Senior Penetration Tester
H M Revenue & Customs, Adamsdown, Caerdydd - Cardiff
Senior Penetration Tester
Salary not available. View on company website.
H M Revenue & Customs, Adamsdown, Caerdydd - Cardiff
- Full time
- Permanent
- Onsite working
Posted today, 17 Nov | Get your application in now to be one of the first to apply.
Closing date: Closing date not specified
job Ref: feb483d9741341d495042825a70543b4
Full Job Description
HMRC Security are part of HMRCs Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe. Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSEC) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats. Our vision is to be a recognised Centre of Excellence, delivering a holistic, customer-centric set of technical services to HMRC and wider HMG. We continually adapt and evolve our services to emerging technologies and the ever-changing threat and risk landscape to meet HMRC/HMG business needs. This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across HMG. The Role As a Senior Cyber Security Professional working within Security Testing, you will play a leading role in providing security testing, vulnerability assessment and continual security compliance capabilities in order to secure HMRCs services and to ensure the best possible technical security risk-based advice is given to our customers. As part of the role you will lead packages of work and contribute to wider CSTS services as required. You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services. This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens. Responsibilities can include: This consultant will be able to perform non-CHECK penetration testing, but with relevant and equivalent experience and qualifications Contribute to the development of Security Principles, Policies and Technical Standards Engage with HMRC project teams as required to identify, estimate, and complete agreed security testing activities. Support internal testing, to build team capabilities, and establish testing methodologies for varying test types Creation of required process, playbooks and document sets to support Security Testing capability For each test, the testers will produce a formal technical proposal and report utilising HMRC standard templates Provide testing guidance and advice to projects Review scopes and where CHECK testing required manage engagement with 3rd party pen testers Create scope/proposals/reports for internal testing work Aid with the development of Security Testing Strategy and production of outputs Help develop Secure by design framework for security testing, documenting testing approaches against control sets Scope, conduct and support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings. Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions. Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements Act as escalation point to deal with security testing related incidents Lead assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines. Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner. Assist in the development and delivery of Security testing documentation sets. Research and assess new threats and security/vulnerability alerts, and recommend remedial actions
Active SC Clearance required and you must have related Industry accreditations such as CREST, Offensive Security, SANS/GIAC or equivalent recognised qualifications with relevant IT Security experience., At application and interview, you must demonstrate intensive experience of:
- Understanding and experience of how technical security is applied in real life environments, technical security controls, threats, and vulnerabilities (incl. threat vectors) and current IT and security best practice approaches.
- Passion for security testing and continual development within this area.
- Related Industry accreditations such as CREST, Offensive Security, SANS/GIAC or equivalent recognised qualifications with relevant IT Security experience.
- Experience at managing and/or conducting a wide range of testing in different environments with different complexity.
- Using vulnerability management/scanning tooling, compiling reports, and conducting regular scanning and assessment activities.
- Building relationships with stakeholders, using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
- Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues., Ideally you will also have knowledge, understanding and/or experience of:
- Detailed understanding of penetration testing tools and techniques.
- Compiling Security testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.
- Developing and delivering change and successful delivery of technical security aspects of projects.
- IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures.