Work with UK-wide energy players to test their resilience to cyber attack
As the UK's regulator for the energy industry, Ofgem works on behalf of energy consumers to ensure that every household and business in the UK can rely on a safe, affordable and environmentally sustainable energy supply. Protecting the resilience of the UK national infrastructure is a key responsibility. That's why we work hard to ensure that operational systems and networks in the energy sector are able to resist cyber and related security threats.
Collaborating closely with stakeholders in the downstream gas and electricity sector, you'll support red team exercises, vulnerability assessments of IT assets, and other tests to assess the robustness of systems, products and technology. Sharing the implications of test findings, you will make clear the potential business impact if vulnerabilities are exploited and advise on appropriate cybersecurity improvements. At the same time, taking a sector-wide view, you will produce metrics and intelligence reports, and contribute to recommendations to mitigate risk.
With a strong technical background in IT or software development, you will hold or be ready to pass national security vetting to SC level. Qualifications in security are essential (for example CISMP, SANS 401) including some penetration testing knowledge (such as Pentest+, EC-Council, SANS). You must also have conducted practical penetration testing within a commercial or project delivery setting using tools such as NMAP, Burp Suite or similar. A good understanding of Windows, Linux and the Cloud (including scripting) will be vital. An effective communicator, you'll be ready to build good working relationships with a range of external organisations and businesses.
Ofgem relies on having a workforce that reflects the society we serve, so we welcome candidates from all backgrounds, and especially those from underrepresented groups. While this is a full-time role, flexible working patterns and job shares are welcome. We will also support you with excellent training and development opportunities, plus a competitive benefits package.
Ofgem is committed to making a positive difference for energy consumers through effective regulation of the market and close working with suppliers to ensure sustainable energy for consumers and businesses in the UK.
It is vital that operational systems and networks in the electricity and downstream gas sectors in Great Britain remain resilient against cyber and related security threats.
This role will be part of Cyber Security Directorate at Ofgem, which has two main objectives:
Protecting the UK National Infrastructure - Act as Competent Authority (CA) for implementing Regulations for Operators of Essential Services (OES), to improve security and resilience in the Downstream Gas and Electricity sector.
Protecting Ofgem - Ensure that Ofgem maintains appropriate levels of security, privacy and resilience to protect, our people, data, operations and facilities from harm.
The role will be working in the CA function reporting to the Head of CA Assurance.
The key purpose of the role is to monitor, support, report and instruct against the regulatory framework to ensure operational systems and networks owned and/or managed, by Operators of Essential Services, in the electricity and downstream gas sectors in Great Britain, remain resilient against cyber and related security threats.
Support the scoping, conducting and procurement of penetration tests, red team exercises, vulnerability assessments of IT assets, and other tests to assess the robustness of a system, product, or technology
Disseminate the implications of test findings, relaying the potential business impact if vulnerabilities are exploited
Engage with internal and external stakeholders to provide appropriate Cyber Security assurance in accordance with policy and regulations
Report potential issues and mitigation options to appropriate stakeholders or governance forums
Contribute to the review and interpretation of reports and contribute to remediation action plan production