30652 - Cyber Security Consultant

Salary

£35,638 - £54,575

Number of jobs available

Detail of reserve list

12 Months

Region

London, North West, West Midlands

City/Town

Birmingham , London, Manchester , Sheffield

Building/Site

102 PETTY FRANCE (MOJ) LONDON, SW1H 9AJ, AXIS BIRMINGHAM, B1 1TG, MANCHESTER CIVIL JUSTICE CENTRE MANCHESTER, M3 3FX, NOMS DIGITAL STUDIO SHEFFIELD, Greenfield House, 32 Scotland Street, Sheffield, S3 7DQ, S3 7DQ

Grade

SEO

Organisation Grade for MoJ

Post Type

Permanent

Working Pattern

Full Time

Role Type

Digital

Job description

Introduction

These are exciting times atMOJ Digital and Technology. We have a clear vision - to develop a digitally-enabled justice system that works more simply for users - and we’re looking for talented people to help us achieve it. We’re making things better by building adaptable, effective services and making systems that are simple to use for staff and citizens. It can be challenging but it’s also important and rewarding.

As well as doing great work, we’re creating a place that’s great to do work in. We offer tip-top kit, brilliant training opportunities and support from expert colleagues. On top of that, you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

The Role:

As a Cyber Security Consultant, you help others in D&T and the wider MOJ build secure solutions. You advise technical teams on cyber security thinking. You’ll help them deal with risks effectively. You do this by working with them as they design and implement effective controls and mitigations. This means you get involved and embedded in projects and products early, assist with threat modelling activities, and provide advice about appropriate and pragmatic security. The goal is to enable business outcomes. Your approach ensures that common problems are addressed in reusable ways. We are the next generation of Security consultants who are key business partners as opposed to gatekeepers/blockers to the business.

You’ll work alongside Cyber Risk Advisors, helping the business understand what risks to manage, how to prioritise investment thinking, and to recognise the importance of different data sets in various business contexts. You’ll support the MOJ Security Engineering and Operations teams, helping keep systems secure while in development and then when they go live. You’ll deal with incidents, and apply insights from security issues observed in products, systems, services from across government and industry. You’ll be a recognised specialist in securing digital services but you’ll also have wider knowledge and experience of enterprise technology and line of business applications. This gives you a good understanding of the subtleties of designing, implementing and operating organisational systems securely.

Main Responsibilities

Work within or alongside D&T’s most complex and riskiest product and project teams, providing detailed cyber security advice and guidance to the teams. Use knowledge from Cyber Risk Advisors, to identify relevant threats to systems. Propose and develop security mitigations to address identified threats.
Work with delivery teams to ensure mitigations are implemented at an appropriate point in the delivery lifecycle. Advise on risks that emerge as a result of incomplete or ineffective delivery. Assess the alignment of cyber security for products and projects with business and statutory legislation, and with government requirements. Assist teams in the preparation of security governance materials, such as Data Protection Impact Assessments, and support governance processes such as Service Assessments from a security perspective.
Support incident investigation, remediation and root cause evaluation for systems which you are knowledgeable about. Ensure that new and updated platforms, products and transactions are built and operated securely. Ensure that project teams you are supporting are well aware of their responsibilities for Cyber Security perspectives and practices, through vehicles such as coaching, briefings at team meetings, and training events. Assist with building a culture of continuous delivery and improvement, ensuring that key systems are regularly risk assessed, maintained and improved.

Skills and Experience

Designing secure systems, including design and review of system architectures through the application of patterns and thinking to reduce cyber security problems.
Threat modelling and assessment, including performing structured evaluation of proposed or implemented complex systems to identify likely cyber security problems.
Be able to provide examples of proposing realistic and pragmatic mitigations that address these problems, and working with a product / project team to implement the mitigations effectively into their work.
Enabling and informing risk based evaluation, providing evidence of working with risk advisors to advise and give feedback, in particular advising on risk impact.
Participating in research and innovation, evidenced by advising on developments regarding security properties in technology. Also showing ability to identify new technologies and design the use of these in the business context.
Areas of specific technology and security understanding, in particular a knowledge of system architectures. Evidenced by an ability to understand and articulate the impact of vulnerabilities on existing and future designs and complex systems, and articulating an appropriate response.
Great communication skills and stakeholder management whilst being confident in presenting to senior management and business owners.

Would be likely to have a broad knowledge of a range of systems while specialising in one.

