The Digital Services & IT (DS&IT) Branch is responsible for establishing, leading and managing the digital and technology functions within QCS.

The Branch works with business areas to ensure ICT investment aligns and supports the agency’s strategic direction, exploring emerging digital solutions whilst leveraging and managing existing business critical ICT environments.

The functions within the DS&IT Branch includes: ICT strategy and solution design and delivery; information management; business systems applications; cloud services and infrastructure; end user computing; and cyber security.

The QCS cyber security team is responsible for protecting and securing QCS assets that are in scope of the agencies Information Security Management System (ISMS).

In This Role You Will

• Conduct comprehensive system penetration testing on various systems, networks, and applications to identify and exploit security vulnerabilities.
• Simulate sophisticated cyberattacks, including network attacks, web application exploits, social engineering, and other advanced persistent threats.
• Utilise a variety of system penetration testing tools, techniques, and methodologies to perform in-depth assessments.
• Analyse and assess potential security risks and vulnerabilities within the organisation's infrastructure. This includes but is not limited to ICT, IoT, Operational Technology and Cloud Computing environments.
• Exploit identified vulnerabilities to determine the potential impact on the organisation's security posture.
• Document and report findings in a clear, concise, and actionable manner.
• Work closely with members of the QCS Cyber Security Unit to ensure the effectiveness of detection and response strategies.
• Provide detailed insights into potential attack vectors and methods to improve defensive measures.
• Collaborate in threat hunting exercises to identify and mitigate potential threats proactively.
• Develop and execute red team scenarios and simulations to challenge and improve the blue team's capabilities. Provide after-action reports and debriefings to highlight findings, lessons learned, and areas for improvement.
• Create detailed reports of system penetration testing activities, including methodologies used, vulnerabilities found, and recommendations for remediation.
• Maintain documentation of testing processes, tools, and findings for future reference and audits.
• Present findings and recommendations to stakeholders, including technical and non-technical audiences.
• Stay up to date with the latest system penetration testing tools, techniques, and methodologies.
• Ensure all system penetration testing activities comply with relevant legal, regulatory, and industry standards.
• Provide expert advice on secure coding practices, system hardening, and threat mitigation strategies.
• Act as a subject matter expert for system penetration testing within the organisation, offering guidance to other teams and stakeholders.
  
  

Occupational group IT & Telecommunications