Cyber Security Purple Team Lead

This is a hybrid role based in our Bath head office. As the Cyber Security Purple Team Leader, you'll provide deep Cyber Security operational expertise and lead daily Security Operations and Security Engineering activities, including incident detection and investigation, Posture Management, Threat Hunting, Ethical Hacking, IdAM, Digital Forensics, and Incident Response (DFIR). The role serves as the principal expert for technical cyber security escalations, a significant presence on the floor, and acts as the Deputy Cyber Security Manager when the Cyber Security Manager is absent.

What you'll do

This role requires demonstrable experience and advanced skills in delivering an active cyber security defense, focusing on intelligence-led posture management, threat hunting, and DFIR.

You will mentor the Security Operations and Engineering team, ensure development of security practices, act as the point of contact for technical advice and escalations, and provide operational leadership as Deputy Cyber Security Manager in the absence of the Cyber Security Manager.

Your responsibilities include:

• Leading analysis of security events, incidents, and threats, identifying root causes, and developing effective countermeasures.
• Ensuring rapid containment and mitigation of threats.
• Developing and maintaining DFIR capabilities.
• Acting as the primary point of contact for the Security Coordination Centre (SCC) and Managed Security Service Providers (MSSP).
• Coordinating incident response activities for complex security incidents.
• Monitoring threat intelligence sources, including open-source data, proprietary intelligence, and MSSP insights.
• Enhancing organizational situational awareness using Mitre ATT&CK modeling and offensive security experience.
• Identifying and refining security tools, IOCs, controls, and detections based on assessed threats, leading threat hunting activities.
• Developing and overseeing penetration testing and ethical hacking initiatives, including Red and Purple Team exercises.
• Maintaining and enhancing Dynamic Security Posture plans.
• Strengthening blue team capabilities and developing a purple team regime across the estate.
• Guiding the secure configuration and management of security tools, sensors, and architectures like SIEM, EDR, and NDR, and acting as a service manager where necessary.
• Developing and maintaining documentation such as security policies, procedures, playbooks, and incident reports, and presenting findings to senior management.
• Supporting and mentoring colleagues and apprentices in cybersecurity techniques and processes.
• Providing advice and guidance with empathy and humility when security breaches are detected.
• Promoting effective communication to foster understanding of cyber security risks and empower teams.

What you'll need

We are looking for:

• Experience in purple team operations and threat hunting.
• Deep knowledge of cyber threats and countermeasures.
• Advanced analysis skills for events, incidents, and threats.
• Expertise in Tactics, Techniques, and Procedures (TTP) such as MITRE ATT&CK and MITRE ATT&CK for ICS.
• Ability to identify security weaknesses and develop remediation strategies.
• Experience in internal threat hunting activities.
• Deep understanding of pen testing and purple team activities.
• Knowledge of security standards, protocols, and procedures.
• Strong written communication skills for documenting policies and delivering reports.
• Excellent verbal communication skills to explain complex security concepts clearly.
• Experience investigating Windows, Unix, and Linux operating systems.

What you'll receive

• Up to 20% pension contribution.
• Career development opportunities.
• 25 days' holiday, increasing to 28 with service.
• Option to buy or sell holiday days annually.
• Healthcare package for claiming back costs.
• Life assurance up to eight times salary.
• Electric car scheme, subject to conditions.
• Discounts from over 3,000 retailers.
• One paid volunteering day annually.
• Enhanced family leave and pay.
• Health and wellbeing platform.
• Mental health support.
• £1,000 referral bonus.

Who we are

YTL UK is part of the international YTL Group based in Kuala Lumpur, including:

• Wessex Water
• YTL Developments
• YTL Construction UK
• YTL Arena
• Other retail, environmental, and specialist businesses.

We value diversity and inclusion, are signed up to the Armed Forces Covenant, and are a Disability Confident Employer. Please inform us if you require adjustments during the recruitment process.