G7 Ethical Hacker
Sector: Central Government
Location: Manchester or Bristol
Date posted: 09/09/2021
Salary: £49,700 - £60,635 per annum*
Are you ready to join a Government department undergoing an exciting and significant Digital Transformation? Cabinet Office are seeking the appointment of a permanent Ethical Hacker to help support the ambition to make UK Government digital services the best in the world.
As an Ethical Hacker, you will form a crucial part of the Cyber Security team where you can expect to work in small multidisciplinary agile teams utilising a modern, forward-thinking approach to security on platforms as diverse as Amazon Web Services (AWS) with Terraform through to on-prem infrastructure and end user device security.
The team operates with a focus on self-service tooling, proactive security monitoring and provision of the education required to solve cross cutting cybersecurity challenges across the Cabinet Office. Working alongside other Ethical Hackers, analysts, engineers and other security professionals you will be responsible for elevating the security of our processes, services and infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie and helping teams address them. You will also take a leading role in security incident response across the organisation.
In this role, your main duties will include:
- work across the cyber team to set up the processes and training to enable us
- to provide red and purple team activities to highlight risks to services and help prioritise defences
- work with information assurance teams to provide assurances that services are secure
- implement automated and continuous penetration testing pipelines
- schedule and scope penetration tests for the team working directly with the developers and product managers
- contribute to the development of cybersecurity tooling and solutions
- participate in our incident response team, including out-of-hours support where required
- support analysts to identify threats and tune alerts
- perform application penetration tests, linux build reviews, AWS/Azure reviews, infrastructure as code reviews (e.g. terraform), and secure code reviews
- help us to continually improve and automate reporting processes and data collection
In order to be effective as an Ethical Hacker, it is essential applicants have the following skills and experience:
- recognised security certifications in the field of penetration testing
- experience of vulnerability testing of web based services, cloud services and underlying infrastructure for sophisticated attack vectors and mitigations
- good analytical skills to understand the implications of security threats
- hands on experience of Linux and a modern language such as Python
- demonstrable experience of the use of penetration testing tools such as BurpSuite, Nmap and Metasploit
- development and/or source code review experience
- experience reviewing cloud infrastructure configurations and infrastructure as code
Applicants with experience working within a software development team and environments with frequent change may be of particular interest. Other desirable criteria include experience of working with PCI environments, working in an Agile environment as part of a multidisciplinary team, and experience conducting internal network assessments and penetration tests.
You will be assessed based on the following Behaviours:
- Changing and Improving
- Communicating and Influencing
- Making Effective Decisions
- Delivering at Pace
Applicants will be required to provide an up to date CV and supporting statement (up to 1,250 words) detailing how you meet the requirements and behaviours listed above. You will also provide a completed diversity form.
To apply, please email firstname.lastname@example.org.
Download the full job description here.
Please note that this role requires SC clearance, which would normally require 5 years’ UK residency in the past 5 years. This may mean that your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
*any offer made above the base grade will be made up with a non-pensionable specialist pay allowance based on capability.