Organisation recruits for post designed to ensure security of government services

The Government Digital Service is offering a salary of up to £70,000 a year in a bid to recruit an ethical hacker to test and assess the security of online platforms.

The primary responsibilities of the role include performing penetration testing on the government’s IT systems and digital services “to find security issues and then help resolve them”. This will extend to the implementation of “automated and continuous penetration testing pipelines”.

The hacker will also spearhead “red-team activities”. 

So-called red teams or red-team exercises are employed to test an organisation’s security set-up by attempting to breach its defences by any available means – thus effectively mimicking a genuine and hostile attacker.

Related content

• 5 minutes with an ethical hacker
• Government Digital Service calls in “hackers” to test its platform
• Red vs. Blue: Inside the world of the elite hacker and those trying to stop him

Other duties will include conducting “research on specific technologies or systems that we use to find previously unseen bugs”, according to GDS, and working on security issues with information-assurance teams.

Candidates must possess experience of undertaking penetration testing on services and infrastructure, as well as “a good understanding of cloud architectures [and] knowledge of sophisticated attack vectors and mitigations”. 

GDS said that its use of technologies such as containerisation, Kubernetes, and cloud hosting from Amazon Web Services means that it “requires a modern approach to security”.

“We use automation, intelligence and machine learning to create self-service tools that enable other teams to be more secure and resilient,” it added. “As an ethical hacker, you will be responsible for evaluating the security of our processes, services and infrastructure by continuously assessing and exploiting vulnerabilities to find out where hacking threats may lie and then providing help to teams to fix the vulnerabilities. You will also take a leading role in security incident response across our services and the wider federation.”

Applications for the post are open until 23 August. The job will be based at GDS headquarters in east London.