Senior Ethical Hacker
Apply before 11:55 pm on Friday 30th September 2022
Type of role
Number of posts
We are the Cabinet Office’s cyber security team, and our mission is to secure the department (including its arms length bodies such as the Government Digital Service) against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK, Notify, and Register to Vote.
As a member of this team, you’ll work with others to build and deliver these core capabilities. The platforms you’ll help secure include our nationwide internal IT infrastructure and high-profile citizen-facing digital services such as GOV.UK and Register to Vote.
It’s essential that you have:
• significant experience delivering security testing of web based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
• recognised specialist certifications in the field of penetration testing (e.g., CREST Certified Infrastructure or Web Application Tester, OSCP, CCSAS)
• good analytical skills to understand the implications of security threats
• excellent verbal and written communication skills to ensure business and technical risks as clearly communicated
• significant experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
• experience developing and/or reviewing source code
• experience reviewing cloud infrastructure configurations and infrastructure as code
It is also desirable that you have:
• experience leading an offensive security team, or leading the delivery of complex offensive security projects
• experience working within a software development team and environments with frequent change
• experience of working with PCI environments
• experience of working in an Agile environment as part of a multidisciplinary team
• coordinate and lead the delivery of offensive security testing (including web application and infrastructure penetration tests, deliver endpoint build reviews, AWS/Azure reviews, infrastructure as code reviews (e.g. Terraform), and secure code reviews)
• schedule and scope testing carried out by the team, working directly with developers and product managers
• lead the delivery of new capabilities (e.g., “purple team” exercises working alongside the cyber defence team)
• build and improve the tools, processes and training within the team to ensure quality tests and improve efficiency
• implement automated and continuous penetration testing pipelines
• lead the continual improvement and automation of the team’s reporting processes and data collection
• act as an escalation point for, and provide coaching and mentoring to, ethical hackers
• be responsible for leadership and line management of ethical hackers
We'll assess you against these behaviours during the selection process:
- Changing and Improving
- Communicating and Influencing
- Managing a Quality Service
- Delivering at Pace
• An environment with flexible working options.
• A culture encouraging inclusion and diversity.
• A Civil Service Pension which provides an attractive pension, benefits for dependants and average employer contributions of 27%.
• A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.
Selection process details
During the sifting process we’ll use the information in your CV to assess your experience, skills and knowledge against the criteria for this role.
If you’re successful at sift, you’ll progress to an interview. During the interview process we'll assess your technical skills and behaviours.
Candidates should provide a CV (of no more than four pages) detailing their experience, skills and knowledge as applicable for this role. Please note this will be a separate upload.
Expected timeline (subject to change)
Expected sift date – N/A
Expected interview date/s – N/A
Interview location - Video
CVs will be sifted every two weeks and candidates meeting the criteria will be invited to interview shortly after.
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
- Contact Government Recruitment Service at: firstname.lastname@example.org as soon as possible before the closing date to discuss your needs.
- Complete the ‘assistance required’ section in the ‘personal information’ page of your application form to provide information we should be aware of that will enable us to support you further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.
Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.
Any move to Cabinet Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at here
A reserve list will be held for a period of 12 months, from which further appointments can be made.
If successful and transferring from another Government Department a criminal record check may be carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service /Disclosure Scotland on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.email@example.com stating the job reference number in the subject heading.
For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk
Any offer made above the base grade will be made up with a non-pensionable specialist pay allowance based on capability
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
Feedback will only be provided if you attend an interview or assessment.
Working for the Civil Service
Contact point for applicants
Job contact :
- Name : Gabriel Currie
- Email : firstname.lastname@example.org
Recruitment team :
- Email : email@example.com
If you feel that your application has not been treated in accordance with the Recruitment Principles, and wish to make a complaint, then in the first instance you should contact Government Recruitment Service at: firstname.lastname@example.org.
If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission at: email@example.com.
For further information on the Recruitment Principles, and bringing a complaint to the Civil Service Commission, please visit their website at: https://civilservicecommission.independent.gov.uk.