Sector: Central Government
Date posted: 23/12/2021
Salary: £49,700 - £64,500 per annum
The Cabinet Office are recruiting to an Ethical Hacker vacancy on a permanent basis.
The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.
We are the Cabinet Office’s cyber security team, and our mission is to secure the department (including its arms length bodies such as the Government Digital Service) against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK, Notify, and Register to Vote.
The Ethical Hacking team delivers penetration testing and red teaming capabilities for the Cabinet Office and GDS, and is responsible for simulating offensive cyber tools and techniques to identify and drive security improvements.
As a member of this team, you’ll work with others to build and deliver these core capabilities. The platforms you’ll help secure include our nationwide internal IT infrastructure and high-profile citizen-facing digital services such as GOV.UK and Register to Vote.
As an Ethical Hacker, you will:
- deliver web application and infrastructure penetration tests
- deliver endpoint build reviews, AWS/Azure reviews, infrastructure as code reviews (e.g. Terraform), and secure code reviews
- work alongside Security Analysts on “purple team” exercises to improve threat detection and incident response capabilities
- build and improve the processes and training within the Ethical Hacking team
- implement automated and continuous penetration testing pipelines
- schedule and scope penetration tests for the team, working directly with the developers and product managers
- contribute to the development of cyber security tooling and solutions to improve the efficiency and effectiveness of the team
- help us to continually improve and automate reporting processes and data collection
It’s essential that you have:
- experience delivering security testing of web based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
- recognised certifications (e.g., CRT, OSCP) in the field of penetration testing
- good analytical skills to understand the implications of security threats
- good verbal and written communication skills to ensure business and technical risks as clearly communicated
- experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
- experience developing and/or reviewing source code
- experience reviewing cloud infrastructure configurations and infrastructure as code It is also desirable that you have:
- experience working within a software development team and environments with frequent change
- experience of working with PCI environments
- experience of working in an Agile environment as part of a multidisciplinary team
In the Civil Service we use our Success Profile Framework to outline expected behaviours and we will use these as part of our wider assessment during the interview process.
We’ll assess you against these behaviours during the selection process:
- changing and improving
- communicating and influencing
- making effective decisions
- delivering at pace
Location: London, Bristol, Manchester, Glasgow, York, Birmingham, Norwich, Newcastle
Please note that if your application is selected to proceed to the next stage, you should expect to undertake an interview based on the relevant competencies and technical skills, as well as a hands-on technical assessment.
Applicants will be required to provide an up to date CV and completed diversity form.
View the full job description here.
To apply, please email firstname.lastname@example.org.
Cabinet Office are an equal opportunity employer and value diversity in our organisation. You can find out more about our commitment to diversity and inclusion and read our equal opportunities statement on our Diversity and Inclusion page. CDIO is based in London, Bristol and Manchester, and you will be working with colleagues across all three sites. CDIO supports flexible working, including a balance between office and home-based working.
Please note that this role requires SC clearance, which would normally require 5 years’ UK residency in the past 5 years. This is not an absolute requirement but supplementary checks may be required where individuals have not lived in the UK for the required period. This may mean that your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
*offers made above the base grade will be made up with a non-pensionable specialist pay allowance