence, and MSSP-derived insights
• enhancing organizational situational awareness and leveraging Mitre ATT&CK® modelling and offensive security experience to identify defensive improvements
• identifying and refining security tools, indicators of compromise (IOCs), controls, and detections based on assessed threats, lead driven threat hunting activities
• developing and overseeing penetration testing and ethical hacking initiatives, incorporating Red and Purple Team exercises
• maintaining and enhancing Dynamic Security Posture plans
• enhancing blue team capabilities and develop a purple team regime across the estate to bolster internal threat hunting capabilities
• guiding and support the secure configuration and management of security tools, sensors, and architectures including SIEM, EDR and NDR products. Also, where necessary, act as a ‘service manager' for a designated technology area
• developing and maintaining detailed documentation, including security policies, procedures, playbooks and incident reports, presenting findings and recommendations to senior management and relevant stakeholders
• supporting and mentoring colleagues, analysts and apprentices in cybersecurity techniques, processes and technical skills
• providing considered advice and guidance and where security transgressions are detected, employing empathy, candour and humility
• fostering effective communication and collaboration to promote understanding of cyber security risk, empowering teams to make informed decisions with confidence.

What you'll need

We are looking for:

• purple team and threat hunting experience
• deep knowledge of cyber security threats and countermeasures
• advanced analysis abilities of events, incidents and threats
• deep knowledge of Tactics, Techniques and Procedures (TTP) e.g., MITRE Att&ck Framework and MITRE ATT&CK for ICS
• identifying enterprise security weaknesses and devising remediation strategies
• developing and conducting internal threat hunting activities
• deep understanding of pen testing and purple team activities
• demonstrable knowledge of standards, protocols, practices and procedures
• strong written communication skills, experience documenting policies, procedures and requirements, confidence delivering reports or briefings for senior managers
• strong verbal communication, with the ability to simplify and concisely explain security requirements and complex security concepts
• knowledge and experience investigating Microsoft Windows (desktop and server), Unix and Linux operating systems.

What you'll receive

• A combined pension contribution of up to 20%.
• Career progression and professional development opportunities.
• 25 days' holiday rising to 28 with length of service.
• The opportunity to buy up to ten days' holiday and sell up to five every year.
• A healthcare package that allows you to claim back healthcare costs.
• Life assurance of up to eight times your salary.
• A new electric car in exchange for part of your gross salary, subject to conditions.
• Cashback and discounts from more than 3,000 retailers.
• One paid volunteering day each year.
• Enhanced family leave and pay arrangements.
• An interactive health and wellbeing platform.
• Support from mental health first aiders.
• A £1,000 referral fee if you recommend someone to work for us.

Who we are

YTL UK is part of the international YTL Group based in Kuala Lumpur. The UK companies include:

• Wessex Water – one of the top-performing water and sewerage companies in England and Wales, serving 2.9 million people across the South West.
• YTL Developments – a major UK developer currently redeveloping a 350 acre former airfield into an award winning, exciting mix of houses, apartments, schools, commercial space, restaurants and hotels, to make a truly sustainable new community.
• YTL Construction UK – a top 20 UK contractor providing fully integrated services to infrastructure, residential, commercial, industry, energy and environmental sectors.
• YTL Arena – the development and operation of an entertainment complex that includes a 19,000 capacity arena, conferencing and exhibition space.
• Plus a number of other retail, environmental and specialist businesses.

Our people tell us that YTL UK is a great place to work, which is why so many of them stay with us! You will have a unique opportunity to develop and progress your career within such a diverse group.

We are passionate about diversity and inclusion – with that in mind, all applicants are welcome. We are delighted to have signed the Armed Forces Covenant and are a Disability Confident Employer.  

If you require reasonable adjustments to be made during the recruitment process, please inform a member of our Recruitment team.