Justice Digital and Technology
,
London, Greater London
Security Testing Manager
Overview
Job Description
Description Salary: 36,798 to 47,591 London / 30,989 to 41,095 National, depending on skills and experience Contract type: Permanent Grade: MoJ Band B Number of open roles: 1 Location: London/Sheffield/Birmingham Hours: 37 hours/week (42 hours incl. lunch) Working pattern: flexible working, full time, part-time Closing date for applications: 27th June 2020 Interview location: Video Call Introduction These are exciting times at MOJ Digital and Technology. We have a clear vision - to develop a digitally-enabled justice system that works more simply for users - and we're looking for talented people to help us achieve it. We're making things better by building adaptable, effective services and making systems that are simple to use for staff and citizens. It can be challenging but it's also important and rewarding. As well as doing great work, we're creating a place that's great to do work in. We offer tip-top kit, brilliant training opportunities and support from expert colleagues. On top of that, you'll find flexible working, an inclusive culture and a place where your opinion is valued. The role You'll be part of a small team specialising in offensive cybersecurity techniques and responsible for the security testing of the Ministry of Justice's products and services. Using your technical security expertise and judgement you will ensure that security testing gives a high degree of confidence that Ministry of Justice systems are resilient within a dynamic threat landscape. Main responsibilities: * Coordinate with third party providers to deliver technical security testing, including vulnerability assessments and penetration tests. This involves: * Management of the penetration test process, including threat modelling, scoping of tests, and working with relevant internal and external stakeholders to schedule tests. * Working proactively with internal and external stakeholders to communicate discovered vulnerabilities in both technical and non-technical business language. * Management of third party security testing providers, ensuring that security testing outputs are of a high quality and are delivered on time and within budget. * Prioritise security testing activities according to business requirements and the organisation's threat profile. * Maintain knowledge of emerging technologies and any associated vulnerabilities and risks and provide input to the Senior Leadership Team where these may impact the business. * Track key security testing data points and produce all required Management information and reporting. * Support and coach junior team members, leading by example. Skills/Experience Required: * Experience in planning, coordinating and ensuring the successful and safe completion of penetration tests within an enterprise environment. * Experience in working with a third party testing provider, and managing the supplier relationship. * Experience in working collaboratively with technical and non-technical stakeholders and in communicating the risk and impact of vulnerabilities and how to mitigate them. * Strong understanding of infrastructure, application and cloud security and related threats and vulnerabilities, and the ability to apply this knowledge to threat modelling * Strong understanding of the penetration testing lifecycle, how it supports the information assurance process and its intersections with development and service lifecycles. Desirable: * Hands-on penetration testing experience * Knowledge of Mobile Security; architecture, application and attack vectors * Familiarity with the CHECK scheme Throughout the process we will assess your technical specialist skills and experience on the above requirements. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status. Salary and working arrangements If successful, the salary we offer you will be at the minimum of the band advertised as per civil service rules. Therefore in your cover letter it would be helpful to the hiring teams if you can indicate your salary expectations meet the minimum salary of this band. You'll also get: * Flexible working options such as working from home/remotely, working part-time, job sharing, or working compressed hours, we have people doing it and are happy to discuss options further * Lots of training and development opportunities * A civil service pension with an average employer contribution of 22% * 25 days annual leave (plus bank holidays), and an extra day off for the Queen's birthday. No promises you'll be invited to her party, though * Great maternity, adoption, and shared parental leave, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too! * Bike loans and secure bike parking (subject to availability and location) * Season ticket loans, chi