Search
Header navigation
Cyber Security Operations - Vulnerability Management

Cyber Security Operations - Vulnerability Management

remoteHybrid
ExpiresExpires: Expiring in less than 4 weeks
IT
Full time
£30,740 per year

Job summary

Please note the unit will be moving from Henlow to a purpose-built facility at Bassingbourn in 2027.

Cyber & Specialist Operations Command (CSOC) generates and operates specialist capabilities, ready to fight across all domains to make the UK secure at home and strong abroad.

Always on, we are across every UK operation, delivering the capabilities you don’t usually see - or those you can’t.

From cyber warriors and medics to intelligence analysts, special forces, educators, and Defence attachés, our collective expertise delivers the warfighting edge Defence needs to deter threats and secure the nation today and prepare for tomorrow.

CSOC unites Defence’s cyber and specialist capabilities under a single, military command alongside the Royal Navy, British Army, and the Royal Air Force - acting as the UK’s fourth Military Command.

This position is advertised at 37 hours per week.

Due to the nature of the role, part time and job share arrangements may be considered, subject to the requirement that full-time hours are fully covered (or business needs are met).

Our people are at the heart of everything we do. It’s vital that our workforce reflects the diversity of both our audience and the wider society in the UK, so we’re proud to be an equal opportunities employer and we actively seek candidates from diverse backgrounds and communities. We also recognise the importance of a good work life balance, so we do everything we can to accommodate flexible working, including part-time and job shares for all our roles. Please just let us know in your application or at any stage throughout the process if this is something you want to explore.

Job description

Within the Joint Defence Cyber Unit (JDCU), the Advanced Systems Analysis Team (ASAT) is responsible for conducting network vulnerability testing and compliance audits on targeted networks/systems. Our primary goal is to identify security vulnerabilities, present findings to technical teams and senior management, and identify potential threats.

As a Cyber Vulnerability Tester, you’ll support testing activities within the ASAT team, working closely with experienced testers to conduct vulnerability assessments, compliance testing and other technical activities. This role may involve occasional travel to Defence sites across the UK and overseas as part of a mobile testing team.

Responsibilities

  • Assist in conducting Cyber Technical Vulnerability Assessments (VA), including running vulnerability scanning tools in accordance with ASAT procedures.
  • Support compliance testing in accordance with standard operating procedures (SOP) compliance checks of processes, procedures and people, as per system-level policy.
  • Analyse complex technical data and statistics for inclusion in technical and management reports, used by the customer for remediation of identified vulnerabilities.
  • Assist in firewall testing in accordance with ASAT SOPs, analysing configurations for software vulnerabilities and weaknesses.
  • Participate in wireless discovery activities, including wardriving and geo-location of hotspots.
  • Collaborate with team members to identify and report security vulnerabilities.

Person specification

Please ensure that your CV and application meet the essential criteria below:

To excel in this role, you should have a strong interest in cyber security and a willingness to learn. You’ll work under the guidance of experienced testers, to develop your skills in vulnerability management and testing.

You’ll need:

  • A basic understanding of network topology, cyber security principles and vulnerability testing tools.
  • Familiarity with industry standards such as the National Institute of Standards and Technology (NIST) Framework or similar.
  • The ability to work effectively as part of a team and build strong working relationships.
  • Good communication skills, with the ability to explain technical findings to both technical and non-technical audiences.
  • A solid technical foundation in IT, with knowledge of operating systems, networking, and basic security concepts.
  • Commitment to ongoing learning and professional development in the field of cyber security.

This is a Reserved post and open to Sole UK Nationals only.

Licences

Full UK Driving Licence- A full UK Driving Licence is essential, due to regular travel to Defence sites, many of which are remote and not accessible via public transport

Behaviours

We'll assess you against these behaviours during the selection process:

  • Developing Self and Others
  • Making Effective Decisions
  • Delivering at Pace
  • Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

  • Penetration testing
  • Threat understanding

Benefits

Alongside your salary of £30,740, Ministry of Defence contributes £8,905 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).

Our benefits include:

  • Learning and development tailored to your role with a dedicated minimum of 5 days per year.
  • 25 days paid annual leave rising (by 1 day per year) to 30 days upon completion of five years’ service.
  • Ability to roll up to 10 days annual leave per year.
  • In addition to eight public holidays per year, you will also receive leave for HM The King’s birthday.
  • A Civil Service pension.
  • Parental and Adoption Leave.
  • Discounts on a range of services within and external to the civil service – Defence Discount Service, Civil Service societies for Sports and Leisure, Healthcare, Insurance, Motoring, Company discounts with Virgin, Vodafone, and Microsoft Office.
  • In year rewards and ‘thank you’ schemes such as vouchers and gift cards.
  • A culture encouraging inclusion and diversity.

