Job Title

Join our Digital Services team during an exciting transformation! Help shape the future of our department. We use Agile Methodologies and promote a culture of continuous improvement. We are looking for an enthusiastic?Senior Test Engineer?(Security)?with great technical skills, able to deliver and support security testing workstreams, including vulnerability assessments and penetration testing. You will also offer guidance to other testers on security testing best practices. You will be part of our Security testing specialist team, working collaboratively with your team and overseeing the testing journey. This provides an opportunity to make the test community thrive by exploring new and emerging tools and approaches and working out how you can help the organisation deliver better services. Companies House offers a flexible and welcoming culture that promotes a healthy work life balance as well as a proactive approach to wellbeing that allows us to be our best at work. We recognise that people are the key to our success so offer a fantastic benefits package including flexible working with no core hours, 30 days annual leave, 8 bank holidays and 1 privilege day as well as enrolment into the Civil Service Pension scheme with a contribution rate averaging 28%. P lease note: Companies House cannot offer Visa sponsorship to candidates through this campaign Security Clearance is an essential requirement for this campaign. You'll need to have been in the UK for at least 3 out of the last 5 years to be eligible to apply for SC. The team for this role is based in our Cardiff office, and a hybrid employment contract will be provided as the standard offering. However, remote contracts may be considered as an exception whereby commuting to the office location of your team is not reasonably practicable. The nature of this post may occasionally require you to do overtime during the week and at weekends. Job description As a Senior Test Engineer, focusing on security, you will: Work with various SCRUM teams, contributing to the coordination and execution of security testing across the software development lifecycle. This will involve conducting penetration testing, running vulnerability scans using tools such as Burp, coordinating with relevant teams and testing security related issues. Support the wider test team by sharing knowledge and guidance on security testing approaches and tooling. Attend meetings and provide stakeholders with updates. Design and implement pipeline solutions to support automated security testing and reporting.? The nature of this post may occasionally require you to do overtime during the week and at weekends. This is a rewarding role within the Test Team and provides an opportunity to contribute to the success of existing and future services provided by Companies House.? Person specification We are looking for the following, which will be assessed at sift, technical stage and interview. The successful candidate will have: Commercial experience of penetration testing including Web Applications and API. Working knowledge of at least 5 of the following security tools and technologies: Burp Suite (including Burp Scanner) for web app vulnerability scanning and manual security testing. OWASP ZAP for DAST and automated security regression testing. Postman or SOAP UI for API testing with a security focus (e.g. injection, authorisation, token misuse). Unix/Linux-based systems for using command-line tools, analysing logs, and running manual tests. Static Application Security Testing (SAST) tools e.g. SonarQube, Checkmarx, Semgrep. Threat modelling approaches e.g. STRIDE, or creating risk-based test charters. OWASP Top 10 able to test for each risk category. Qualifications Recognised certification in ethical hacking or penetration testing (e.g., 7Safe CSTA or GIAC Penetration Testing); OR can demonstrate proven practical experience in the field (at least 2 years of commercial experience). Behaviours We'll assess you against these behaviours during the selection process: Making Effective Decisions Managing a Quality Service Working Together Seeing the Big Picture Technical skills We'll assess you against these technical skills during the selection process: Penetration testing / ethical hacking (Technical Assessment) Benefits Alongside your salary of 41,509, Companies House contributes 12,025 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. We believe that our success is driven by the well-being and satisfaction of our team members at all levels of the organisation. At Companies House were committed to providing a comprehensive benefits package that goes beyond the ordinary, ensuring your career journey with us is not only fulfilling, but also rewarding. We pride ourselves on offering a quality work-life balance with our employee wellbeing being central to our working practices. Head to Our benefits - Working for us - Recruitment (companieshouse.gov.uk) to find out more about the fantastic benefits package we have at Companies House. We celebrate diversity... As an equal opportunity employer, we celebrate diversity, being committed to ensuring were representative of the citizens we serve and creating an inclusive environment. Everyone in Companies House brings something different, and so will you. To fulfil our commitment to recruiting and attracting diverse talent we welcome applications from underrepresented groups. We also welcome applications from Welsh speakers. We are proud to be a disability confident leader. Our recruitment process is fully inclusive and we can make adjustments as needed through our process. These could include having an interview buddy, extra time at interviews/assessments and receiving interview questions in advance, to name a few. Read our'Applying under the Disability Confidence Scheme (DCS)' guide to find out how to successfully complete an application under the Disability Confidence Scheme (DCS). Where will you be working? We are currently using a hybrid approach to the way we work which provides opportunities for you to be adaptable in the way you work so that you can achieve a healthy balance between your work and home life. The degree of choice you have will depend on your role and your day-to-day work activities. Your manager will agree regular patterns of attendance with you; however, you may be required to make yourself available to attend the office more frequently when required to meet business needs. The team for this role is based in our Cardiff office, and a hybrid employment contract will be provided as the standard offering. However, remote contracts may be considered as an exception whereby commuting to the office location of your team is not reasonably practicable. Things you need to know Artificial intelligence Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. TPBN1_UKTJ