Summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

At HMRC, we are already one of the most digitally advanced tax authorities in the world and have one of the largest IT infrastructures and data sources in the UK. With 50 million customers to serve, over 60 thousand colleagues to support, and £600 billion to collect to fund UK PLC, our IT operation is huge. Operating on a stage this big would faze many, and it is not for everyone. But, for those who are up to the challenge, we offer unique and unparalleled opportunities to work with some of the latest technologies and make a real, lasting difference.

We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.

Now is a great time to join us as we establish a team of outstanding people in the field of Enterprise or Security Architecture, Risk Management and Security Testing, who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.

Job description

The Team:

Our Cyber Security Technical Services (CSTS) multidisciplinary team supports HMRC to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.

We are part of an active and encouraging cyber security community, within HMRC and across government.

The Role:

As a Cyber Security Professional Practitioner working within Security Testing, you will play a key role in providing security testing, vulnerability assessment and continual security compliance capabilities in order to secure HMRC's services and to ensure the best possible technical security risk-based advice is given to our customers.

As part of role you will also contribute to wider CSTS services as required.

You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.

This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens.

Broadly, we would expect the successful candidate to align with the Government Security Professional for Security Testing and Vulnerability Management Framework .

Responsibilities

• Engage with internal and external partners to manage and provide appropriate security Testing and assurance to the required standard and in accordance with policy and regulations.
• Scope, conduct, or support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings.
• Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions.
• Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements.
• Act as escalation point to deal with security testing related incidents.
• Research, identify, validate, and embrace new technologies and methodologies.
• Champion consistency across the business in support of our "one team" ethos.
• Support assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines.
• Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner.
• Assist in the development and delivery of Security testing documentation sets.
• Research and assess new threats and security/vulnerability alerts, and recommend remedial actions.

Essential Criteria:

• Good Technical understanding/grounding
• Passion for security testing and continual development within this area

Desirable Criteria:

You will have knowledge, understanding and/or experience of:

• Using vulnerability management/scanning tooling, compiling reports and conducting regular scanning and assessment activities.
• Understanding of penetration testing tools and techniques.
• Experience at managing and/or conducting a wide range of testing in different environments with different complexity.
• Compiling Security testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.
• Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation and privacy.
• Building relationships with stakeholders and communicating technical information to diverse audiences.
• Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
• Internal team engagement, working collaboratively, sharing knowledge, advising and training colleagues.
• Developing and delivering change and successful delivery of technical security aspects of projects.
• How technical security is applied in real life environments.
• Technical security controls, threats and vulnerabilities and current IT and security best practice approaches.
• IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures.
• A good understanding of threats and threat vectors.

Desirable Qualifications:

It is desirable that candidates have one or more of the following related qualifications or are working towards:

• Cloud related certifications.
• Member of relevant professional bodies.
• Relevant security testing qualifications such as CEH, SANS, CREST.
• Linux/Windows related certifications.
• CompTIA.
• Network related certifications.

Technical skills

We'll assess you against these technical skills during the selection process:

• Technical Aptitude

Benefits

• Access to learning and development tailored to your role
• A working environment that supports a range of flexible working options
• A working culture which encourages inclusion and diversity
• A civil service pension
• 22 days leave (pro rata for part time staff), which increases to 25 after a year's service and 30 days after 10 years' service.

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Monday 30th May 2022.