Security Testing Consultant
Hybrid Working from one of our Regional Centres
SC Clearance required and you must have related Industry accreditations such as CREST, Offensive Security, SANS/GIAC or equivalent recognised qualifications with relevant IT Security experience.
The Team
HMRC Security are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSEC) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
Our vision is to be a recognised Centre of Excellence, delivering a holistic, customer-centric set of technical services to HMRC and wider HMG. We continually adapt and evolve our services to emerging technologies and the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across HMG.
The Role
As a Senior Cyber Security Professional working within Security Testing, you will play a leading role in providing security testing, vulnerability assessment and continual security compliance capabilities in order to secure HMRC’s services and to ensure the best possible technical security risk-based advice is given to our customers.
As part of the role you will lead packages of work and contribute to wider CSTS services as required.
You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens.
Responsibilities can include:
·This consultant will be able to perform non-CHECK penetration testing, but with relevant and equivalent experience and qualifications
·Contribute to the development of Security Principles, Policies and Technical Standards
·Engage with HMRC project teams as required to identify, estimate, and complete agreed security testing activities.
·Support internal testing, to build team capabilities, and establish testing methodologies for varying test types
·Creation of required process, playbooks and document sets to support Security Testing capability
·For each test, the testers will produce a formal technical proposal and report utilising HMRC standard templates
·Provide testing guidance and advice to projects
·Review scopes and where CHECK testing required manage engagement with 3rd party pen testers
·Create scope/proposals/reports for internal testing work
·Aid with the development of Security Testing Strategy and production of outputs
·Help develop Secure by design framework for security testing, documenting testing approaches against control sets
·Scope, conduct and support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings.
·Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions.
·Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements
·Act as escalation point to deal with security testing related incidents
·Lead assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines.
·Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner.
·Assist in the development and delivery of Security testing documentation sets.
·Research and assess new threats and security/vulnerability alerts, and recommend remedial actions
Essential Criteria
At application and interview, you must demonstrate intensive experience of:
Please ensure your CV clearly demonstrates how you meet this essential criteria
Desirable Qualifications
Ideally you will also have knowledge, understanding and/or experience of:
Please note that SC Clearance is required for this position.
Discovering Direct IT Contract Opportunities for Contract Spy members.