About the role

Lead Purple Team Engineer in charge of enhancing security initiatives at Gartner. Utilizing offensive and defensive insights to protect critical digital assets and improve response capabilities.

Responsibilities

Lead Purple Team operations by designing, planning and executing purple team exercises and activities that simulate real-world attack scenarios to test and improve detection and response capabilities.
Work closely with teams such as the Security Operations Center (SOC), Threat Intelligence, and Detection Engineering to help identify and remediate gaps in existing controls
Develop new, and tune existing attack emulations based on use-cases and strategy, drawing from threat intelligence and current events
Play a key role in Threat Modeling exercises
Assist and support SOC analysts during ad-hoc Incident Response activities
Build and maintain tools and scripts to support purple team activities, including automation of attack simulations and telemetry analysis
Assist in the development of innovative and cutting-edge detection content aligned with ATT&CK, Cyber Kill Chain, and various other cyber security frameworks
Bring your own ideas and solutions to a fast-paced, growing, and evolving team centered around operational excellence
Act as a mentor to junior team members, promote knowledge sharing and contribute to the strategic direction of the Security Operations team.

5+ years of relevant Information Security or Penetration Testing experience
Deep understanding of offensive techniques and tools
Knowledge of MITRE ATT&CK, Cyber Kill Chain or other behavioral information security frameworks
Python, Bash, PowerShell or other scripting language experience
Bachelor’s in Computer Science, Information Security, Engineering, or commensurate experience in Information security is preferred
Extensive experience in purple/red teaming with a strong technical foundation in offensive security and adversary emulation.
Ability to design, build and scale automated security validation processes
Experience with Attack Emulation Platforms
Background in cybersecurity incident analysis and investigation
Experience utilizing security tools such as EDR (including live response), web proxy, WAF and email security tools
Knowledge of cloud environments (AWS, Azure, GCP)
Digital Forensics and Incident Response (DFIR) skills
Ability to query using various query languages such as SPL, SQL, KQL
Ability to communicate effectively and possess excellent prioritization skills.
Ability to automate tasks and code solutions to repetitive problems (Python, PowerShell, Bash)

Competitive compensation.
Limitless growth and learning opportunities.
Ongoing mentorship and apprenticeship; Leadership courses, development programs, technical courses, certification opportunities and more!
A collaborative and positive culture - join a diverse team of professionals that are as smart and driven as you.
A chance to make an impact – your work will contribute directly to our strategy.
Enjoy the flexibility of working from home and the energy of collaborating with peers in our dynamic offices.
20+ PTO days plus holidays and floating holidays in your first year.
Extensive medical, dental insurance and vision plan.
401K with corporate match, immediate vesting.
Health-and-wellness-related allowance programs.
Parental leave.
Tuition reimbursement.
Employee Stock Purchase Plan.
Employee Assistance Program.
Gartner Gives Charity Match.