About the job

Job summary

UKRI is looking for a junior penetration tester to join the Red Team within the organisations Information Security Function; responsible for promoting, encouraging and supporting the safe and secure use of Information and ICT by UKRI staff, scientific facility users and collaborators. This role is responsible for improving the UKRI environments security by assessing real-life risks to diverse technical environments by identifying security weaknesses, actively exploiting their findings, determining additional impact through post exploitation and proactively advising teams on the most effective ways to address the core security problems. 

This role includes scoping and delivery of penetration testing, black box network testing, insider threat assessments, credentialed application exploitation, and testing the effectiveness of human and physical controls on the diverse UKRI estate on a continuous basis.

Job description

• Support the scoping, conducting and procurement of penetration tests, red team exercises, vulnerability assessments of IT assets, and other tests to assess the robustness of a system, product or technology.
• Maintain thorough and accurate records of penetration tests, vulnerability assessments, and other security activities, including methodologies, findings, and remediation recommendations.
• Engage with internal and external stakeholders to provide appropriate Cyber Security assurance in accordance with policy and regulations.
• Report potential issues and mitigation options to appropriate stakeholders or governance forums.
• Contribute to the review and interpretation of reports and contribute to remediation action plan production.
• Provide advice to address identified Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate.
• Work with specialist forensic personnel or a wider team to support the digital aspects of their investigation.

Person specification

• At least 3 GCSE’s qualifications (including Maths and English) or relevant subject matter and industry experience.
• Proven experience in penetration testing. 
• A technical knowledge and understanding of mixed-technology environments, including diverse operating systems. 
• Extensively used open-source penetration testing tools and frameworks.
• Experience of at least one programming/script language and coding language.

To view the full job description please click apply and visit our careers page

Benefits

Alongside your salary of £34,905, UK Research and Innovation contributes £9,424 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

Applicants are required to provide an up-to-date CV and a cover letter outlining their suitability for the role. Click on 'Apply at advertiser's site'

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.