Lead Principle Security QA Engineer

Rate: Inside IR35

Location: likely 2 days a week onsite in London or Croydon.

Duration: 6 months +

SC cleared or eligible.

The Home Office is developing an internal Security Testing capability within the Quality Assurance and Testing function. As a Principal Cyber Security Professional, you will be embedded in the Home Office Cyber Security (HOCS) team, working closely with senior security stakeholders to develop and represent the security testing service. Strong communication and professionalism are essential as you collaborate across the organization.

You will lead security testing, vulnerability assessments, and security compliance efforts to protect Home Office services and provide technical security advice based on risk assessments.

Collaborating with business and technical stakeholders, you will deliver security testing and guidance to enable secure solutions.

1. Lead the development and delivery of security testing documentation to support the security testing service.
2. Engage with internal and external partners to manage security testing and assurance in accordance with policies and regulations.
3. Support security assessments, penetration testing, and other non-functional security testing, documenting findings.
4. Provide vulnerability management and security compliance expertise for on-premise and cloud solutions.
5. Collaborate with project teams to provide security testing expertise.
6. Act as an escalation point for security testing incidents.
7. Research and adopt new security technologies and methodologies.
8. Assess threats and vulnerabilities, identifying deviations from security baselines.
9. Communicate security risks and findings clearly to stakeholders.
10. Research new threats and recommend remedial actions.

• Experience applying technical security controls in real environments, understanding threats and vulnerabilities.
• Passion for security testing and professional development.
• Recognized industry certifications such as CREST, Offensive Security, SANS/GIAC, or equivalent.
• Experience managing or conducting security testing across diverse environments.
• Proficiency with vulnerability scanning tools, report writing, and assessment activities.
• Strong communication skills for engaging stakeholders at all levels.
• Team collaboration and knowledge sharing skills.
• Knowledge of OWASP Top 10, CVE databases, etc.
• Understanding of Agile and DevOps practices for continuous testing.
• Experience integrating security testing into CI/CD pipelines.

• Knowledge of penetration testing tools and techniques.
• Experience developing security testing reports and assessing exploit impact.
• Experience delivering security aspects of projects.
• Understanding of IT infrastructure, network protocols, encryption algorithms, PKI, SSL/TLS, SIEM, and OS patching.

Applicants with high-level security clearance or previous security clearance are encouraged to apply. Note that security clearance may take up to 10 weeks. LA International is a HMG-approved ICT recruitment and consultancy firm, committed to diversity and inclusion. Recognized with multiple awards including The Queen’s Award for Enterprise: International Trade.