Senior Ethical Hacker

Cabinet Office

Apply before 11:55 pm on Friday 30th September 2022



Reference number



£49,700 - £64,500
Any offer made above the base grade will be made up with a non-pensionable specialist pay allowance based on capability


Grade 7

Contract type


Business area

CO - Chief Digital and Information Office

Type of role

Information Technology

Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts



Birmingham, Bristol, Glasgow, London, Manchester, Newcastle-upon-Tyne, Norwich, York


The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.

We are the Cabinet Office’s cyber security team, and our mission is to secure the department (including its arms length bodies such as the Government Digital Service) against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK, Notify, and Register to Vote.

Job description

The Ethical Hacking team delivers penetration testing and red teaming capabilities for the Cabinet Office and GDS, and is responsible for simulating offensive cyber tools and techniques to identify and drive security improvements.

As a member of this team, you’ll work with others to build and deliver these core capabilities. The platforms you’ll help secure include our nationwide internal IT infrastructure and high-profile citizen-facing digital services such as GOV.UK and Register to Vote.

It’s essential that you have:

• significant experience delivering security testing of web based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
• recognised specialist certifications in the field of penetration testing (e.g., CREST Certified Infrastructure or Web Application Tester, OSCP, CCSAS)
• good analytical skills to understand the implications of security threats
• excellent verbal and written communication skills to ensure business and technical risks as clearly communicated
• significant experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
• experience developing and/or reviewing source code
• experience reviewing cloud infrastructure configurations and infrastructure as code

It is also desirable that you have:

• experience leading an offensive security team, or leading the delivery of complex offensive security projects
• experience working within a software development team and environments with frequent change
• experience of working with PCI environments
• experience of working in an Agile environment as part of a multidisciplinary team


As a Senior Ethical Hacker, you will:

• coordinate and lead the delivery of offensive security testing (including web application and infrastructure penetration tests, deliver endpoint build reviews, AWS/Azure reviews, infrastructure as code reviews (e.g. Terraform), and secure code reviews)
• schedule and scope testing carried out by the team, working directly with developers and product managers
• lead the delivery of new capabilities (e.g., “purple team” exercises working alongside the cyber defence team)
• build and improve the tools, processes and training within the team to ensure quality tests and improve efficiency
• implement automated and continuous penetration testing pipelines
• lead the continual improvement and automation of the team’s reporting processes and data collection
• act as an escalation point for, and provide coaching and mentoring to, ethical hackers
• be responsible for leadership and line management of ethical hackers


We'll assess you against these behaviours during the selection process:

  • Changing and Improving
  • Communicating and Influencing
  • Managing a Quality Service
  • Delivering at Pace
• Learning and development tailored to your role.
• An environment with flexible working options.
• A culture encouraging inclusion and diversity.
• A Civil Service Pension which provides an attractive pension, benefits for dependants and average employer contributions of 27%.
• A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

See our vetting charter.
People working with government assets must complete basic personnel security standard checks.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours and Experience.
Application process
During the sifting process we’ll use the information in your CV to assess your experience, skills and knowledge against the criteria for this role.

If you’re successful at sift, you’ll progress to an interview. During the interview process we'll assess your technical skills and behaviours.

Selection process
Candidates should provide a CV (of no more than four pages) detailing their experience, skills and knowledge as applicable for this role. Please note this will be a separate upload.

Expected timeline (subject to change)
Expected sift date – N/A
Expected interview date/s – N/A
Interview location - Video
CVs will be sifted every two weeks and candidates meeting the criteria will be invited to interview shortly after.

Reasonable adjustments
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

  • Contact Government Recruitment Service at: as soon as possible before the closing date to discuss your needs.

  • Complete the ‘assistance required’ section in the ‘personal information’ page of your application form to provide information we should be aware of that will enable us to support you further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Further information
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.

Any move to Cabinet Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at here

A reserve list will be held for a period of 12 months, from which further appointments can be made.

If successful and transferring from another Government Department a criminal record check may be carried out.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service /Disclosure Scotland on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading.

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email

Any offer made above the base grade will be made up with a non-pensionable specialist pay allowance based on capability

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with settled or pre-settled status or who apply for either status by the deadline of the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
This vacancy is part of the Great Place to Work for Veterans initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : Gabriel Currie
  • Email :

Recruitment team :

  • Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles.
If you feel that your application has not been treated in accordance with the Recruitment Principles, and wish to make a complaint, then in the first instance you should contact Government Recruitment Service at:
If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission at:
For further information on the Recruitment Principles, and bringing a complaint to the Civil Service Commission, please visit their website at:

Share this page