Senior Test Engineer (Security)

This is an exciting opportunity in the Digital Services team! You'll be joining our team at a time of transformation, and you will be part of shaping the future of our department. We use Agile Methodologies and promote a culture of continuous improvement.

We are looking for an enthusiastic  Senior Test Engineer  (Non-Functional Security) with great technical skills, able to deliver and support security testing workstreams, including vulnerability assessments and penetration testing. You will also offer guidance to other testers on security testing best practices.

You will be part of our non-functional testing specialist team, working collaboratively with your team and overseeing the testing journey.

This provides an opportunity to make the test community thrive by exploring new and emerging tools and approaches and working out how you can help the organisation deliver better services.

This is a rewarding role within the Test Team and provides an opportunity to contribute to the success of existing and future services provided by Companies House.

Watch this video to find out more about working in Digital at Companies House

Companies House offers a flexible and welcoming culture that promotes a healthy work life balance as well as a proactive approach to wellbeing that allows us to be our best at work. We recognise that people are the key to our success so offer a fantastic benefits package including flexible working with no core hours, 30 days annual leave, 8 bank holidays and 1 privilege day as well as enrolment into the Civil Service Pension scheme with a contribution rate averaging 28%.

Find out more about what a great place Companies House is to work

We're able to consider both full-time and part-time working patterns for this opportunity. For part-time, this must be a minimum of 30 hours per week, over 4 or 5 days.

Please note - Companies House cannot offer Visa sponsorship to candidates through this campaign. Additionally, a Security Check (SC) is an essential requirement for this role (at least 3 out of the last 5 years in the UK). Please see 'Things you need to know' section below for more information.

Job description

As a Senior Test Engineer focusing on security you will;

• Working within a delivery team, you'll contribute to the coordination and execution of security testing across the software development lifecycle. This will involve running vulnerability scans using tools such as Burp, coordinating with relevant teams, testing security related issues.
• Support the wider test team by sharing knowledge and guidance on security testing approaches and tooling.
• Attend meetings and provide stakeholders with updates.
• Design and implement pipeline solutions to support automated security testing and reporting.

  For more information on the Test Engineering profession and skills expected of a Lead, head over to the Government Digital and Data Profession Capability Framework.

   

  Person specification

  We are looking for the following, which will be assessed at sift, technical stage and interview.

  • Experience in Security testing.
  • A relevant certification in ethical hacking or penetration testing, such as such as 7Safe CSTA or GIAC Penetration testing, OR currently working towards this OR have proven working experience.
  • Working knowledge of at least 5 of the following security tools and technologies:
    1. Burp Suite (including Burp Scanner) - for web app vulnerability scanning and manual security testing.
    2. OWASP ZAP - for DAST and automated security regression testing.
    3. Postman or SOAP UI - for API testing with a security focus (e.g. injection, authorisation, token misuse).
    4. OAuth2 / OpenID Connect - for testing secure authentication and access control scenarios.
    5. Jenkins or Concourse - for integrating security testing into CI/ CD pipelines.
    6. Unix/ Linux-based systems - for using command-line tools, analysing logs, and running manual tests.
    7. AWS (or similar cloud provider) - with a focus on IAM, S3 access, and common misconfiguration risks.
    8. SQL / MongoDB / Oracle - for testing injection flaws, access controls, and data sanitisation.
    9. Karate DSL or Rest Assured - for automating security-focused API tests.
    10. Git or other version control systems - for secure code handling and integration with security scanners.
    11. Static Application Security Testing (SAST) tools - e.g. SonarQube, Checkmarx, Semgrep.
    12. Dynamic Application Security Testing (DAST) tools - e.g. OWASP ZAP, Burp Suite Pro.
    13. Infrastructure-as-Code (IaC) scanning tools - e.g. tfsec, Checkov.
    14. Secrets detection tools - e.g. GitLeaks, truffleHog, detect-secrets.
    15. Threat modelling approaches - e.g. STRIDE, or creating risk-based test charters.
    16. Familiarity with the OWASP Top 10 - and how to test for each risk category.

         

        Benefits

        Alongside your salary of £40,398, Companies House contributes £11,703 towards you being a member of the Civil Service Defined Benefit Pension scheme.  Find out what benefits a Civil Service Pension provides.

         

        We offer an excellent benefits package that includes:

        • a generous 30 days annual leave plus 8 bank holidays and 1 privilege day
        • enrolment into the  Civil Service Pension Scheme with a contribution rate of averaging 28%
        • a range of recognition schemes including instant awards to thank and recognise each other's efforts and contributions
        • strong ethos of equality, diversity and inclusion
        • great work life balance with flexible and mobile working available for many roles
        • a pro-active approach to employee wellbeing that allows our employees to flourish and be their best at work and has enabled us to become an  Investors In People platinum accredited employer
        • online financial support and advice
        • seasonal flu jabs
        • generous maternity, paternity, adoption and shared parental leave allowances
        • a focus on career development and progression
        • a number of inclusive network groups to support our colleagues and a great sports and social society
        • cycle to work scheme
        • staff discount scheme
        • holiday play scheme for children
        • 3 days paid volunteering leave

           

          Next Steps

          Click  'Apply Now' to be taken to our main advert Civil Service Jobs where you can see more details regarding the role, the incredible benefits we have to offer and what it's like to work in Companies House.

           

          If you have any questions about the role or process, please reach out to kjones6@companieshouse.gov.uk.

           

          This role closes on 20 July 2025.