Penetration tester/Dig Sec Specialist
Digital Security Specialist/Penetration Tester
Clearance: Current SC
CV deadline: 4/4 @ 1400
This role is part of a small team of security operations engineers who provide independent security testing of the Ministry of Justice's products and services.
You will conduct hands-on technical assessments and reviews of our estate, and of key suppliers, acting as an attacker might to test our defences and incident response processes.
You will be familiar with exploitation of a wide range of technologies, from classic enterprise IT (on-prem, Windows,
*nix, line of business applications) to modern digital services, as well as ways to combine multiple types of attack (physical, process etc) to achieve your desired goal.
Your work will be primarily based around scenario-based testing, but will also include deep-dives onto specific products, projects and datasets as identified by Cyber Security Risk Managers as being particularly interesting.
You will also collaborate with Cyber Security Consultants to inform their protective security work.
You will work closely with our Blue Team to identify potential mitigations and address discovered issues.
You will collaborate with third party security suppliers of penetration testing services, ensuring their work is sensibly-scoped, of a suitable quality, and provides value for money to the department.
Skills and Experience
Good penetration testing skills relevant to red team activities, such as:
* Social engineering
* Open source intelligence analysis and assessments
* Infrastructure penetration testing
* Web application penetration testing
* Mobile application penetration testing
Strong knowledge of the security of Windows and Linux operating systems, networking and related technologies, including how they are deployed at-scale in complex legacy environments.
Experience with common security tools, including Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc, for offensive security testing of real-world networks and services.
Enabling and informing risk based decisions - Works with risk advisors to advise and give feedback.
Advise on risk impact.
Propose realistic and pragmatic mitigations that address these problems, and work with the product / project team to implement these effectively into their work.
Research and development experience, building and automating common red team processes and activities.
Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale.
* Real-world cyber security testing of products, services and systems across the Ministry of Justice.
Adopting a red team approach, working across traditional scope boundaries to find the real risks to our information and people, and probing our defensive mechanisms to see how they react.
* Communication of team findings to stakeholders in a clear and actionable fashion, focussing on real-world impact and with pragmatic options for resolution.
* Development and implementation of tools and techniques to automate as much of the team's ?basic' work as possible, providing continuous assurance that systems are protected against common threats.
* Developing and mentoring junior Red Team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department
As well as the specific experience required above you will have the necessary qualifications, skills & experience to take control of this requirement from its inception to its completion.
If you meet the experience required above please call/mail me asap for more information.
- Start: ASAP
- Duration: 6 months approx - poss ext
- Rate: 600 Per Day Ltd
- Location: Petty France, England
- Type: Contract
- Industry: Accountancy
- Recruiter: Number 8 Resourcing Ltd
- Contact: James Christie
- Tel: 02087472161
- Email: to view click here
- Reference: P13267Moj
- Posted: 2019-04-02 11:02:42 -
- View all Jobs from Number 8 Resourcing Ltd
More Jobs from Number 8 Resourcing Ltd
- CCDO Operatives
- Cost Manager/QS
- Software Engineer/Stack Developer
- Domestic Gas Engineer
- Domestic Gas Engineer
- Call Centre Administrator
- Occupational Therapist
- Account Manager/Coach
- Oracle Database Administrator
- Rewards Advisor
- Category Manager
- Service Designer (Digital)
- IT Engineer
- Scientific Challenges Specialist - Pharmaceutical Researcher
- Procurement Officer
- Environmental Advisor
- IT Systems Administrator
- Cost Manager/QS
- Service Architect
- Infrastructure Server Engineer