Role: Lead Principle Security QA Engineer
Rate: Inside IR35
Location: likely 2 days a week onsite in London or Croydon.
Duration:6 months +
SC cleared or eligible.
The Role
The Home Office are currently developing an internal Security Testing capability that will operate out of the Quality Assurance and Testing function. As a Principle Cyber Security Professional, your role will be embedded in the Home Office Cyber Security (HOCS) function working day to day with senior security stakeholders to lead the continued development of the security testing service and represent security testing for the Home Office. Communication and professionalism are critical for this role as you will be working collaboratively with senior Home Office Security colleagues across the organisation on a day-to-day basis.
Working within Security Testing, you will play a leading role in delivering security testing, vulnerability assessment and continual security compliance capabilities in order to secure Home Office services and to ensure the best possible technical security risk-based advice is given to our customers.
You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of Home Office solutions and services.
Responsibilities
* Lead in the development and delivery of Security testing documentation sets to support the ongoing development of the security testing service.
* Engage with internal and external partners to manage and provide appropriate security Testing and assurance to the required standard and in accordance with policy and regulations.
* Work with the growing security testing team to scope, conduct, or support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings.
* Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions.
* Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements.
* Act as escalation point to deal with security testing related incidents
* Research, identify, validate, and embrace new technologies and methodologies.
* Lead assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines.
* Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner.
* Research and assess new threats and security/vulnerability alerts, and recommend remedial actions.
Essential Criteria
* Proven understanding and experience of how technical security is applied in real life environments, technical security controls, threats and vulnerabilities (incl. threat vectors) and current IT and security best practice approaches.
* Passion for security testing and continual development within this area.
* Related Industry accreditations such as CREST, Offensive Security, SANS/GIAC or equivalent recognised qualifications with relevant IT Security experience
* Experience at managing and/or conducting a wide range of testing in different environments with different complexity.
* Using vulnerability management/scanning tooling, compiling reports, and conducting regular scanning and assessment activities
* Building relationships with stakeholders, using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
* Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues.
* Knowledge of common vulnerabilities OWASP Top 10, CVE databases etc
* Understanding of Agile and DevOps practices for continuous testing and delivery
* Knowledge of integrating security testing into test automation and CI/CD pipelines
Desirable Criteria
Ideally you will also have knowledge, understanding and/or experience of:
* Detailed understanding of penetration testing tools and techniques
* Compiling Security testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.
* Developing and delivering change and successful delivery of technical security aspects of projects.
* IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures.
* Understanding of network protocols, ports, and services
* Understanding of encryption algorithms AES, RSA etc
* Knowledge of Public Key Infrastructure (PKI), SSL/ TLS certificates
* Basics of SIEM
* Basics of OS Patching
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.
Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
