Location
About the job
Job summary
The DWP Cyber Resilience Centre (CRC) offers a uniquely challenging and fulfilling opportunity for people interested in making a genuine difference to society.
CRC is an innovative and responsive operation delivering a range of services to help DWP protect, monitor and respond to malicious behaviour or activity and threats to, or compromises of, financial and personal data assets.
DWP is the UK’s biggest government department; few other organisations globally provide the same opportunity to apply next-generation digital technology on a massive scale to issues with touch the lives of so many. We support more than 20 million people every day to help them find work and save for their future. We provide financial assistance worth over £200 billion each year to ensure that the most vulnerable in society are protected. With 800 locations and around 100,000 colleagues, we’re bigger than most retail operations.
The Vulnerability Assessment Team is part of the Cyber Resilience Centre (CRC). You will be part of a dynamic, innovative, delivery-oriented team that leads work to develop and implement new security capabilities and technologies in support of CRC and Departmental security objectives.
We operate within a challenging multi-stakeholder environment, engaging within internal customers, delivery teams and stakeholders, as well as with external third- party suppliers and other Government Departments to support the build and maturity of DWP’s security capabilities.
Job description
About the role:
Continuous Vulnerability Monitoring (CVM)
As a SEO in this area, you will be responsible for running a range of tools and scanning techniques across the estate within troubleshooting any issues with the scans and on-boarding new complex systems and / or environments to the service.
Evaluate findings and ensure these are prioritised and reported to stakeholders in a timely manner.
On Demand Testing
As a SEO in this area, you will be responsible for working with business contacts requiring On Demand testing to unsure the testing is appropriately provisioned and conducted efficiently in the most appropriate way..
Your responsibilities will include:
Working with stakeholders to advise on scope and provision intelligence-led penetration tests, Red-Team exercises and targeted IT Health Checks to identify vulnerabilities that could be exploited to compromise the DWP’s IT network. Configuring and deploying vulnerability scanning and network security assessment tools across all environments, notably the continuous vulnerability management tooling optimising the scans to gain maximum value from the tool Demonstrate knowledge of common approaches and tooling to perform vulnerability assessment and to validate system configuration Develop and implement schedules for performing vulnerability assessments to meet organisational objectives and compliance requirements Conduct ad-hoc testing as required Understands the potential risks of security testing in different operational environments and takes them into account while developing plans. Reviewing and validating findings from vulnerability assessments and advising technical and non-technical audiences on the implications of identified vulnerabilities, assisting in the prioritisation of those vulnerabilities. Assisting stakeholders in understanding the technical vulnerability information provided. Interpret vulnerability reports and dashboards, respond to those vulnerabilities posing a threat of exploitation through collaboration with stakeholders, escalating issues where appropriate Ability to analyse multiple data sources in tools such as Splunk to produce quality vulnerability insights from a range of data sources Providing customised reports, data, and information on technical vulnerabilities to stakeholders in the first and second line. Ensure lessons learnt are captured and reported. Tracking remediation activities, escalating any issues of concern as necessary. Collaborating with stakeholders to input into tactical and strategic plans relating to manage technical vulnerabilities. Acting as a subject matter expert for vulnerability assessments, assisting in the development, critique, and continuous improvement of the Vulnerability Assessment Service. Understanding the Department for Work & Pensions, its infrastructure and applications, the vulnerabilities on its systems and how these might be exploited by a hostile third party. Keeping up to date with latest vulnerability trends and news and appropriately responding to these emerging vulnerabilities. |
Person specification
We welcome applications from candidates who are enthusiastic, self-motivated, and welcome the opportunity to contribute to securing DWP.
Essential Criteria:
Experience of vulnerability management, including prioritising vulnerabilities, considering network architecture, threats, and potential business impacts.
Experience of working with internal stakeholders and commercial third parties to identify, scope, and specify business and technical vulnerability management requirements.
Experience in the use of Vulnerability Assessment tools such as Tenable and Tanium
Experience of Cloud Native tooling and other common security packages such as MS Defender
Understanding of NIST-CSF, CIS Critical Controls for Cyber Security or equivalent.
Desirable Criteria
Experience of data platforms tools such as Splunk
Experience of network operations, for example network monitoring, maintenance, incident management and change management.
Experience briefing senior management in business language on complex technical issues.
Recognised information security qualifications, such as NIST CSF Practitioner, GSEC, CySA+, CISSP, CISM, MSc in Information Security or relevant experience.
Behaviours
We’ll assess you against these behaviours during the selection process:
- Delivering at Pace
- Communicating and Influencing
- Working Together
Technical skills
We’ll assess you against these technical skills during the selection process:
- Application of the NIST Cyber Security Framework in respect of vulnerability management
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
- Hybrid working this job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need, but personal circumstances and other relevant circumstances. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.