ASOS is recruiting for an Offensive Security Specialist within the SOC. This role reports to the SOC and IR Manager and is key to leading offensive security assessments that enhance defence capabilities for ASOS. Working closely with cyber teams, you’ll identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to improve our security posture. You will contribute to the SOC team’s ongoing validation and enhancement of security controls and detection capabilities.
The role involves the following:
- Threat Hunting – Proactively searching for signs of malicious activity within the network, identifying threats that might go undetected by automated systems.
- Penetration Testing – Simulating real-world attacks to evaluate the effectiveness of security controls and identify vulnerabilities.
- Red Teaming – Conducting adversarial simulations to assess the organisation’s overall security posture and identify areas for improvement.
- Collaboration with Defensive Teams – Working closely with defensive security teams to share insights, improve detection capabilities, and enhance incident response processes.
- Developing Offensive Security Strategies – Designing and implementing strategies to proactively identify and mitigate security risks.
- Endpoint monitoring, contributing to incidents through to resolution and root cause analysis.
- Malware Analysis and investigation.
- Contributing to processes and SOPs.
- Developing and mentoring junior team members to enhance their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to foster a cybersecurity culture across departments.
- Maintaining awareness of real-world cybersecurity threats and innovating new analytic methods for proactive threat detection.
- Availability for on-call rota to handle escalated security incidents.
On-Call Requirements:
- The role includes on-call duties on a 4-week rota basis. You must be available for on-call shifts to ensure prompt response to emergencies and urgent situations.
- Flexibility and reliability are essential for this aspect of the role.
At ASOS, the online retailer for fashion lovers worldwide, we aim to empower our customers and our people to be their authentic selves. We are proud members of Inclusive Companies, are Disability Confident Committed, and have signed the Business in the Community Race at Work Charter. We ranked 8th in the Inclusive Top 50 Companies Employer list.
We support our team members’ well-being and inclusion. Let our Talent team know if you need any adjustments during the application process in whatever way works best for you.
About You:
- Relevant industry certifications such as GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience with frameworks like MITRE ATT&CK/D3FEND.
- Experience in penetration testing, ethical hacking, red team methodologies and tools.
- Ability to communicate findings and remediation strategies effectively to stakeholders. Capable of developing comprehensive reports and presentations for both technical and non-technical audiences.
- Strong problem-solving skills and leadership qualities, with good interpersonal skills to build relationships and communicate findings professionally.
- Knowledge of creating and tuning detection signatures, Indicators of Compromise (IOCs), and other malicious activity detection content.
- Preferred experience with Microsoft security tools.
- Committed to continuous learning, professional development, and developing others.
Benefits:
- Employee discount (hello ASOS discount!)
- ASOS Develops (personal development opportunities across the business)
- Employee sample sales
- Access to a wide range of LinkedIn Learning materials
- 25 days paid annual leave plus an additional holiday for special occasions
- Discretionary bonus scheme
- Private medical care scheme
#J-18808-Ljbffr…