Offensive Security Specialist

Company Description

We’re ASOS, the online retailer for fashion lovers all around the world. 

We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you’re free to be your true self without judgement, and channel your creativity into a platform used by millions. 

But how are we showing up? We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter and we placed 8th in the Inclusive Top 50 Companies Employer list.  

Everyone needs some help showing up as their best self. Let our Talent team know if you need any adjustments throughout the process in whatever way works best for you. 

Job Description

The Details

ASOS is recruiting for an Offensive Security Specialist within the SOC. This role will report into the SOC and IR Manager. This role will be key to leading offensive security assessments that strengthens defence capabilities for ASOS. Working closely with the cyber teams you'll identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to enhance our security posture. You'll will contribute to the SOC team’s continuous validation and improvement in security controls and detection capabilities.

 The role will involve the following

• Penetration Testing - Simulating real-world attacks to test the effectiveness of security controls and identify weaknesses.
• Red Teaming - Engaging in adversarial simulations to assess the organisation's overall security posture and identify areas for improvement.
• Collaboration with Defensive Teams - Working closely with defensive security teams to share insights, improve detection capabilities, and enhance incident response processes.
• Developing Offensive Security Strategies - Designing and implementing strategies to proactively identify and mitigate security risks.
• Contribute to processes and SOPS.
• Developing and mentoring junior team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in departments.
• Maintain awareness of real-world cyber security threats and engage in the innovation of new analytic methods for proactively detecting threats.

Qualifications

About You

• Practical experience in ethical hacking, penetration testing, and red team, blue team methodologies
• Relevant industry certifications like GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND)
• Familiar with industry-recognized frameworks for threat simulation and defence
• Able to communicate technical findings and remediation strategies clearly to both technical and non-technical audiences
• Skilled in producing accurate and well-structured reports and presentations
• Strong problem-solving and analytical skills, with a proactive and collaborative mindset
• Effective interpersonal skills, with the ability to build relationships and influence stakeholders
• Comfortable working with modern security tools and enterprise environments
• Committed to continuous learning and passionate about mentoring and developing others

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme