Senior Security Engineer - Purple Team

When you join Verizon

Verizon is one of the world's leading providers of technology and communications services, transforming the way we connect across the globe. We're a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward - and you can too. Dream it. Build it. Do it here.

What you'll be doing...

This role is a part of Verizon Cyber Defense Breach & Attack Simulation (BAS) team under the Chief Information Security Office (CISO). This team is responsible for evaluating Verizon security controls through structured cyber threat emulations and collecting relevant telemetry. Additionally, the BAS team is responsible for evaluating results, identifying potential gaps and submitting for remediation.

The Analyst is part of the Breach & Attack SImulation (BAS) team that evaluates Verizon's security controls, processes and technologies utilizing a BAS platform. This Analyst will serve as a resource responsible for assembling threat actor behaviors/TTPs, from an existing library, based on direction from senior team members and the threat intelligence team. Additionally, the Analyst] will work closely with the various internal information technology and cyber defense teams to ensure representative endpoints and security zones are identified for BAS evaluation. Furthermore, a major part of this role's responsibility will be around reporting and metrics trending of BAS results. This will include the ability to interpret results of a specific threat emulation and identify security implications.

An ideal candidate will be active in the cyber threat intelligence community, and be able to apply that knowledge to shape Verizon's security posture. Additionally they will have had some level of experience with BAS solutions, red teaming, penetration testing and/or adversary/threat emulation/simulation experience.

• Operating a threat emulation platform to execute cyber threat tactics, techniques, and procedures in a targeted and controlled manner to specifically test identified controls and/or technologies
• Utilizing various tools and technologies to search for event telemetry related to threat emulations at various layers (i.e. data, network and application).
• Interpreting threat intelligence provided by internal and external sources to create representative threat emulations from existing library or work with vendor to create custom emulations.
• Evaluating the quality of provided data sources and recommend improvements to the sensing capabilities and coverage.
• Generating reports from tests and communicate any identified gaps and opportunities for improvements to relevant stakeholders.
• Coordinating with vendors to support and utilize control validation platform.
• Working with information technology teams and adhere to Verizon's support, change, compliance and configuration management processes.
• Coordinating with blue team cyber defenders to ensure deconfliction of testing, alerting and ensure proper event data was identified

• Bachelor's degree or four or more years of work experience.
• Four or more years of relevant work experience.
• Three or more years of experience in the cyber / information security field.
• Three or more years of experience in SIEM platform, including the ability to understand and analyze logs and event correlations.

• Professional certifications including CEH, CISSP, SANS GCIA, CISM.
• Experience in leading or participating in breach attack & simulation, penetration testing, red team or purple team activities.
• Experience in development of log event correlation queries (i.e. content) in support of threat detection.
• Experience in using, or administering SOAR and supporting and understanding event data and event correlations from diverse log sources.
• Knowledge of Windows and Linux operating systems utilized in a large diverse network environment.
• Experience in deploying and configuring Windows and Linux servers.
• Experience in utilizing command line interfaces and languages such as PowerShell and Bash.
• Experience in Active Directory, LDAP, group policy, SSO, Kerberos etc.
• Experience in endpoint security technologies / EDR to include basic administration and understanding of prevention and detection policies (e.g. exclusion policies, signature vs. machine learning, installation and deployment of agents/sensors).
• Experience in cloud technologies such as AWS, Azure and GCP to include associated logging and security controls.
• Ability to convey a strong presence, professional image, and deal confidently with complex technical problems.
• Ability to work with customers, client executives and other Verizon teams.