Enable job alerts via email!

Lead Test Engineer (Security) - Companies House - SEO

Manchester Digital

United Kingdom

Remote

GBP 41,000 - 46,000

Full time

Yesterday
Be an early applicant

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Start fresh or import an existing resume

Job summary

Une organisation dynamique recherche un Lead Test Engineer (Security) pour assurer l'intégrité des systèmes tout en mentorant l'équipe de testeurs. Ce rôle offre l'opportunité de repousser les limites des outils et techniques de test tout en contribuant à une culture de durabilité et d'amélioration continue. Vous travaillerez sur des missions stimulantes en utilisant des méthodologies Agile au sein d'une équipe passionnée.

Benefits

30 jours de congés annuels
8 jours de congés fériés
Journée de privilège
Intégration au régime de pension civil
Horaires flexibles

Qualifications

  • Expérience dans le coaching et le mentoring.
  • Expertise en tests de sécurité non-fonctionnels.
  • Bonnes connaissances en outils de sécurité.

Responsibilities

  • Gérer et exécuter des tests de sécurité dans le cycle de développement logiciel.
  • Former et conseiller les testeurs sur les pratiques de test de sécurité.
  • Assurer la mise à jour et la communication avec les parties prenantes.

Skills

Coaching
Mentoring
Security Testing
Continuous Improvement

Education

Certification en hacking éthique ou test d'intrusion

Tools

Burp Suite
OWASP ZAP
Postman
Jenkins
Unix/Linux
AWS
SQL/MongoDB

Job description

Lead Test Engineer (Security) - Companies House - SEO

Base salary is £41,571 - £45,784 with an additional DDaT allowance of £4,350 - £11,000 available
Published on

Full-time (Permanent) Base salary is £41,571 - £45,784 with an additional DDaT allowance of £4,350 - £11,000 available
Published on 3 July 2025 Deadline 20 July 2025

Location

Remote working (anywhere in the UK)

About the job
Job summary

This is an exciting opportunity in the Digital Services team! You’ll be joining our team at a time of transformation, and you will be part of shaping the future of our department. We use Agile Methodologies and promote a culture of continuous improvement.

We are looking for an enthusiasticLead Test Engineer (Security) with great technical skills able to coach and mentor other testers and lead the non-functional testing workstream focused on Security testing.

You will be part of our lead tester group, working collaboratively with your team and overseeing the testing journey with management responsibilities.

This provides an opportunity to make the test community thrive by exploring new and emerging tools and approaches and working out how you can help the organisation deliver better services.

This is a rewarding role within the Test Team and provides an opportunity to contribute to the success of existing and future services provided by Companies House.

Companies House offers a flexible and welcoming culture that promotes a healthy work life balance as well as a proactive approach to wellbeing that allows us to be our best at work. We recognise that people are the key to our success so offer a fantastic benefits package including flexible working with no core hours, 30 days annual leave, 8 bank holidays and 1 privilege day as well as enrolment into the Civil Service Pension scheme with a contribution rate averaging 28%.

We're able to consider both full-time and part-time working patterns for this opportunity. For part-time, this must be a minimum of 30 hours per week, over 4 or 5 days.

Please note -Companies House cannot offer Visa sponsorship to candidates through this campaign. Additionally, aSecurity Check (SC) is an essential requirement for this role (at least 3 out of the last 5 years in the UK). Please see 'Things you need to know' section below for more information.

As a Lead Test Engineer focusing on security, you will:

  • Take ownership of security testing within the software development lifecycle. This will involve running vulnerability scans using tools such as Burp, coordinating with relevant teams, and testing security-related issues.
  • As a manager, you will provide advice, coaching and mentoring to testers on non-functional testing subjects such as security testing.
  • Attend meetings and provide stakeholders with updates.
  • Design and execute manual and automated security test cases using standard testing techniques.
  • Design and implement pipeline solutions to support automated security testing and reporting.

We are looking for the following experience, which will be assessed at sift and at interview.

  • Proven experience of coaching and mentoring direct reports.
  • A relevant certification in ethical hacking or penetration testing, such as such as 7Safe CSTA or GIAC Penetration testing, or evidence that you are working towards this or have proven working experience.
  • Experience of non-functional testing practices with a strong focus on Security Testing.
  • Working knowledge of at least 5 of the following security tools and technologies:
  • Burp Suite (including Burp Scanner) – for web application vulnerability scanning and manual security testing.
  • OWASP ZAP – for DAST and automated security regression testing.
  • Postman or SOAP UI – for API testing with a security focus (e.g. injection, authorisation, token misuse).
  • OAuth2 / OpenID Connect – for testing secure authentication and access control scenarios.
  • Jenkins or Concourse – for integrating security testing into CI/CD pipelines.
  • Unix/Linux-based systems – for using command-line tools, scripting, and log analysis.
  • AWS (or similar cloud provider) – with a focus on IAM, S3 access controls, and common misconfiguration risks.
  • SQL / MongoDB / Oracle – for testing injection flaws, access controls, and data sanitisation.
  • Karate DSL or Rest Assured – for automating security-focused API tests.
  • Version control systems (e.g. Git) – for secure code handling and integration with secrets scanners.
  • Static Application Security Testing (SAST) tools – e.g. SonarQube, Checkmarx, Semgrep.
  • Dynamic Application Security Testing (DAST) tools – e.g. OWASP ZAP, Burp Suite Pro.
  • Infrastructure-as-Code (IaC) scanning tools – e.g. tfsec, Checkov.
  • Threat modelling methodologies – e.g. STRIDE, PASTA, or creating risk-based test charters.
  • Familiarity with the OWASP Top 10 – and how to test for each category.
Behaviours

We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Managing a Quality Service
  • Working Together
  • Seeing the Big Picture
  • Leadership

We only ask for evidence of these behaviours on your application form:

  • Leadership
Technical skills

We'll assess you against these technical skills during the selection process:

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.