Apply for job
Vacancy reference: 6820
Salary: National: £56532 - £73450 (which may include an allowance of up to £16918). London: £61201 - £78225 (which may include an allowance of up to £17024).
Closing date: 30/06/2025
Department: Technology Services
Location: National
Employment type: Permanent

Job Description

Lead Offensive Security Operator
Location: National*
Closing Date: 30th June
Interviews: W/C 14th July (subject to change)
Grade: G7
(MoJ candidates who are on a specialist grade, will be able to retain this grade on lateral transfer)
Salary: National: £56532 - £73450 (which may include an allowance of up to £16918). London: £61201 - £78225 (which may include an allowance of up to £17024).
Working pattern: Full-time, part-time, flexible working, job share.
Contract Type: Permanent.
*We offer a hybrid working model, allowing for a balance between remote work and time spent in your local office. Office locations can be found ON THIS MAP

The Role

We’re recruiting for a Lead Offensive Security Operator here at Justice Digital, to be part of our warm and collaborative Digital Infrastructure and Security Operations Team (DISO) team. The team are responsible for the live services, delivery, product changes and developments for all networking, security, voice, video and hosting services across the MoJ estate.

This role aligns against Penetration Testing Principle from the Government Security Profession.

The Justice Digital team is made up of around 900 digital and technology specialists, located throughout the UK. Our vision is a digitally enabled end-to-end justice system which can adapt and respond to changing needs.

Justice Digital is responsible for all infrastructure, end user computing, onsite support and delivery of technology projects. It has responsibility for 95,000 devices and infrastructure across 900+ sites.

You will be part of a small team of cyber red teaming specialists who provide independent full-spectrum adversary emulation services to security stakeholders within the Ministry of Justice.

You will conduct safe, simulated cyber-attack simulations against our technology estates, acting as a real-world adversary might, to test our defences, highlight weaknesses and contribute cyber security expertise and insight in support of the department’s strategic security decision-making functions. You will be familiar with exploitation methodologies across a wide range of technologies, from classic enterprise technology stacks to modern digital services. You will have a well-developed ability to tactically assess and to execute a diversity of attack types, including chained attacks and evasion techniques, to achieve your desired goal.

To help picture your life at MoJ Justice Digital please take a look at our blog and our Digital and Technology strategy 2025

Key Responsibilities:

  • Designing and executing threat intelligence-based full-spectrum cyber-attack simulations, including long-term campaign planning, persistence, and post-exploitation operations against the Ministry of Justice. Adopting a red team approach, discovering high-impact weaknesses across the organisation’s most important technology estates and business areas, and validating whether the overarching cyber security apparatus is working effectively.
  • Communicating technical findings in clear risk and impact-focused terms to senior stakeholders, enabling effective understanding and support for strategic decision-making.
  • Development and implementation of technology platforms, tools and methodologies to augment and to automate team offensive and analytical capability.
  • Mentoring junior Red Team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department.

If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!

Benefits

  • 37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.
  • A £1k per person learning budget is in place to support all our people, with access to best in class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms
  • Staff have 10% time to dedicate to develop & grow
  • Generous civil service pension based on defined benefit scheme, with employer contributions of 28.97% from April 1st 2024 (Contribution Rates)
  • 25 days leave (plus bank holidays) and 1 privilege day usually taken around the Kings’ birthday. 5 additional days of leave once you have reached 5 years of service.
  • Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
  • Wellbeing support including access to the Calm app.
  • Bike loans up to £2500 and secure bike parking (subject to availability and location)
  • Season ticket loans, childcare vouchers and eye-care vouchers.
  • 5 days volunteering paid leave.
  • Free membership to BCS, the Chartered Institute for IT.
  • Some offices may have a subsidised onsite Gym.

Person Specification

Essential

  • Proven ability to plan and execute complex, multi-phase operations, including:
  • Scenario-driven adversary simulation
  • Threat intelligence analysis and assessment
  • Exploitation of a wide range of technologies, including infrastructure, web application and cloud platforms.
  • Post-exploitation, persistence and lateral movement, including tactical analysis of attack paths leading to high-value targets
  • Conducting engagement activities in line with operational security best practice and within a range of threat actor capabilities and tradecraft
  • Deep understanding of security technologies found in end-user and server operating systems and supporting infrastructure, including relevant architectural and operational patterns of at-scale deployment and administration of complex legacy and modern enterprise environments.
  • Experience using, developing and deploying tools in support of red teaming activities, including attack infrastructure, C2 frameworks and infrastructure-as-code technologies.
  • Strong communication skills with the ability to clearly explain complex technical issues related to vulnerabilities and risk to diverse audiences, including senior stakeholders, in support of vulnerability management, threat mitigation, and risk-based decision-making.
  • Experience in threat and/or vulnerability research, including publication and presentation to the wider cyber security community

    Willingness to be assessed against the requirements for SC clearance.


The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

How to Apply

Candidates must submit a CV and statement of suitability (of no more than 750 words) via our applicant website Jobtrain, which describes how you meet the requirements set out in the Person Specification above. Applicants who do not submit both a CV and a separate statement of suitability will not be invited to attend an interview.

In Justice Digital, we recruit using a combination of the Government Security Profession and Success Profiles Frameworks. We will assess your Experience, Technical Skills and the following Behaviours during the assessment process:

  • Making effective decisions
  • Communicating and Influencing
  • Delivering at pace

A diverse panel will review your application against the Person Specification above.

Successful candidates who meet the required standard will then be invited to a 1-hour panel interview held via video conference.

Should we receive a high volume of applications, a pre-sift based on the following criteria will be conducted before the sift -

  • Proven ability to plan and execute complex, multi-phase operations.

Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.

A reserve list may be held for up to 12 months, from which further appointments may be made.

Terms & Conditions

Please review our Terms and Conditions which set out how we recruit and provide further information related to the role and salary arrangements.

If you have any questions, please feel free to contact digitalanddatarecruitment@justice.gov.uk



Take a look around the company https://www.jobtrain.co.uk/justicedigital
LinkedInClick here to contact us on YouTube
Apply for job favorite_border Save this job