At a Glance
- Tasks: Lead security testing and mentor a team of testers in an Agile environment.
- Company: Join Companies House, a key player in the UK's digital transformation.
- Benefits: Enjoy flexible working, 30 days leave, and a generous pension scheme.
- Why this job: Shape the future of testing while contributing to impactful services.
- Qualifications: Experience in security testing and mentoring, with relevant certifications preferred.
- Other info: Remote work available; part-time options require a minimum of 30 hours per week.
The predicted salary is between 43200 - 72000 £ per year.
Location: Remote working (anywhere in the UK)
About the job
This is an exciting opportunity in the Digital Services team! You’ll be joining our team at a time of transformation, and you will be part of shaping the future of our department. We use Agile Methodologies and promote a culture of continuous improvement.
We are looking for an enthusiastic Lead Test Engineer (Security) with great technical skills able to coach and mentor other testers and lead the non-functional testing workstream focused on Security testing. You will be part of our lead tester group, working collaboratively with your team and overseeing the testing journey with management responsibilities. This provides an opportunity to make the test community thrive by exploring new and emerging tools and approaches and working out how you can help the organisation deliver better services. This is a rewarding role within the Test Team and provides an opportunity to contribute to the success of existing and future services provided by Companies House.
Companies House offers a flexible and welcoming culture that promotes a healthy work-life balance as well as a proactive approach to wellbeing that allows us to be our best at work. We recognise that people are the key to our success so offer a fantastic benefits package including flexible working with no core hours, 30 days annual leave, 8 bank holidays and 1 privilege day as well as enrolment into the Civil Service Pension scheme with a contribution rate averaging 28%. We’re able to consider both full-time and part-time working patterns for this opportunity. For part-time, this must be a minimum of 30 hours per week, over 4 or 5 days.
Please note: Companies House cannot offer Visa sponsorship to candidates through this campaign. Additionally, a Security Check (SC) is an essential requirement for this role (at least 3 out of the last 5 years in the UK).
Job description
As a Lead Test Engineer focusing on security, you will:
- Take ownership of security testing within the software development lifecycle. This will involve running vulnerability scans using tools such as Burp, coordinating with relevant teams, and testing security-related issues.
- As a manager, you will provide advice, coaching and mentoring to testers on non-functional testing subjects such as security testing.
- Attend meetings and provide stakeholders with updates.
- Design and execute manual and automated security test cases using standard testing techniques.
- Design and implement pipeline solutions to support automated security testing and reporting.
For more information on the Test Engineering profession and skills expected of a Lead, head over to the Government Digital and Data Profession Capability Framework.
Person specification
We are looking for the following experience, which will be assessed at sift and at interview:
- Proven experience of coaching and mentoring direct reports.
- A relevant certification in ethical hacking or penetration testing, such as 7Safe CSTA or GIAC Penetration testing, or evidence that you are working towards this or have proven working experience.
- Experience of non-functional testing practices with a strong focus on Security Testing.
- Working knowledge of at least 5 of the following security tools and technologies:
- Burp Suite (including Burp Scanner)– for web application vulnerability scanning and manual security testing.
- OWASP ZAP– for DAST and automated security regression testing.
- Postman or SOAP UI– for API testing with a security focus (e.g. injection, authorisation, token misuse).
- OAuth2 / OpenID Connect– for testing secure authentication and access control scenarios.
- Jenkins or Concourse– for integrating security testing into CI/CD pipelines.
- Unix/Linux-based systems– for using command-line tools, scripting, and log analysis.
- AWS (or similar cloud provider)– with a focus on IAM, S3 access controls, and common misconfiguration risks.
- SQL / MongoDB / Oracle– for testing injection flaws, access controls, and data sanitisation.
- Karate DSL or Rest Assured– for automating security-focused API tests.
- Version control systems (e.g. Git)– for secure code handling and integration with secrets scanners.
- Static Application Security Testing (SAST) tools– e.g. SonarQube, Checkmarx, Semgrep.
- Dynamic Application Security Testing (DAST) tools– e.g. OWASP ZAP, Burp Suite Pro.
- Infrastructure-as-Code (IaC) scanning tools– e.g. tfsec, Checkov.
- Secrets detection tools– e.g. GitLeaks, truffleHog, detect-secrets.
- Threat modelling methodologies– e.g. STRIDE, PASTA, or creating risk-based test charters.
- Familiarity with the OWASP Top 10– and how to test for each category.
Behaviours
We’ll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Managing a Quality Service
- Working Together
- Seeing the Big Picture
- Leadership
We only ask for evidence of these behaviours on your application form: Leadership
Technical skills
We’ll assess you against these technical skills during the selection process: Penetration testing / ethical hacking
Lead Test Engineer (Security) - Companies House - SEO employer: Government Digital and Data
Contact Detail:
Government Digital and Data Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Test Engineer (Security) - Companies House - SEO
✨Tip Number 1
Familiarise yourself with the specific security tools mentioned in the job description, such as Burp Suite and OWASP ZAP. Having hands-on experience with these tools will not only boost your confidence but also demonstrate your technical skills during interviews.
✨Tip Number 2
Engage with online communities or forums related to security testing. This can help you stay updated on the latest trends and tools in the industry, and you might even find networking opportunities that could lead to referrals.
✨Tip Number 3
Prepare to discuss your coaching and mentoring experiences in detail. Think of specific examples where you've successfully guided others in non-functional testing, as this is a key aspect of the role.
✨Tip Number 4
Research Companies House and their digital transformation initiatives. Understanding their goals and challenges will allow you to tailor your discussions and show how your skills can contribute to their success.
We think you need these skills to ace Lead Test Engineer (Security) - Companies House - SEO
Some tips for your application 🫡
Understand the Role: Before you start writing your application, make sure you fully understand the responsibilities and requirements of the Lead Test Engineer (Security) position. Familiarise yourself with the key skills mentioned in the job description, such as security testing tools and mentoring experience.
Tailor Your CV: Customise your CV to highlight relevant experience and skills that align with the job description. Emphasise your background in security testing, coaching, and any specific tools or methodologies you've used that are mentioned in the listing.
Craft a Compelling Cover Letter: Write a cover letter that not only outlines your qualifications but also demonstrates your enthusiasm for the role and the company. Mention how your values align with Companies House's culture of continuous improvement and flexibility.
Showcase Relevant Certifications: If you have certifications in ethical hacking or penetration testing, be sure to mention them prominently in your application. If you're working towards one, include that information as well, as it shows your commitment to professional development.
How to prepare for a job interview at Government Digital and Data
✨Showcase Your Technical Skills
Be prepared to discuss your experience with security tools like Burp Suite and OWASP ZAP. Highlight specific projects where you've used these tools effectively, as this will demonstrate your hands-on expertise.
✨Emphasise Coaching Experience
Since the role involves mentoring other testers, share examples of how you've successfully coached team members in the past. Discuss your approach to fostering a collaborative environment and improving team performance.
✨Understand Agile Methodologies
Familiarise yourself with Agile practices, as Companies House promotes a culture of continuous improvement. Be ready to explain how you've applied Agile principles in your previous roles, particularly in testing environments.
✨Prepare for Behavioural Questions
Expect questions that assess your leadership and decision-making skills. Use the STAR method (Situation, Task, Action, Result) to structure your responses, focusing on how you've made effective decisions in challenging situations.