Connecting Talent to opportunity

Connecting Talent to opportunity

Senior Cyber Security Professional: Penetration Tester

Expired

Job Description:

There are 3 x roles available in the following locations: Bristol, Cardiff, Croydon, Leeds, Manchester, Newcastle-upon-Tyne, Stratford and Telford (National salary £52,077, London salary £58,596).

Closing date for applications: 1st November 2021

 

Summary At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role

As a Penetration Tester, you will play a leading role in testing & securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.

You will sit within a multidisciplinary team in Cyber Security Technical Services (CSTS) and work closely with senior business & technical partners, to deliver appropriate risk based technical security hands on testing and guidance. Job description The Team:

Our team comprises of cyber professionals, with a range of experience and skills across security architecture, risk, assurance, testing and consultancy.

We are rapidly growing and looking for Senior Cyber Security Professionals to build and craft the security team in one of the largest IT estates in Europe.

This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across Government

The Role

You will play a leading role in testing & securing HMRC’s services, working with a multidisciplinary team of security professional, and work closely with key partners, to deliver risk based technical security hands on testing and guidance services.

Your role will specifically be around Application, Network & Cloud based Security Testing with the time split between hands-on penetration testing and leading third party CHECK approved testers.


The candidate will have dedicated time for CPD, through formal training, shadowing, CTF’s and individual and group R&D opportunities.

Successful candidates must meet the security requirements before they can be appointed. The minimum level of security needed is SC and appointment will be conditional on this being granted. Candidates may also be subsequently considered for DV (Developed Vetting) where projects or tasks require it.

Please speak with the vacancy holder if you have any questions regarding the vetting process before you apply.

Successful candidates will be required to undertake a reasonable amount of travel to various locations.

This role is also open to UK Forces transitioning to Civilian working life. We will support you where applicable. The role will also support current or new applications to Cyber Reservist Posts

Responsibilities As the ideal candidate, you will be an experienced Penetration Tester, with a validated history of delivering high value outcomes in challenging environments.

You will be confident with senior engagement skills and can involve and influence others regardless of grade or position.

You will act as the consummate professional in everything you do and be willing to learn, seek and value feedback and celebrate success.

Have knowledge of Cloud Security & Risk applied to all service models.

Be aware of International, UK and Government standards, best practice and guidance in appropriate domains such as Security testing, Secure coding and development.

Responsibilities

• Engage with internal and external partners to manage and provide appropriate Penetration Testing and assurance to the required standard and in accordance with policy and regulations.

• Scope, conduct, or support application security assessments, penetration tests and other non-functional security testing, appropriately recording and sharing any findings.

• Communicate effectively to technical and non-technical audiences at all levels using appropriate methods

• Committed to continuous improvement and innovation, whilst embracing change and developing others

• Adopt a flexible approach to meet business needs and champion consistency across our business in support of our “one team” ethos

• Deliver clear and honest communication, sharing knowledge and skills to build consistency and excellence in our work, seeking to achieve great results.

•· Committed to CPD and able to share and demonstrating new techniques / tooling with wider team members.

Essential Criteria:

You will have significant experience or knowledge of:

• CHECK TL/TM or equivalent experience at conducting a wide range of testing in different environments with different complexity

• Performing application security testing and network/infrastructure-level penetration testing. including using manual techniques as well as vulnerability testing tools and/or code review tools.

• Compiling penetration testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.

Desirable criteria:

• Ideally, you will also have one or more of the following:

• Active experience at CTF – HTB / Vuln Hub or equivalent

• A degree in computer security, computer science or equivalent

• Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR

• Membership of a security focussed professional body, e.g:

• Chartered member of British Computer Society (MBCS-CITP)

• CESG Certified Professional (CCP)

• Member of Chartered Institute of Information Security (CIISec)


Qualifications:

Relevant industry accreditations (including at least one that is test related) e.g., CHECK, CREST, OSCP, Tiger Scheme, SANS/GIAC –(GPEN/GXPN) or equivalent recognised security testing certifications with significant relevant IT Security experience  

We'll assess you against overall technical skills during the selection process