Adversary Emulation & Defense Engineer

Job not on LinkedIn

October 15

Apply Now

Receive Emails with Similar Jobs

Inmar Intelligence

WebsiteLinkedInAll Job Openings

Artificial Intelligence • Healthcare • eCommerce

Inmar Intelligence is a company dedicated to using data and technology to empower brands, retailers, and healthcare companies to improve consumers' lives. They specialize in activating data to enhance shopper engagement through Martech solutions, optimize healthcare supply chains, and manage product returns efficiently. Inmar Intelligence integrates artificial intelligence to make data-driven decisions, helping to save shoppers money, improve healthcare safety, and reduce landfill waste. The company focuses on driving consumer loyalty, improving patient safety, and enhancing pharmaceutical returns, promoting a more sustainable and cost-effective environment for both businesses and consumers.

1001 - 5000 employees

Founded 1983

🤖 Artificial Intelligence

🛍️ eCommerce

📋 Description

• The Adversary Emulation & Defense Engineer plays a critical role in strengthening Inmar's ability to defend against emerging cyber threats by bridging offensive and defensive security disciplines. • This role designs and executes collaborative, threat‑informed adversary emulations that unite offensive (red) and defensive (blue) capabilities to measurably improve enterprise detection, prevention, and response. • Success is defined by faster detection and response, stronger red/blue collaboration, and improvements in detection and response KPIs and clear effectiveness against real world threats. • Plan, lead, and document purple‑team exercises (tabletop to hands‑on) emulating prioritized adversary TTPs across the full attack lifecycle (recon → exfiltration). • Build adversary‑emulation plans and safe automation in production‑like environments using Atomic Red Team, CALDERA, and custom scripts; map tests to MITRE ATT&CK and the kill chain. • Engineer, tune, and validate detections and controls across SIEM/analytics, endpoint configurations, identity protections, and network security to break attacker techniques. • Develop and maintain scalable automation for repeatable, CI‑style security control checks to ensure consistent, scalable validation. • Translate findings into actionable backlog items (SIEM rules, analytics, playbooks, hardening baselines, response procedures) with clear owners, timelines, and acceptance criteria. • Provide real‑time feedback and results to the Blue Team for rapid tuning and improvement during and after exercises. • Run regular hands‑on workshops where attackers demo evasion paths and defenders showcase detections and response playbooks; host office hours on ATT&CK, detection engineering, and threat‑informed defense practices. • Partner across IR, SOC, vulnerability management, and product/engineering to embed controls and detections early in design (S‑SDLC) and post‑deployment. • Lead regression tests to verify fixes and prevent drift. • Build reporting dashboards tracking ATT&CK coverage, detection latency, and MTTD/MTTC to measure control effectiveness. • Quantify control coverage per ATT&CK technique and spotlight residual risk tied to business‑relevant threats. • Perform threat modeling for new and evolving systems; prioritize emulations based on current intelligence and risk to “crown jewels. • Drive a continuous feedback loop that informs test prioritization, control roadmap, and secure‑by‑design decisions.

🎯 Requirements

• Bachelors , Information Security, or related field—or equivalent practical experience. • 4-6 years in offensive security and either detection engineering, incident response, or SOC with hands-on experience across at offensive and defensive domains. • Proven experience planning/executing adversary emulations and measuring control effectiveness using ATT&CK. (Medium proficiency) • Proficiency with one or more scripting languages (Python, PowerShell, Bash) and automation/version control (Git, CI). (Medium proficiency) • Practical knowledge of EDR/endpoint hardening, Windows/Linux internals, identity security (AD/Entra ID), and SIEM/log engineering (Elastic, Splunk). (Medium proficiency) • Ability to write, tune, and validate detections (e.g., SIGMA rules, EDR analytics) and to interpret telemetry (Sysmon, network flows). (Medium proficiency) • Excellent communication and collaboration skills to work across red, blue, and product/engineering teams. (High proficiency) • Experience with tools such as Atomic Red Team, CALDERA, ATT&CK Navigator, BloodHound/attack path mapping, sandboxing/YARA, and exploit mitigation techniques. (Low proficiency) • Cloud security experience (AWS/Azure/GCP) including logging, identity, and control validation in cloud workloads. (Low proficiency) • Background in S-SDLC practices and secure-by-design patterns for platforms/services. (Low proficiency) • GDAT, OSCP/OSWP, GPEN, GCDA, or comparable experience. preferred

🏖️ Benefits

• Medical, Dental, and Vision insurance • Basic and Supplemental Life Insurance options • 401(k) retirement plans with company match • Health Spending Accounts (HSA/FSA) • Flexible time off and 11 paid holidays • Family-building benefits, including Maternity, Adoption, and Parental Leave • Tuition Reimbursement and certification support, reflecting our commitment to lifelong learning • Wellness and Mental Health counseling services • Concierge and work/life support resources • Adoption Assistance Reimbursement • Perks and discount programs