Senior Infrastructure Engineer - HM Land Registry - SEO
Location
Plymouth, South West England, PL6 5WS
About the job
Job summary
HM Land Registry (HMLR) is looking for a Senior Infrastructure Specialist – Red Team Operator to join our growing IT Security Operations function. This is an exciting opportunity to become part of a new and developing Red Team capability, helping to strengthen HMLR’s cyber resilience through advanced security testing, adversary emulation, and threat-informed assessments. The role is aligned to HMLR's developing Red Team function within the IT Security Operations area.
As a specialist within the Security Cluster, you will emulate real-world threat actors to identify vulnerabilities, test security controls, and provide actionable intelligence that helps improve our security posture. Working closely with defensive security teams, engineering teams and operational stakeholders, you will play a key role in protecting the systems and services that support one of the UK's largest digital property registers.
This is an excellent opportunity for someone who enjoys technical challenge, problem-solving, and collaborative working, and who wants to help shape the future direction of Red Teaming within HMLR.
Job description
The IT Operations Practice sits within the Digital, Data and Technology (DDaT) directorate and is responsible for the performance and delivery of the technical infrastructure that underpins HMLR's services. The practice brings together a wide range of technical teams responsible for supporting, monitoring and operating critical infrastructure and services across the organisation
Within the practice sits a mature security function responsible for operational security across HMLR's platforms and systems. As part of a newly emerging Red Team capability, you will have the opportunity to influence and develop how the function operates, working closely with Security Operations, Security Assurance, infrastructure engineering teams and other technical specialists across the organisation.
Working as part of a team safeguarding HMLR systems against cyber threats, you will explore the tactics, techniques and procedures used by malicious actors to infiltrate systems undetected. Through simulated attacks, penetration testing and adversary emulation activities, you will identify weaknesses and provide evidence-based recommendations that help improve detection, response and security controls.
Main Duties
- Emulate the actions of threat actors to identify exploitable vulnerabilities across HMLR systems and services.
- Carry out penetration testing activities against networks, applications and computer systems.
- Perform simulated attacks to assess the effectiveness of defensive controls and detection capabilities.
- Identify security weaknesses, misconfigurations and attack paths, ensuring findings are communicated to the appropriate operational teams.
- Assess risks associated with security findings and potential vulnerabilities.
- Analyse attacker entry points and exploitation methods using real-world threat intelligence.
- Communicate priority risks, vulnerabilities and recommendations clearly to technical and non-technical stakeholders.
- Support the identification, prioritisation and implementation of security control improvements.
- Plan, coordinate and deliver adversary emulation and Red Team engagements.
- Provide actionable threat intelligence and security insights to Blue Teams and other security functions.
- Assess and enhance security controls, threat intelligence processes and incident response capabilities.
- Maintain awareness of the evolving cyber threat landscape and the tactics, techniques and procedures used by threat actors.
- Produce clear documentation, technical reports and recommendations that support informed decision-making across the Security Cluster.
Additional Requirement
- Occasional travel will be required to HM Land Registry offices, supplier locations and other Government departments, which may include overnight stays.
- The role will require occasional planned out-of-hours working to support IT changes, maintenance activities and security testing exercises.
- The post is covered by HMLR's flexible working hours agreement.
- Participation in an on-call rota may be required.
- The successful candidate will be required to obtain and maintain the appropriate level of Security Clearance and will be subject to additional background checks.
Person specification
To be successful in this role, you will be required to demonstrate the following criteria throughout the recruitment process.
Essential Technical Skills and Qualifications:
- Holds a qualification in Information Technology or a related area (Degree level or equivalent) or significant experience in an IT field
- Advanced skills in the management of at least three of a range of security technologies such as: - SIEM, EDR-XDR, CTEM, DAST, WAF/DDoS, Entra ID, IPS/IDS, PKI, SASE
- Advanced Skills in Data Collection & reconnaissance, Exploitation frameworks, Password cracking, Attack Surface Mapping, Exposure Management
- Advanced scripting in one of: - Python, Perl, SQL Assembly, PowerShell, Shell scripting
Desirable Technical Skills and Qualifications:
- Ethical Hacking Essentials (EHE)
- Certified Ethical Hacker (CEH)
- Extensive knowledge in the security of either Windows, Linux or Mainframe systems
- Extensive knowledge in the operation of security controls in cloud services such as AWS or Azure
- Web application testing and exploitation
- Network penetration testing and exploitation
Essential Experience:
- Experience of technical information gathering, analysis and problem solving of security related issues
- Experience of technologies including but not limited to Firewalls, IDS/IPS, Active Directory, Microsoft Windows OS, Linux, TCP/IP, and networking
- Experience in cyber security testing
- Experience in planning and executing attack simulations
- Experience in applying standard frameworks to map attacker behaviour
- Experience in threat analysis and security incident response
- Excellent communication skills and the ability to work effectively as part of a team
- Strong leadership demonstrated through coaching or mentoring
Desirable Experience:
- Software Engineering Fundamentals
- Advanced experience in designing and documenting security systems and controls
- Experience in Malware Analysis & development
Please note that desirable criteria will only be assessed in the event of high application numbers or as a tiebreaker.
For further information please see the attached job description.


