Cyber Vulnerability Lead Analyst

  • Negotiable
  • London, England, United Kingdom
  • Permanent, Full time
  • DWP Digital
  • 20 Feb 19

Do you want to be part of something really big? If you're creative and curious to learn, want to be empowered to make decisions and challenge the norm, and want to bring BIG ideas to a MASSIVE digital challenge then you'll love it here. And we'd love to hear from you.

Do you want to be part of something really big? If you're creative and curious to learn, want to be empowered to make decisions and challenge the norm, and want to bring BIG ideas to a MASSIVE digital challenge then you'll love it here. And we'd love to hear from you.

DWP are looking for a Cyber Vulnerability Lead Analyst to work with us on in a once-in-a-generation digital transformation.

You'll be keen to take on the challenge of working for the UK's largest government department in a role with a remit to protect over £170 billion worth of payments including payments to some of the most vulnerable members of society.

Working for the Department for Work & Pensions (DWP), Technical Vulnerability Assessment Team, part of the Cyber Resilience Centre (CRC), you will be part of a dynamic, innovative and service-oriented team that delivers vulnerability-led cyber security to defend the DWP. You will be working with government and private sector partners to build and mature this capability, detect malicious behaviour, and respond to cyber threats.

You and your role

The Cyber Vulnerability Lead Analyst will Provision and conduct vulnerability assessments of large IT assets across the DWP estate, a core element of the role will be to commission appropriate vulnerability assessments on DWP assets and identify technical vulnerabilities. The Cyber Vulnerability Lead Analyst will use tools to include IT Health Checks and intelligence-led penetration tests.

The Cyber Vulnerability Lead Analyst will also review and validating findings from vulnerability assessments and advise technical and non-technical audiences on the implications of identified vulnerabilities, assisting in the prioritisation of those vulnerabilities, they will also work with stakeholders to scope and provision vulnerability assessments of large IT assets, to identify vulnerabilities that could be exploited in order to compromise the DWP's IT network.

Other duties include:

Configuring and deploying vulnerability scanning and network security assessment tools, notably the continuous vulnerability management tool, Nessus.

Providing customised reports, data and information on technical vulnerabilities to stakeholders in the first and second line.

Assisting stakeholders in understanding the technical vulnerability information provided.

Collaborating with stakeholders to create tactical and strategic plans relating to manage technical vulnerabilities.

Tracking remediation activities affecting on-premise and Cloud-hosted environments.

Acting as a subject matter expert for vulnerability assessments, leading the development, critique and continuous improvement of guidance provided to the security risk management team.

Understanding the DWP, its infrastructure and applications, the vulnerabilities on its systems and how these might be exploited by a hostile third party.

What are we looking for?

Significant experience of vulnerability management, including prioritising vulnerabilities, taking into account network architecture, threats and potential business impacts.

Experience of analysing multiple sources of vulnerability information / findings to understand the vulnerability landscape of the Department, assisting stakeholders in understanding the associated risk, prioritising remediation action and influencing security strategy and roadmaps.

Experience of working with internal stakeholders and commercial third parties to identify, scope, and specify business and technical vulnerability management requirements.

Experience of security monitoring, intrusion detection, prevention and control systems including firewalls, anti-virus, web proxies and security software.

Experience of network operations, for example network monitoring, maintenance, incident management and change management.

Desirable Qualifications:

Recognised information security qualifications, such as GSEC, CISSP, CISM, MSc in Information Security;

Where You'll Work

You'll join us in our easy-to-reach digital hub in Leeds, London or Newcastle upon Tyne

Here we provide the latest tech and tooling and foster a collaborative culture to help our agile, multidisciplinary teams think big and try new things. You will work alongside people who care passionately about public service, making a difference and delivering for our customers.

You will be part of a team who provides support 24 hours a day, 7 days a week, and as a result you may be required to work as part of an on call rota, which will also attract occasional out of hours working (i.e. after 8pm until 8am), and may include travel to different sites.

We're the UK's biggest government department with over 80,000 diverse and brilliant people on our team. We are an equal opportunity employer and we welcome applications regardless of age, gender, race or sexuality.

Our Offer

In return for your skills we offer competitive salary Up to £ 62,146 (London) and up to £57,275 (National), a brilliant civil service pension, and a generous leave package.

We also have a broad benefits package which includes:

  • Flexible working
  • Family friendly policies
  • Volunteering and charitable giving
  • Discounts and savings on shopping, fun days out
  • Interest-free loans to buy a bike or a season ticket
  • Sports and social activities
  • And lots more

Building Our Future

We believe the work we do really matters, so we're serious about investing in your ability.

You'll have access to a huge suite of training and learning opportunities to complement the new skills and experience you'll acquire on the job. You'll share ideas with colleagues from across the tech community, and grow your skills via our coaching and mentoring programmes.

CLICK APPLY for more information and to start your application. If you want to talk about this opportunity before you apply contact me via .uk