Cyber Security Penetration Tester
£Competitive plus benefits
23 month fixed term contract
Hanslope Park, Milton Keynes
FCO Services plays a vital role in keeping information, assets and people safe. Our IT systems are used throughout the world not only in FCO Services buildings but also by customers including the National Crime Agency and Cabinet Office. Your leadership and technical expertise will help keep those IT systems safe.
You’ll protect leading-edge IT systems from attack
This role gives you responsibility for ensuring all live IT systems we deliver to our customers are safe and fully accreditable. You’ll lead a small team providing IT health checks, operational information assurance, and security architecture, and will play an ongoing role in developing even more thorough testing strategies and techniques, particularly for testing vulnerabilities. You’ll also act as a technical expert, explaining the implications of test findings to senior clients and providing advice on security testing to a wide range of external and internal contacts, including accreditors, technical architects and project managers. Another key responsibility for you and your team will be to develop solutions that secure live systems and ensure their vulnerabilities cannot be exploited.
You combine extensive technical knowledge with great people skills
To succeed, you will already need experience in a similar kind of role, ideally with another government department or possibly with a security consultancy. This will have given you a wide range of technical and security knowledge in areas including assessment management, background information gathering, Windows and Unix security assessment and web application vulnerabilities. Given how much liaising you’ll be doing with customers and colleagues, it is also very important that you are confident, good with people, and happy working across disciplines and teams. Personality-wise, we’re looking for someone who is focused, structured and methodical – and highly numerate and articulate as well.
And you want to work at the forefront of IT solutions
At FCO Services, we keep information, assets and people safe all around the world. Our customers, who include the Foreign & Commonwealth Office, look to us to respond with speed, agility and innovation to their ever-changing security challenges. This gives every job here added significance and means we have to work at the very forefront of IT solutions. So what better environment in which to hone your leadership ability and technical expertise.
Main responsibilities, focusing on the required outputs:
· Analyse complex customer’s information systems to understand the associated security risks, audit requirements, data value and to provide guidance on how to test security controls
· Provide technical security advice and assurance to colleagues and customers. Analyse identified security breaches and recommend solutions to militate against them reoccurring.
· Liaise with Key Stakeholders and customers ensuring appropriate levels of communication are maintained regarding technical security issues, that security policy and security architecture solutions meet their requirements and that they are kept up to date with a project’s progress
· Manage and develop the vulnerability assessment (penetration testing) service
· Assess customer security requirements, engaging with the customer to discuss their business plans and current HMG information assurance policy and CHECK policy.
· Develop more thorough testing strategies for network infrastructures, web applications and wireless networks.
· Assess security risks within complex designs and ensure that projects take account of and adhere to any prevailing accreditation requirements.
· Identifies information risks which are systemic across the programme
· Recommends implementation of new and innovative IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term
· Contributes to the development of IA strategies, policies, guidance and awareness
· Provide technical evaluation of third party supplier solutions and security assurance for the overall solutions supplied by FCO Services to the customer.
· Security tracking and development of technical solutions based on leading edge technologies and methods.
· Tailors the scope of testing to meet business requirements.
· Can explain to clients the implications of test findings, convincingly explains to directors the potential business impact if vulnerabilities are exploited.
· Develops through life test programmes to assess whether security is maintained.
· Coordinates penetration testing on information processes against relevant policies.
· Assessing and responding to new technical, physical, personnel or procedural vulnerabilities.
· Liaise with NCSC, Cabinet Office and other Government Departments on security policy to ensure FCO Services solutions comply with current Government Information Assurance standards.
· Develop collaborative working relationships with third party supplier/partner organisations e.g. CHECK testers
· Develop and maintain robust and long term relationships with customers and security bodies such as NCSC ensuring that FCO Services is seen to be at the forefront for delivering high quality responsive technical solutions based on leading edge technologies and methods
· Engage with Accreditors during accreditation process to provide guidance and to answer queries related to the information security aspects of delivered solutions.
· Provides Terms of Reference for the external CHECK team bid process and assess the bid response from vendors.
· Acts as an interface between CHECK team and the systems operations team
· Review, collate and filter vulnerabilities and CHECK reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes
· Respond constructively and effectively to customer and stakeholder enquiries and ensure team-members deal with customers in a professional and appropriate manner.
· Represent FCO Services at formal security conferences and meetings to gain contacts both with other security professionals and potential customers.
· Provide input to support the bidding process.
· Engaging with the change management process to ensure that vulnerabilities are mediated
Successful candidates will be required to complete security clearance.
Closing date: 5th March 2017.