At a Glance
- Tasks: Lead cyber resilience testing and vulnerability management across IT and OT environments.
- Company: Join Thames Water's dynamic Information Security team.
- Benefits: Hybrid working, competitive salary, and opportunities for professional growth.
- Other info: CTC clearance required; excellent career advancement opportunities await.
- Why this job: Make a real impact on cybersecurity while collaborating with industry experts.
- Qualifications: Experience in cybersecurity and strong understanding of offensive security methodologies.
The predicted salary is between 60000 - 75000 € per year.
As a Cyber Resilience Testing Lead, you will play a key role within the Information Security team at Thames Water, supporting the Head of Cyber Resilience in delivering technical cyber resilience testing and vulnerability management activities across both IT and OT environments. Working closely with cybersecurity leadership, service owners, and technical teams, you will help ensure vulnerabilities are effectively identified, assessed, remediated, and evidenced across the organisation.
This role contributes to Thames Water’s cyber resilience programme by providing technical assurance of defensive capabilities, supporting resilience testing initiatives, and ensuring vulnerability management processes are robust and effective. You will collaborate with stakeholders across the business to ensure testing and remediation activities are executed efficiently while maintaining high standards of documentation, reporting, and governance.
Security Clearance: CTC (Counter Terrorist Check) clearance is essential. You must currently hold or be able to attain CTC clearance for this role.
What you’ll be doing as a Cyber Resilience Testing Lead:
- Lead the technical validation of vulnerabilities, including severity assessment, exploitability analysis, and business impact evaluation across IT and OT environments.
- Perform advanced triage of vulnerabilities using industry-standard methodologies such as CVSS.
- Act as the technical escalation point for complex or disputed remediation plans, advising on compensating controls and risk acceptance.
- Maintain and update the central vulnerability register, ensuring accurate tracking from identification through to remediation.
- Assign ownership of vulnerabilities and track remediation progress to completion.
- Collect and validate remediation evidence, ensuring audit-ready documentation.
- Prepare reports and dashboards to support oversight by Cyber Resilience leadership.
- Design and maintain the annual penetration testing and red/purple team testing schedule.
- Review and validate testing outputs, including exploit paths and findings, ensuring technical accuracy.
- Translate testing findings into actionable remediation plans in collaboration with SOC, architecture, engineering, and OT teams.
- Support the coordination of penetration testing, red/purple teaming, and cyber stress testing activities.
- Provide subject matter expertise during cyber incidents, supporting technical investigation and response.
- Maintain readiness for regulatory compliance, ensuring testing and vulnerability evidence meets audit requirements.
- Support broader cyber resilience initiatives through operational and administrative activities.
- Maintain accurate records and contribute to reporting and regulatory submissions.
Base location: Hybrid – Clearwater Court, Reading. Working pattern: 36 hours Monday to Friday.
What you should bring to the role:
- Experience in cybersecurity, vulnerability management, or related technical security roles.
- Strong understanding of offensive security methodologies, including MITRE ATT&CK.
Cyber Resilience Testing Lead employer: Cyber UK
Thames Water is an exceptional employer that prioritises the growth and development of its employees within a collaborative and innovative work culture. As a Cyber Resilience Testing Lead, you will benefit from a hybrid working model at our Clearwater Court location in Reading, allowing for a balanced work-life dynamic while contributing to vital cybersecurity initiatives. With a strong focus on employee well-being, continuous learning opportunities, and a commitment to maintaining high standards in cyber resilience, Thames Water offers a rewarding environment for those seeking meaningful and impactful careers.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Resilience Testing Lead
✨Tip Number 1
Network like a pro! Reach out to folks in the cybersecurity field, especially those at Thames Water. Attend industry events or webinars, and don’t be shy about sliding into DMs on LinkedIn. Building connections can open doors that job applications alone can't.
✨Tip Number 2
Show off your skills! If you’ve got experience with vulnerability management or cyber resilience testing, create a portfolio or a personal project that highlights your expertise. This can be a great conversation starter during interviews and shows you’re proactive.
✨Tip Number 3
Prepare for the interview like it’s a cyber attack! Research Thames Water’s current cyber resilience initiatives and think about how your skills can contribute. Be ready to discuss specific scenarios where you’ve tackled vulnerabilities or led testing efforts.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in being part of the Thames Water team. Don’t miss out on this opportunity!
We think you need these skills to ace Cyber Resilience Testing Lead
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the Cyber Resilience Testing Lead role. Highlight your experience in cybersecurity and vulnerability management, and don’t forget to mention any relevant methodologies you’ve used. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about cyber resilience and how your background makes you a perfect fit for our team. Keep it concise but impactful – we love a good story that connects your experience to our mission.
Showcase Your Technical Skills:In your application, be sure to highlight your technical expertise, especially in areas like vulnerability assessment and remediation. Mention any tools or frameworks you’re familiar with, as this will help us understand your hands-on experience and how you can contribute to our projects.
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you’ll be able to upload all your documents in one go. Plus, it helps us keep track of your application better!
How to prepare for a job interview at Cyber UK
✨Know Your Cybersecurity Stuff
Make sure you brush up on your knowledge of cybersecurity principles, especially around vulnerability management and resilience testing. Be ready to discuss specific methodologies like CVSS and how you've applied them in past roles.
✨Showcase Your Collaboration Skills
This role involves working closely with various teams, so be prepared to share examples of how you've successfully collaborated with stakeholders in the past. Highlight any experience you have in translating technical findings into actionable plans for non-technical teams.
✨Prepare for Technical Questions
Expect some deep dives into technical scenarios during the interview. Brush up on your knowledge of exploitability analysis and business impact evaluation. Practise explaining complex concepts in a clear and concise manner.
✨Demonstrate Your Organisational Skills
Since maintaining accurate records and documentation is crucial for this role, be ready to discuss how you manage your workload and keep track of multiple tasks. Share any tools or methods you use to stay organised and ensure audit-ready documentation.
