Digital Security Specialist
at , London
Salary: Daily rate up to £600
Job Type: Permanent
Job Title: Digital Security Specialist
CV Submission Deadline: Thursday 4th April @ 11am
Duration: 6 months
Daily Rate: Up to £600
Security Clearance: SC Required
IR35 IN/OUT Scope: Out of Scope
Key Tasks and Deliverables:
Real-world cyber security testing of products, services and systems across the Ministry of Justice. Adopting a red team approach, working across traditional scope boundaries to find the real risks to our information and people, and probing our defensive mechanisms to see how they react.
- Communication of team findings to stakeholders in a clear and actionable fashion, focusing on real-world impact and with pragmatic options for resolution.
- Development and implementation of tools and techniques to automate as much of the team’s ‘basic’ work as possible, providing continuous assurance that systems are protected against common threats.
- Developing and mentoring junior Red Team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department
Good penetration testing skills relevant to red team activities, such as:
- Social engineering
- Open source intelligence analysis and assessments
- Infrastructure penetration testing
- Web application penetration testing
- Mobile application penetration testing
- Strong knowledge of the security of Windows and Linux operating systems, networking and related technologies, including how they are deployed at-scale in complex legacy environments.
- Experience with common security tools, including Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc, for offensive security testing of real-world networks and services.
- Enabling and informing risk based decisions – Works with risk advisers to advise and give feedback. Advise on risk impact. Propose realistic and pragmatic mitigation that address these problems, and work with the product / project team to implement these effectively into their work.
Research and development experience, building and automating common red team processes and activities.
Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale.