Salary: £52,500 - £60,635 - depending on experience - Internal loan terms and conditions apply for Civil Servant applicants
Contract type: Permanent
Hours: 37 per week (excluding lunch)
Working pattern: flexible working, full-time, part-time, job share
Location: The White Chapel Building, 10 Whitechapel High Street, London, E1 8QS
Closing date for applications: Sunday 15th December 2019
Who we are
The Government Digital Service (GDS) is part of the Cabinet Office. We lead the digital transformation of the UK government so that it works better for everyone. Our work is user-focused, dynamic and forward-looking, making our organisation an exciting and innovative place to work.
Find out more at the GDS Blog.
Our Cyber Security team
At GDS we are building the most important Government digital projects to date with security at the heart of everything we do. The Cyber Security team are here to ensure secure operations and enable secure engineering in a consistent and scalable way.
GDS makes good use of modern technologies like Amazon Web Services (AWS), Kubernetes and Containerisation which requires a modern approach to security. We use automation, intelligence, and machine learning to create self-service tools that enable other teams to be more secure and resilient.
What you’ll do
Working alongside other ethical hackers, analysts and other security professions you will be responsible for evaluating the security of our processes, services and infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie and helping teams to address them.
As an Ethical Hacker in GDS you’ll:
- lead red-team activities to highlight risks to services and help prioritise defences
- implement automated and continuous penetration testing pipelines
- contribute to the development of cybersecurity tooling and solutions
- work with information assurance teams to provide assurances that services are secure
- perform application penetration tests, Linux build reviews and secure code reviews
- participate in our incident response team, including out-of-hours support where required
Who you are
We’re interested in people who:
- recognised security certifications in the field of penetration testing
- experience of vulnerability testing of web based services, cloud services and underlying infrastructure for sophisticated attack vectors and mitigations
- good analytical skills to understand the implications of security threats
- hands on experience of Linux and a modern language such as Python
- demonstrable experience of the use of penetration testing tools such as BurpSuite, Nmap and Metasploit
- development and/or source code review experience
What we value
Respect, collaboration and trust are at the core of our culture. We trust each other to do our best work. We believe in our mission and work for the whole population. We can only do that by being an inclusive and diverse organisation.
In the Civil Service, we use our Success Profiles. This means for each role we advertise we consider what you will need to demonstrate in order to be successful. This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity.
We will be looking at your experience, career history and achievements that are relevant to the specific job role. For this role we will be assessing your ability, experience, technical/specialist skills and behaviours, the following behaviours are the most relevant:
- making effective decisions
- managing a quality service
- delivering at pace