Find out more here - Discovermybenefits

Additional details:

This post attracts a Market Skills Allowance of up to £9k per annum, paid in increments upon reaching agreed criteria, linked to performance, training, professional development and an assessment of contribution to team objectives. Continued eligibility for this payment will be subject to a bi-annual review.

Please be advised that the Department is conducting a review of all pay related allowances, which could impact those that this post currently attracts.

We are committed to encouraging and enabling our staff to develop in and above their role and we will support you in undertaking further learning and development opportunities, within your designated field and beyond.

If not held already, opportunity may be provided to gain the following qualifications when in post:

  • Certificate in Information Security Management Principles (CISMP)
  • Certificate in Information Security Management (CISM)

This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blending a balance of attendance in the workplace (your permanent duty station which is based on business assessment of where the work is best done) and working from home as a personal choice (if the role is suitable for this). If you are successful, any opportunities for hybrid working will be discussed with you prior to you taking up your post.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

To apply please complete the CV template provided on the CS Jobs dashboard, ensuring it highlights your relevance to the essential criteria listed in the person specification and include job history; qualification details and previous skills and experience.

Applications will be sifted on all Success Profile elements, but in the event of a high number of applications, a sift will be conducted on your CV & Personal Statement & Technical skills only.

  • Penetration testing
  • Threat understanding

It is essential that all applicants provide a personal statement (max. 1250 words), assessed against your responses to the questions listed below.

Each one will be scored and make up part of your overall score to assess your suitability to be invited to interview:

  1. Describe your working experience of cyber vulnerability assessments and compliance testing, within an organisation or on a project.
  2. Describe your experience of system administration, network support or network analysis.
  3. Provide an example of when you have been part of a team to deliver a successful business outcome.

At sift and interview, you will be assessed against the following:

Behaviours

  • Developing Self and Others
  • Making Effective Decisions
  • Delivering at Pace
  • Working Together

Technical skills

  • Penetration testing
  • Threat understanding

The Government Security Profession Career Framework and the Vulnerability Management Lead role, used in this vacancy, can be found at: Government Security Profession career framework (publishing.service.gov.uk)

Feedback will only be provided if you attend an interview or assessment.

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

There may be occasions where it is not practicable or appropriate to interview all DCS candidates that meet the minimum criteria for the job. For example, in certain recruitment situations such as a high volume of applications, seasonal demand, or peak periods, the employer may wish to limit the overall number of interviews offered to both DCS and non-DCS applicants.

As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points-based system, where a role has been deemed to be business critical. This role does not meet that category, and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points-based system.
Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Ministry of Defence adopts a zero-tolerance approach to unacceptable behaviours, which includes bullying, harassment, sexual harassment, discrimination, and victimisation. You will not be eligible and will not be considered for this post if you have been dismissed from a role for such unacceptable behaviours within the last five years. This will also apply if you resign or otherwise leave a role but, because of an adverse decision, would have been dismissed for gross misconduct had you continued in that employment. Pre-employment checks will be carried out.

Cyber & Specialist Operations Command (CSOC) generates and operates specialist capabilities, ready to fight across all domains to make the UK secure at home and strong abroad.

Always on, we are across every UK operation, delivering the capabilities you don’t usually see - or those you can’t.

From cyber warriors and medics to intelligence analysts, special forces, educators, and Defence attachés, our collective expertise delivers the warfighting edge Defence needs to deter threats and secure the nation today and prepare for tomorrow.

CSOC unites Defence’s cyber and specialist capabilities under a single, military command alongside the Royal Navy, British Army, and the Royal Air Force - acting as the UK’s fourth Military Command. For more information, please see here.

Cyber and Specialist Operations Command (CSOC) is going through a significant transformation programme which aims to design the way in which the new Military Command conducts its business and delivers for Defence and the nation. As a consequence of this, posts within CSOC are/or may become subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: info@csc.gov.uk.

Attachments

CSOC Candidate Pack Opens in new window (pdf, 1777kB)Candidate Information Opens in new window (docx, 32kB)Defence Internal Brief notice Opens in new window (docx, 43kB)Defence Civil Service Offer Opens in new window (pdf, 1562kB)

Salary range

  • £30,740 per year