Security Testing Information Assurance Architect
PLEASE APPLY FOR THIS JOB BEFORE SUNDAY 4TH MARCH AT 6PM AS JOB CLOSES FIRST THING MONDAY MORNING 5TH MARCH. ANY APPLICATIONS RECEIVED AFTER THE CLOSING TIME WILL NOT BE PROCESSED FOR THIS JOB. FOR AN INFORMAL CONVERSATION, PLEASE CALL CAROLINE ON (Apply online only) -PLEASE DO NOT APPLY FOR THIS JOB UNLESS YOU HAVE ALL THE EXPERIENCE REQUIRED FOR THIS OPPORTUNITY! THANK YOUJOB DESCRIPTION
Essential Experience: Experience in NCSC. CBEST or GBEST.
SECURITY CLEARANCE/ AND OR DV CLEARANCE PLEASE!!Experience in delivering security assurance policy for a complex environment. 2. Experience in leading the Red on Blue Teams 3. Experience in risk and regulatory frameworks (e.g.) NIST 800, ISO 27001, etc. 4. Industry recognised certification on Cyber Security (e.g.) CISM, ISO Lead Auditor, CISSP, etc.KEY TASKS AND DELIVERABLES
Produce draft Approved Cyber Security Strategy Document • Produce draft Red on Blue team policy document • Produce a draft Home Office Cyber Security Assessment Strategy, including guidance on metrics and GRC integration. • Produce draft HO Compromise Assessment (Pen Test / Red Team / GBEST) report and, in conjunction with HO and external providers, mature delivery of first HO compromise assessment. • Produce draft Organisational Incident Response Assessment report and, in conjunction with HO and external providers, mature delivery of first HO Organisational Incident Response Assessment. • Produce draft HO External Vulnerability Assessment report and, in conjunction with HO and NCSC, mature delivery of first HO External Vulnerability Assessment. (Delivery is dependent on external programme being run by NCSC). • Produce draft Phishing Exposure Assessment report and, in conjunction with HO leadership and CSOC, mature delivery of first Phishing Exposure Assessment.EXPERIENCE REQUIRED
In-depth industry knowledge on the Cyber Security testing 2. Ability to establish the Cyber Security policy and lead the Security Assurance capability 3. Experience in creating policy for the Red and Blue teaming 4. Thorough knowledge on the real-world attack patterns and approach for the simulations 5. Ability to create policy to conduct adversarial assessments of the HO network 6. Deep knowledge on security controls on network devices (switches, routers, firewalls) and create policy to test the vulnerabilities. 7. Understanding of products and communication services. (e.g.) DIA, EPN, IPVPN, etc. 8. Understanding of the operation and purpose of security technologies. (e.g.) IDS/IDP, PUAM solutions, vulnerability scanning solutions, web application firewalls etc. 9. Excellent written and oral skills to engage with the Sr. stakeholders in HO, Cabinet Office and NCSC to define and baseline the policy. 10. Application of industry best practices (ISO 27001, ISF, PCI, etc.) 11. Willing and ability to get Security Clearance (SC) 12. Ability to analyse the data and the reports produced by the Threat intelligence and Red teams 13. Manage the Red and Blue teams on their day-to-day activities 14. Provide the interface between Red and Blue Teams and the White team to facilitate and drive results