Security Specialist (Offensive) - Security Operations

Company Description

We’re ASOS, the online retailer for fashion lovers all around the world. 

We exist to give our customers the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you’re free to be your true self without judgement, and channel your creativity into a platform used by millions. 

But how are we showing up? We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter and we placed 8th in the Inclusive Top 50 Companies Employer list.  

Everyone needs some help showing up as their best self. Let our Talent team know if you need any adjustments throughout the process in whatever way works best for you. 

Job Description

ASOS is recruiting for an Offensive Security Specialist within the SOC. This role will report into the SOC and IR Manager. This role will be key to leading offensive security assessments that strengthens defence capabilities for ASOS. Working closely with the cyber teams you'll identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to enhance our security posture. You'll will contribute to the SOC team’s continuous validation and improvement in security controls and detection capabilities.

 The role will involve the following

• Threat Hunting - Proactively searching for signs of malicious activity within the network, identifying threats that might go undetected by automated systems.
• Penetration Testing - Simulating real-world attacks to test the effectiveness of security controls and identify weaknesses.
• Red Teaming - Engaging in adversarial simulations to assess the organisation's overall security posture and identify areas for improvement.
• Collaboration with Defensive Teams - Working closely with defensive security teams to share insights, improve detection capabilities, and enhance incident response processes.
• Developing Offensive Security Strategies - Designing and implementing strategies to proactively identify and mitigate security risks.
• Endpoint monitoring, contribute to incidents through to resolution and root cause analysis.
• Malware Analysis and investigation.
• Contribute to processes and SOPS.
• Developing and mentoring junior team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in departments.
• Maintain awareness of real-world cyber security threats and engage in the innovation of new analytic methods for proactively detecting threats.
• Available for on-call Rota for escalated Security Incidents

On-Call Requirements

• The role includes on-call duties on a 4-week rota basis. You will be required to be available for on-call shifts, ensuring prompt response to emergencies and urgent situations.
• Flexibility and reliability are essential for this aspect of the role.

Qualifications

About You

• Relevant industry certifications like GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND)
• Experience in Penetrating testing, ethical hacking, red team methodologies and tools,
• Effectively communicate findings and remediation strategy to stakeholders. Develop comprehensive and accurate reports and presentations for both technical and non-technical audiences.
• Strong problem-solving skills and leadership abilities, with good interpersonal skills to build relationships and communicate findings professionally.
• Working knowledge of creating and tuning detection signatures, Indicators of Compromise (IOCs), and other content to detect malicious activity,
• Preferred experience with Microsoft’s security stack
• Committed to continuous learning and professional development, and passionate about developing others.

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme