AMS PSR

On behalf of The Ministry of Justice we are looking for a Cyber Security Engineer (Inside IR35) for a 6 month contract. Hybrid working with 2-3 days per week required in London. 

This role is based within our AppSec team focused on building security automation into delivery pipelines and conducting security focused tests against digital services.

As a Cyber Security Engineer your main responsibilities will be to:

• Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure.
• Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations.
• Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices.
• Provide expert input on cloud security (AWS, Azure, or GCP) and DevSecOps tooling.
• Assist in maintaining security assurance across the SDLC in line with MoJ and NCSC guidelines.

Essential:

• An active SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. (Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.)
• Demonstrable experience with: Penetration testing, ethical hacking, or vulnerability assessments.
• Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc).
• DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.).
• Secure Cloud Infrastructure, specifically AWS and Azure.
• Scripting and automation using Python and Bash.
• Certifications: OSCP or CREST / TIGER Scheme.
• Strong communication skills and the ability to explain security issues to technical and non-technical stakeholders.

Desirable:

• Experience delivering assessments under the CHECK scheme (e.g., as a CHECK Team Member/Leader).
• Knowledge of UK public sector security and data protection standards (e.g., NCSC, Cyber Essentials Plus).
• Threat modelling and secure design practices.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident 

As a member of the Disability Confident Scheme, MOJ guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

Armed Forces Covenant

The Ministry of Justice guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".