Cyber Defence Engineer - Amsterdam

Country: Netherlands 
City: Amsterdam 
Req ID: 475933

About CRH 

We are CRH, and we are committed to improving the building environment. We understand the wider impact our businesses can make in supporting human activity through the delivery of superior building materials and products for use in buildings, roads, public spaces, infrastructure, and other construction areas. 

CRH (LSE: CRH, ISE: CRG, NYSE: CRH) is the leading building materials business in the world, employing c.73,000 people at c.3,200 operating locations in 29 countries. It is the largest building materials business in Europe and North America, with regional positions in Asia. 

Without you noticing our products, we are everywhere you live, work, and relax. 

Our project portfolio includes some of the most sustainable and cutting-edge building projects around the world. Think of the asphalt on the Silverstone Grand Prix Circuit, the Paris Metro Rail project, but also the Louis Vuitton Museum in Paris, parts of the Burj Khalifa, and the Kennedy Space Centre. 

Learn more about us through the following Link.  

Position Overview 

CRH is looking for a Cyber Defence Engineer. The Cyber Defence Engineer will ensure to minimise the risk for CRH, both monetary and reputational, due to potential cyber security threats. By pro-actively identifying (Ethical Hacking) any misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data, this risk is minimised.

The Cyber Defence Engineer (Red Team) will be an essential member of the Cyber Threat Simulation Team. This role will be responsible for participating in the planning of network penetration testing of internal and internet facing information systems infrastructure.

This role is also responsible for identifying misconfigurations and cyber security vulnerabilities that could be exploited by an internal or external actor to gain unauthorized access to computer systems and data. Responsible for vulnerability and threat reporting, resulting in defined mitigation planning with the SOC and IT Ops Teams.

The Cyber Defence Engineer will own all security prevention topics of the Red Team. The person will, together with the Managed Service Provider, take ownership of ethically hacking of the CRH infrastructure to identify security threats before they are exploited.

Key Tasks and Responsibilities

In this role, you will:

• Be responsible for leading the red team exercises using automated tools, threat intelligence, and the MITRE ATT&CK Framework
• Participate in red team exercises that are intelligence driven to test cyber detections and response
• Be creating, building and maintaining red team infrastructure automating functions where needed
• Continually research new offensive security tactics, techniques, and procedures
• Be developing custom tools and tradecraft to automate tasks and increase the capabilities of the team
• Be defeating and defining externally led ad-hoc penetration testing and managing remediation plan
• Be responsible for participate in advanced social engineering campaigns to raise employee awareness
• Be contributing to report creation using an appropriate rating to classify severity and prioritize remediation
• Assist cyber defence teams during incident investigations providing subject matter expertise on attacker tradecraft and mindset
• Interface with other information security departments, as well as other technology departments and business stakeholders to raise awareness of security issues and to provide knowledge sharing on remediation
• Travel expectations: Limited travel (10-20%) is expected in this role.

Key Functional Competencies and Relevant Experience

You have/are capable of:

• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Managing Managed Service Provider regarding Red Team matters
• Experience in Microsoft Azure, Office365 and security tooling
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
• Experience with industry standard red teaming tools, Cobalt Strike, Metasploit, Burp Suite etc. Knowledgeable in Industry Security standards (i.e.: ISO2700X, NIST CSF)

Your Education and Experience

You have/are:

• MSc in Computer Science or equivalent desired, a CISSP (or equivalent) is a pro
• Minimum 10+ years ITIL-based Service Management in a business-to-business environment
• At least 5 years of experience in infrastructure or application-level vulnerability testing
• At least 10+ years of system, network and/or application security experience
• Fluency in both speaking and writing English.

What CRH Offers You  

• A culture that values opportunity for growth, development, and internal promotion  

• Highly competitive salary package 

• Comprehensive secondary benefits 

• Significant contribution to your pension plan  

• Health and wellness programs, including an on-site gym and fitness classes 

• Excellent opportunities to develop and progress with a global organisation  

Connect your future to CRH 

We are curious to learn more about you. At CRH, we believe our mutual differences contribute to the healthy, productive, and enjoyable workspace we create. Please introduce yourself and apply for this great opportunity. 

Is this role not for you, but do you know someone who is a perfect fit? Please let us know: careers@crh.com. 

CRH is an equal opportunity employer. We are committed to creating an inclusive work environment for all employees and actively encourage applications from all sectors of the community. 

Benefits listed below may vary depending on the nature of the employment with CRH and the country where you work.