Senior Purple Team Engineer / Lead (Blue Focused)

Drees & Sommer SE -
Málaga, Málaga provincia

Solicitar ahora

Detalles del empleo

Jornada completa

Beneficios

Programa de recomendación

Cualificaciones

Pentest
Azure
CISSP
Sistema operativo Windows
Microsoft Office
SoC
Gestión de compliance
Respuesta a incidencias
Scripting
Cloud
SIEM
Linux
SaaS
CRISC
Python
PowerShell

Descripción completa del empleo

Experience Level

Experienced professional

Area

Location

Calle Trinidad Grund 12, 29001 Málaga

Employment Type

Full-time

Company

Drees & Sommer Digital Services

Start Date

By arrangement

We are seeking a Senior Purple Team Engineer to design, execute, and continuously improve adversary‑focused security validation across our enterprise environment. This role sits at the intersection of Red Team and Blue Team, with a strong defensive (Blue Team) bias, ensuring that offensive findings are systematically translated into measurable detection, response, and prevention improvements. Opportunities for external consulting are included.

The successful candidate will lead purple team activities end‑to‑end—from threat modeling and attack simulation to detection engineering, incident response tuning, and executive‑level reporting—while working closely with SOC, IT Operations, and GRC stakeholders.

This role is hands‑on, technically deep, and outcome‑driven, with a strong expectation of real‑world attack execution and production‑grade defensive improvement.

YOUR TASKS

Key Responsibilities

Purple Team & Adversary Simulation

Plan and execute purple team exercises aligned to real‑world threat actors (e.g., ransomware groups, APT tradecraft, insider threat).
Design attack scenarios mapped to MITRE ATT&CK, covering initial access, persistence, lateral movement, privilege escalation, command‑and‑control, and exfiltration.
Coordinate with Red Team and external penetration testing vendors to ensure tests are safe, controlled, and detection‑focused.
Translate offensive findings into clear, prioritized defensive improvements with measurable outcomes.

Blue Team / Defensive Engineering (Primary Focus)

Develop and tune SIEM detections, analytics rules, and alerts based on attack simulations and real incidents.
Build and optimize Microsoft Sentinel analytics, KQL queries, workbooks, and automation rules.
Improve Defender XDR detections across:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Office 365
- Microsoft Defender for Cloud Apps
Incident Response & DFIR Integration
- Act as a senior escalation point during security incidents, especially those involving active attacker behavior.
- Support digital forensics and incident response (DFIR) investigations on Windows and Linux endpoints.
- Use DFIR tools and platforms (e.g., Velociraptor) for threat hunting, artifact collection, and timeline analysis.
- Feed incident lessons learned back into detection engineering and preventive controls.
Threat Hunting & Detection Validation
- Conduct hypothesis‑driven threat hunts based on attacker tradecraft and threat intelligence.
- Validate coverage of detections against known TTPs and identify detection gaps.
- Continuously assess control effectiveness across endpoint, identity, cloud, and SaaS environments.
Vulnerability, Exposure & Control Validation
- Correlate vulnerability data with attacker exploitation paths and real exposure.
- Support and validate remediation prioritization based on exploitability and business impact, not CVSS alone.
- Partner with IT and Cloud teams to validate hardening, logging, and telemetry requirements.
Governance, Reporting & Stakeholder Communication
- Produce clear, executive‑level reporting from purple team exercises (findings, detection gaps, trends, maturity).
- Align purple team outcomes with ISO/IEC 27001, NIS2, and internal ISMS requirements.
- Contribute to security strategy, roadmap planning, and continuous improvement initiatives.
- Mentor junior analysts and engineers across Blue and Red Team disciplines.
Technical Environment & Stack (Required Experience)
Core Platforms
- Microsoft Sentinel (SIEM) – advanced KQL, analytics rules, workbooks, automation
- Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)
- Microsoft Entra ID (Azure AD) – identity attacks, logs, conditional access abuse
- Microsoft Purview – audit logs, investigations (desirable)
- Azure – logging, resource telemetry, cloud attack paths
DFIR & Threat Hunting
- Endpoint forensics (Windows & Linux)
- Velociraptor or equivalent DFIR tooling
- Memory, disk, and log‑based investigations
- Threat intelligence integration and ATT&CK mapping
Offensive Tooling & Techniques
- Adversary emulation frameworks (e.g., Atomic Red Team, CALDERA)
- Penetration testing and red team tooling (e.g., C2 frameworks, credential abuse, living‑off‑the‑land techniques)
- Social engineering awareness (technical validation focus; not marketing‑style phishing)
Scripting & Automation
- PowerShell (advanced)
- Python (working knowledge)
- Automation of testing, detection validation, and response workflows

YOUR PROFILE

Required Experience

7–10+ years in cybersecurity with proven experience across both Blue Team and Red Team roles
Demonstrated hands‑on detection engineering and incident response experience
Experience running or leading purple team exercises in enterprise environments
Strong understanding of real‑world attacker behavior, not just theoretical frameworks
Experience operating in regulated or compliance‑driven environments (ISO 27001, GDPR, NIS2)

Certifications (Strongly Preferred / Required)

Offensive / Red Team

OSCP / OSEP / OSCE / OSWE
CRTO / CRTO II
Equivalent advanced red team certifications

Defensive / Blue Team

GCED / GCIA / GCIR or equivalent
Microsoft Security certifications (Sentinel, Defender, XDR)
Advanced SIEM / SOC certifications

Governance / Architecture (Valuable)

CISSP (or ISSAP concentration)
CISM / CRISC
ISO/IEC 27001 Lead Implementer or Lead Auditor

YOUR ADVANTAGES

To ensure your work-life balance, we offer the option of mobile working

We promote your professional and personal development through individual training and further education at the Drees & Sommer Academy

We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy

Employees benefit from tax advantages related to their commuting expenses for the office

Fiscal advantages for employees expenses in meal costs during the worktime. Employee referral program with attractive bonus scheme

Supporting career and familiy by receiving tax benefits for kindergarten expenses

Solicitar ahora

Experience Level

Area

Location

Employment Type

Company

Start Date

YOUR TASKS

YOUR PROFILE

YOUR ADVANTAGES

Herramientas para candidatos

Herramientas para empresas

Buscar

Mantener la conexión