Cyber Threat and Vulnerability Manager

Details
Reference number

435838

Salary

£62,534 - £82,200

(including allowances) London £66,257 to £82,200, National £62,534 to £78,580. Salary is dependent on location and technical skills as assessed at interview.

GBP

Job grade

Grade 7

Contract type

Permanent

Business area

DBT - CS - Digital, Data and Technology

Type of role

Administration / Corporate Support

Digital

Information Technology

Operational Delivery

Other

Working pattern

Flexible working, Full-time, Part-time

Number of jobs available

1

Contents

• Location
• About the job
• Benefits
• Things you need to know
• Apply and further information

Location

Belfast, Birmingham, Cardiff, Darlington, Edinburgh, London, Salford

About the job
Job summary

If you would like to find out more about the role, the Threat & Vulnerability Management team and what it's like to work at DBT, we are holding a Hiring Manager Q&A session for this role where you can virtually 'meet the team' on Tuesday 11th November at 13.00pm. Please click here to book your spot.

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.

About the role

You will be helping to protect DBT and the wider UK government from cyber threats in a fast paced and exciting role. Reporting to the Head of Cyber Security Operations, you will manage and be responsible for the Threat and Vulnerability Management function within the SOC, by providing leadership on identification and improvement opportunities, and ensuring service owners are aware of weaknesses in their security posture and are empowered with the right information to take appropriate actions.

A healthy curiosity will be essential, to actively go out and discover items of potential interest to the team, ensuring that there is collaboration between the architects, SOC engineers and analysts, and risk managers to deliver a documented risk-based response to the present and future of anything that may be found.

Job description

Your day-to-day role will involve the need to:

• Working with the Security Leadership team to develop a strategic road map for an effective vulnerability detection, assessment, remediation, and threat intelligence program.
• Line management of the threat and vulnerability management team.
• Building sustainable relationships to champion the adoption of vulnerability and threat management, compliance, and penetration testing program across the Department.
• Manage the relationship with pen testing 3rd parties and the scheduling of tests.
• Develop, implement, and maintain the organisation's vulnerability management strategy, policies, standards, and procedures.
• Be accountable for thorough assessments of the department's systems, networks, and applications.
• Recommend remediation strategies and provide advice on complex configuration changes in support of vulnerability remediation.
• Drive prioritisation of those vulnerabilities through a risk-based approach, to meet common organisational objectives such as regulatory compliance and audit functions.
• Development and maintenance of actionable key performance and risk indicators (KPI's & KRI's) that provide a view over the effectiveness of the department's Vulnerability Management & Threat Intelligence program.
• Continuously improve DBT's TVM program maturity and security posture through driving successful remediation efforts with internal and external teams responsible for infrastructure and applications.

Person specification

You should be able to demonstrate essential skills and experience of:

• Holding a professional information security qualification e.g. CISSP, CISM, MSc. Cyber Security etc
• Managing a Threat and Vulnerability Management function, with ability to influence, collaborate and build relationships with across stakeholders with differing levels of technical security competence
• Solid understanding of Vulnerability management, encompassing a comprehensive understanding of vulnerability scanning and threat intelligence tools, risk assessment methodologies, and remediation planning in a multi cloud environment
• Experience of managing the scoping, execution, and assessment of outcomes from supplier led pen testing
• Excellent written and verbal communication skills including the ability to relate technical information to a non-technical audience
• Working independently and as part of a larger team to deliver a risk-based response, demonstrating adaptability with a forward-thinking and collaborative approach

It is desirable that you have:

• Hands on experience in penetration testing
• Knowledge of threat modelling
• Experience mentoring and managing a high-performing vulnerability management team

Benefits

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%

Things you need to know
Selection process details

How to apply

As part of the application process you will be asked to upload a 2-page CV which outlines your experience, skills and fit for the role, and to complete a short, pre-recorded video screening interview (alternately you can provide written answers to questions). Inspire People will assess your application against the essential criteria listed above to compile a longlist of applications, which will then be sifted by DBT hiring managers. If you are successful, you will be invited to interview. It is likely that the sift will take place 1-2 weeks after the closing date and interviews 3-5 weeks after the closing date, though this is subject to change.

Artificial intelligence (AI) can be a useful tool to support your application, but all examples and statements provided must be truthful, factually accurate, and taken directly from your own experience. Where plagiarism is identified (such as presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

How we interview

At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.

Technical Skills

• Penetration testing

• Information risk assessment and management.

• Threat intelligence and assessment

• Cyber Security Operations

Behaviours

• Making Effective Decisions
• Changing and Improving
• Communicating and Influencing

You will also be asked to deliver a presentation and will be informed on the topic following the sift.

How we offer

Offers may be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.

This role requires SC clearance. DBT's requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location details

More about us

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.

You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.

Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter .

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles .

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .

Apply and further information

This vacancy is part of the Great Place to Work for Veterans initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants
Job contact :

• Name : DDaT Recruitment
• Email :

Recruitment team

• Email :

Further information

Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners' Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DBT by email at If you are not satisfied with the response you receive, you can contact the Civil Service Commission, which regulates all Civil Service recruitment. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Civil Service Commission Complaints

---