Are you OK with cookies?

We use small files called ‘cookies’ on jobs.justice.gov.uk. Some are essential to make the site work, some help us to understand how we can improve your experience, and some are set by third parties. You can choose to turn off the non-essential cookies. Which cookies are you happy for us to use?

Digital

Lead Offensive Security Operator – 60382
£50,427 – £63,500
National

Apply BACK TO SEARCH

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity.

JOB TITLE: Lead Offensive Security Operator

GRADE: Grade 7 

OVERVIEW 

Ministry of Justice Digital and Technology Services 

We design, build and support user-centred digital and technology services for the justice system: services that make a real difference to our staff, members of the public and their families who use them. Millions of people every year interact with our services, and Digital & Technology play an important role in improving access to justice and making that experience much easier and less distressing.

We are using digital, data and technology to build capability, work smarter and more efficiently. We enable innovation, ensuring our systems are secure and designed to protect our personal and sensitive data. We want to create a digitally enabled end-to-end justice system which can adapt and respond to changing needs.

To find out more about us please visit our blog.

THE ROLE 

You are part of a small team of offensive security operations engineers who provide independent security testing of the Ministry of Justice’s products and services. 

You will conduct hands-on technical assessments and reviews of our estate, and of key suppliers, acting as an attacker might to test our defences and incident response processes. You will be familiar with exploitation of a wide range of technologies, from classic enterprise IT (on-prem, Windows, *nix, line of business applications) to modern digital services, as well as ways to combine multiple types of attack (physical, process etc) to achieve your desired goal. 

Your work will be primarily based around scenario-based testing, but will also include deep-dives onto specific products, projects and datasets as identified by Cyber Security Risk Managers as being particularly interesting. You will also collaborate with Cyber Security Consultants to inform their protective security work. You will work closely with our Blue Team to identify potential mitigations and address discovered issues. 

You will collaborate with third party security suppliers of penetration testing services, ensuring their work is sensibly-scoped, of a suitable quality, and provides value for money to the department. 

MAIN RESPONSIBILITIES 

  • Real-world cyber security testing of products, services and systems across the Ministry of Justice. Adopting a red team approach, working across traditional scope boundaries to find the real risks to our information and people, and probing our defensive mechanisms to see how they react. 
  • Communication of team findings to stakeholders in a clear and actionable fashion, focussing on real-world impact and with pragmatic options for resolution. 
  • Development and implementation of tools and techniques to automate as much of the team’s ‘basic’ work as possible, providing continuous assurance that systems are protected against common threats. 
  • Developing and mentoring junior Red Team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department. 

CAPABILITIES 

The essential skills and experience required are 

  • Good penetration testing skills relevant to red team activities, such as:
    • Scenario-driven adversary simulation
    • Social engineering
    • Open source intelligence analysis and assessments
    • Infrastructure penetration testing
    • Web application penetration testing
    • Mobile application penetration testing 
  • Strong knowledge of the security of Windows and Linux operating systems, networking and related technologies, including how they are deployed at-scale in complex legacy environments. 
  • Experience with common security tools, including Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc, for offensive security testing of real-world networks and services. 
  • Enabling and informing risk based decisions – Works with risk advisors to advise and give feedback. Advise on risk impact. Propose realistic and pragmatic mitigations that address these problems, and work with the product / project team to implement these effectively into their work. 

Desirable: 

  • Research and development experience, building and automating common red team processes and activities. 
  • Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale.

COMPETENCIES 

Essential: 

  • Making effective decisions
  • Leading and communicating
  • Delivering at pace 

Desirable: 

  • Delivering value for money
  • Changing and improving
  • Collaborating and partnering
  • Seeing the big picture
  • Building capacity for all
  • Managing a quality service

Salary

The national salary range is £50,427 - £59,000, London salary range is £54,274 - £63,500. Your salary will be dependent on your base location

Additional Information

Working Arrangements & Further Information

The MoJ offers Hybrid Working arrangements where business need allows. This is an informal, non-contractual form of flexible working that blends working from your base location, different MoJ sites and / or from home (please be aware that this role can only be worked in the UK and not overseas). Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review.

For nationally advertised roles, the successful candidate(s) will be appointed to a MoJ office location, which may include their nearest Justice Collaboration Centre or Justice Satellite Office. This will be discussed and agreed on the completion of pre-employment checks.

Some of MoJ’s terms and conditions of service are changing as part of Civil Service reform. The changes will apply to staff joining MoJ who are new to the Civil Service. Staff joining MoJ from other civil service employers will transfer onto the new MoJ terms if they are already on ‘modernised’ terms in their current post or onto ‘unmodernised’ MoJ terms if they are on ‘unmodernised’ terms at their current post. Details will be available if an offer is made.

Flexible working hours

The Ministry of Justice offers a flexible working system in many offices.

Benefits

The MoJ offers a range of benefits:

Annual Leave

Annual leave is 25 days on appointment and will increase to 30 days after five years’ service.

There is also a scheme to allow qualifying staff to buy or sell up to three days leave each year. Additional paid time off for public holidays and 1 privilege day. Leave for part-time and job share posts will be calculated on a pro-rata basis.

Pension

The Civil Service offers a choice of pension schemes, giving you the flexibility to choose the pension that suits you best.

Training

The Ministry of Justice is committed to staff development and offers an extensive range of training and development opportunities.

Networks

The opportunity to join employee-run networks that have been established to provide advice and support and to enable the views of employees from minority groups to be expressed direct to senior management. There are currently networks for employees of minority ethnic origin, employees with disabilities, employees with caring responsibilities, women employees, and lesbian, gay, bisexual and transgender employees.

Support

  • A range of ‘Family Friendly’ policies such as opportunities to work reduced hours or job share.
  • Access to flexible benefits such as voluntary benefits, retail vouchers and discounts on a range of goods and services.
  • For moves to or from another employer or moves across the Civil Service this can have implications on your eligibility to carry on claiming childcare vouchers. You may however be eligible for alternative government childcare support schemes, including Tax Free Childcare. More information can be found on UKor Childcare Choices. You can determine your eligibility at https://www.childcarechoices.gov.uk/.
  • Paid paternity, adoption and maternity leave.
  • Free annual sight tests for employees who use computer screens.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles. Should you feel that the recruitment process has breached the recruitment principles you are able to raise a formal complaint in the following order

The Civil Service embraces diversity and promotes equal opportunities. As a Disability Confident employer, MoJ are committed to providing everyone with the opportunity to demonstrate their skills, talent and abilities, by making adjustments throughout all elements of the recruitment process and in the workplace. MoJ are able to offer an interview to disabled candidates who meet the minimum selection criteria, except in a limited number of campaigns.

You will be able to request reasonable adjustments to the recruitment process within the application form. If you need additional help completing the application form, please contact the SSCL Recruitment Enquiries Team.

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity.