Junior Penetration Tester

**UK Research and Innovation**

**Salary**: £34,905
**Hours**:Full time
**Contract Type**: Open Ended.
**Location**:Swindon or Nottingham including hybrid working

**Close date: Monday 1st January 2024**

**Purpose of the role**

UKRI Digital, Data and Technology (DDaT) department provides the enterprise technical services that underpin and enable UKRI’s business capabilities. Within the department a small team coordinates the delivery of information and cyber security across a larger federated team of security and IT professionals to deliver impact across UKRI.

The role within the Red Team will be to identify vulnerabilities, as well as safeguarding the organisation against failure and loss due to unreliable systems and processes. The role will also be required to develop, operate, and deliver a continuous campaign-based assessment that emulates the target's real-world adversaries by developing new tools specific to the target and in compliance with policy.

This key role provides a great opportunity to join a team in an organisation at the heart of research and innovation in the UK, providing you with a rewarding, fast-paced role, and a superior foundation for building a professional cyber security career - to learn and grow in the profession.

**Key responsibilities**:

- Support the scoping, conducting and procurement of penetration tests, red team exercises, vulnerability assessments of IT assets, and other tests to assess the robustness of a system, product or technology.
- Maintain thorough and accurate records of penetration tests, vulnerability assessments, and other security activities, including methodologies, findings, and remediation recommendations.
- Engage with internal and external stakeholders to provide appropriate Cyber Security assurance in accordance with policy and regulations.
- Report potential issues and mitigation options to appropriate stakeholders or governance forums.
- Contribute to the review and interpretation of reports and contribute to remediation action plan production.
- Work with specialist forensic personnel or a wider team to support the digital aspects of their investigation.
- Analyse complex information systems to understand the associated Cyber Security risks, audit requirements, and data value.
- Triage and prioritise vulnerabilities, implement mitigating measures, and support in the life cycle of vulnerability management, providing standardised advice on ways to improve control mechanisms and mitigate risk.
- Collaborate with stakeholders to manage vulnerabilities and undertake remediation activities.
- Stay informed about relevant cybersecurity regulations and standards and ensure that UKRI's security practices align with these requirements.
- Demonstrate knowledge of common approaches and tooling to perform vulnerability assessment and to validate system configuration.
- Assist in incident response activities when security incidents are identified, providing expertise and support in understanding the nature of the incident, its impact, and potential remediation steps.
- Support the development of a security culture within an organisation.
- Ensure compliance to local security operations, policy and procedures.

**Key Areas of Accountability**

Teamwork
- Work collaboratively with internal and external stakeholders
- Champion the values of UKRI

Delivery / programmes / projects / process
- Support the provision of key penetration testing services.
- Continued development of security processes and services.

**Essential skills, qualifications and experience**

**Skills**:

- An understanding of computer systems and their operation.
- Excellent spoken and written communication.
- Attention to detail.
- Networking fundamentals.
- The ability to plan and create penetration methods, scripts, and tests.
- The ability to think creatively and strategically to penetrate security systems.
- Good time management and organisational skills.
- Ethical integrity to be trusted with a high level of confidential information.
- The ability to think laterally and 'outside the box'
- Have good analytical and problem-solving skills.
- Teamwork skills.
- Commitment to continuously updating your technical knowledge base.
- Ability to independently prioritise multiple projects.
- Vulnerability identification and exploitation skills.

**Qualifications**:
Essential:
Desirable:

- A relevant degree (or Higher Education qualification) within an IT/Computer Science/Cyber Security field.
- Have one or more professional cyber or penetration testing qualifications.

**Experience**:
Essential:

- Proven experience in penetration testing.
- A technical knowledge and understanding of mixed-technology environments, including diverse operating systems.
- Extensively used open-source penetration testing tools and frameworks.
- Experience of at least one programming/script language and coding language.
- Experience in drafting documents.
- Have performed independent research, testing, or tool de