Security Tester - TXP : Job Details

Security Tester

2 days a week on site in Telford

3 months contract

Inside IR35

Please note that the applicant must be eligible for SC Clearance

Tenable (advanced skills)

Expand use of Tenable and deliver an external testing capability that can be utilised to carry out vulnerability assessments and continual security compliance of boundary and external-facing assets.This includes delivery of vulnerability assessment scanning tooling (Tenable One) to provide PCI-DSS scanning capability to areas of the business when required.

Deliver a centralised service dashboard and workflow management tool, linking to a central asset database which provides a single pane of glass across different continual security compliance tooling. This will allow tracking of penetration test reports and provide clear workflow/ticketing integration with automation of reporting and reassessment, reducing manual effort and delivering a continual security view across the estate. The CMDB and asset inventory list will be used to ensure tracking and coverage of assets across the estate and integration with CSC tooling.

Additional capability includes:

• Providing workflow and ticketing systems to prioritise and manage requests

• Workflow capability to track requests for testing and patch assurance

• A single CMDB/asset database with the ability to provide enriched data against assets

• Integration with threat intelligence data to prioritise outputs

• Consolidated single-pane-of-glass dashboard and reporting across technologies

• Expansion of Tenable capability, moving to Tenable One to exploit the full product suite

• Widening coverage to provide continual security compliance across environments beyond the server estate, including applications, posture management, cloud frictionless, databases, code scanning, containerisation, and wider infrastructure components

• Full scanning and coverage against network assets across different environments (Crown/LDC/AWS/Azure/Office)

• Complete delivery of server-based assets across the estate to ensure scanning and coverage against all environments (Crown/LDC/AWS/Azure)

• Onboarding of CNI assets across the estate to ensure scanning, coverage, and reporting

Further responsibilities include:

• Reviewing current capabilities and expanding CSC and security testing services in digital and modern platforms

• Delivery of tooling, process, reporting, and onboarding of digital assets, with Tenable/Tenable One as core vulnerability scanning tools

• Discovery work to establish options and constraints for implementing a holistic discovery scanning capability

• Engagement with the CMDB ServiceNow owner to assess current discovery scope and future plans

• Implementation of discovery scanning and creation of associated processes and reports

• Utilising Tenable to perform regular automated scans of build images across assets, aligning with CIS and build benchmark standards as part of onboarding and build pipeline processes

• Delivery and updating of reports for customer groups to track compliance with these standards