In particular, a strong candidate will have:

Experience of Cloud services and technologies, assuring and working with product teams as they deploy and transition digital solutions into public cloud environments. This would include designing systems to reflect and comply with NCSC Cloud Security guidance, and ISO27001.
Carried out reviews of system and application architectures, for example using workshops and discussions with development teams, resulting in measurable delivery a reduction in cyber security problems.
The ability to carry out risk assessments and risk management following a PACE (Pragmatic/Proportionate, Appropriate and Cost-Effective) perspective, in line with HMG policy and guidance.
A thorough understanding of HMG policies and guidance, especially regarding requirements and controls around the Government Security Policy Classification, mainly at OFFICIAL.
Worked with agile teams, delivering working software incrementally.
Secured web applications and cloud infrastructure environments (AWS/Azure) against vulnerabilities, and applied common and innovative remediation techniques.
Secured AWS components, in particular IAM, S3 and EC2. Knowledge of security monitoring, prevention and control systems including but not limited to firewalls, IDS/IPS, web proxies, antivirus and log correlation solutions.

Desirable

Working with agile methodologies
Assuring services in Public Cloud
Supplier chain assurance
Security certifications (or working towards)

Throughout the process we will assess your technical specialist skills and experience on the above requirements.

Interview dates

To be confirmed

Closing Date:

24/11/2019, 23:55 hours.

Contact information

If you require any assistance please call 0845 241 5359 (Monday to Friday 8am - 6pm) or e mail Moj-recruitment-vetting-enquiries@sscl.gse.gov.uk Please quote the job reference - 30652.

To apply for roles in MOJ you will need to confirm your employment history for at least 3 years prior to the date of application so that pre-employment checks (BPSS) can be undertaken. If you have spent significant time abroad (a total of 6 months in the past 3 years) you would be required to give a reasonable account of the reasons why.

For some roles you will be required to successfully complete National Security Vetting at Counter Terrorism (CTC), Security Clearance (SC) or Developed Vetting (DV) level as a condition of appointment. To meet CTC/SC/DV requirements you will normally need to have been resident in the UK for at least 3/5/10 years prior to the date of application (The level of checks that are required are stated in the advert).

If you do not meet the above requirements, you may still be considered if, for example:

You've been serving overseas with HM Forces or in some other official capacity as a representative of HM Government
You were studying abroad
You were living overseas with parents

In such cases you will need to be able to provide referee cover for the period(s) of residence overseas. The duration of overseas residence and the country of abode will also be taken into account.

if you feel that your application has not been treated in line with the Civil Service Recruitment Principles, please contact SSCL (Moj-recruitment-vetting-enquiries@gov.sscl.com) in the first instance

Supporting document 1

Cyber Consultant Band Bc .pdf – 435KB

We have provided detail of the assessment stages and areas being assessed to help you prepare for completing your application form, and to advise of what will be assessed following this, if you successfully pass the application stage.

Application form stage assessments

Interview stage assessments

There is 1 interview stage for this vacancy.

A Great Place to Work for Veterans

The "Making the Civil Service a Great Place to work for veterans" initiative includes a guaranteed interview scheme to those who meet the minimum criteria to provide eligible former members of the Armed Forces with opportunities to secure rewarding jobs. Allowing veterans to continue to serve their country, and to bring highly skilled individuals with a broad range of experience into the Civil Service in an environment, which recognises and values your previous service in the Armed Forces.
For further details about the initiative and eligibility requirements visit : https://www.gov.uk/government/news/making-the-civil-service-a-great-place-to-work-for-veterans

Redeployment Interview Scheme

Civil Service departments are expected to explore redeployment opportunities before making an individual redundant. The MoJ are committed, as part of the Redeployment Interview Scheme, to providing opportunities to those who are 'at risk of redundancy'.

MoJ are able to offer an interview to eligible candidates who meet the minimum selection criteria, except in a limited number of campaigns. Candidate's will not be eligible for the Redeployment Interview Scheme if they are applying on promotion.

For further information and to apply for this position please see the following link: https://app.jobvite.com/j?cj=oIuwbfwD&s=Civil_Service_jobs.

This job is broadly open to the following groups:

· UK nationals

· nationals of the Republic of Ireland

· nationals of Commonwealth countries who have the right to work in the UK

· nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) https://www.gov.uk/settled-status-eu-citizens-families

· nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)

· individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020

· Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window) https://www.gov.uk/government/publications/nationality-rules

This Vacancy is closed to applications.