Job details

We are currently creating a pipeline for Security Information Risk Advisor roles that we will be recruiting for across several Government Organisations and Contracting Authorities in the coming weeks / months.

Imagine having a talent that could benefit someone you’ve never met and solve problems you didn’t even know existed. Well, you do, and you can. And we’re here to help you do just that. At PSR we are the go-to place for talented contractors and temps for a rich variety of civil service roles.

As Security Information Risk Advisor, you will: 

• Document the procedures used to test and assess equipment and software so tests can be repeated and carried out on similar equipment or applications in future by MOD staff who have completed to level three of the DAIS Lab Training and experience Plan
• Provide on-going support to DAIS SACs and attend SWGs where possible to help ensure informed decisions are being made with regards to each element (feature) being incorporated during the projects lifecycle
• Continue support to DAIS accreditors as an SME for mobility projects ensuring that educated risk acceptance is being made in line with the SIROs risk appetite
• Work alongside both DAIS SACs and accreditors to ensure that ITHCs and penetration tests are performed in line with industry best practice. As part of this process any gaps in security assessments will be performed at RAF Wyton where possible to ensure that a true and factual security assessment is made. This also involves helping to scope upcoming ITHCs and penetration tests
• As well as reviewing, current and upcoming ITHCs and penetration tests guidance documents will be generated under this contract with a list of ‘must haves’ to ensure that a true risk posture can be ascertained from the security assessments performed. The document set produced from this will include sample work flows to generate robust, appropriate and repeatable ITHC Scoping documents, sample penetration test workflows and reports that can be used as a baseline to compare current and future tests against
• Specifically, for mobility projects, document each element that should be tested during a penetration test, why it should be done, what the expected results should be, how the results may affect the devices risk posture, and how it could potentially be done for the most common devices
• Develop monitoring guidance specifically for mobility projects that can then be applied to current and future capabilities. This will drive a capability that allows the GOSCC to ingress feeds giving a proactive capability to monitor both on device and network activities
• Incorporate NCSC mobile device lockdown policies into MoD policy for mobility projects; if such policies don’t exist look at developing a policy set across defence that can act as a crib sheet for project teams to work of for future mobility projects. This policy set should allow MoD to take its own stance alongside the guidance of NCSCs device lockdown policies on what is deemed as acceptable and unacceptable risk if a specific policy is not followed
• Develop and maintain an enduring technical assurance testing capability at RAF Wyton. This capability should also ensure that kit (both hardware and software) requirements are met to allow testers/analysts with the technical capability to perform a full baseline of devices including forensic analysis; and to perform the same tests against a device in its deployable state
• Develop and maintain an enduring technical assurance testing capability for applications at RAF Wyton. The process of testing mobile applications should involve an offensive stance where active steps should be taken to replicate how an adversary may target applications with a weak security posture on a device

You’ll have:

• Valid and active DV Clearance
• The ability to conduct Penetration Tests, Vulnerability Assessments and Compliance checks equivalent to a Lead CREST certified tester
• The ability to check whether security hardening has been correctly applied to equipment including mobile phones, tablets, laptops and servers and similar
• The ability to replace firmware in insecure USB devices
• The ability to compare installed operating systems with gold disc operating systems and report on the difference for equipment including mobile phones, tablets, laptops and servers and similar
• The ability to assess technologies and products for security and cyber vulnerabilities
• Qualifications that when combined with experience are appropriate to a top-level expert in the field of cyber security.

If this sounds like you and you would be interested in being added to our pipeline, please click the link to apply and speak to one of our PSR team now.

"In applying for this role you acknowledge the following; this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment, and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different."