£52,598 - £66,712
National: £52,598 - £59,294 London: £59,182 - £66,712
This role can be based in Bristol, Cardiff, London, Leeds, Salford, Newcastle upon Tyne or Telford. We offer a hybrid working model that allows you to work between home and office locations, giving you greater flexibility about where and when you work. Occasional travel to other sites will be required.
Do you have experience in security architecture?
Are you interested in working for an organisation that truly champions a healthy work/life balance?
If so, continue reading to find out more about this fantastic opportunity to join HMRC - one of the largest and most dynamic IT infrastructures in Europe, and we are now one of the most digitally advanced tax authorities in the world.
Whilst we are recruiting for roles across a number of locations (as listed above), a maximum of one can be based in Stratford.
HMRC Security are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually evolve and adapt to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are currently expanding our workforce, our team comprises: experienced Cyber Security Professionals in a range of capabilities, Security Architecture, Risk Assessment and Testing, to help us develop our vision to be a recognised Centre of Excellence.
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you’ll be part of our active and encouraging cyber security community, within HMRC and across government.
As a Senior Cyber Security Professional, you will work collaboratively with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
You will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.
You will support the Lead Security Architect in driving and delivering Enterprise-wide security technology change, engaging at a strategic level.
In addition, you may be encouraged to undertake line/task management responsibilities.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework.
Key Responsibilities will include the following noted below and those detailed in the Candidate Information Pack:
- Create baselines of current security controls, technologies and assist EA lead in developing Reference Architectures for security on all platforms (AWS /Azure/On Prem etc.)
- Contribute to governance authorities including peered architectural review and technical design.
- Contribute to the development of security frameworks such as NIST on the estate including the introduction of requirements and controls based on and traceable to organisational risk appetite.
- Create roadmaps of existing tooling based on security capability, architectural domain, vendor investment tracking, horizon scanning and global emergent change in the threat landscape.
- Define Security Strategic directions including technology and technical capabilities aligned to Architectural principles such as Zero Trust.
- Create design patterns to support solution architects in delivery of security controls.
- Manage stakeholder relationships across the civil service, department, suppliers, vendors, and programmes.
- Work as part of the Cybersecurity Professional Team to deliver on Security Architecture Review and Design, Risk Assessment and Testing as part of a Secure by Design Engagement Lifecycle facilitating change through formal Projects and Programmes.
- Lead engagements with multiple technology groups to ensure Architectures have security embedded into the design whilst meeting evolving business requirements and taking into account scalability, reliability and availability whilst aligning to Strategic Technology Road maps.
Essential Criteria – please see Candidate Information Pack for further essential criteria and more detail:
- Good communication skills working across business and technical domains and managing effective stakeholder relationships through active engagement, clear accountability and expectation setting as well as frequent communication.
- Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.
- Knowledge and experience in using Architectural Methodologies including TOGAF and SABSA.
- Knowledge and experience of Standard Security Frameworks including ISO, NIST, CSA, etc.
- Experience in Development of Outputs including Reference Architectures, Roadmaps, Design Patterns, Technical Standards, Policies and Principles, Guidance and Procedures.
- Experience in Designing Security Controls from Non-Functional Requirement Catalogues and associated Design Patterns, Procedures and Technical Guidance.
- Development of Technical Security Strategy based on business and technical risk encompassing a wide range of technical security capabilities.
- Development of Architectural Technology Strategy encompassing a wide range of technical security capabilities and proficiency in a cross-section of technologies and supporting security processes in at least two of the following domains:
- Identity and Access Management
- Network Security
- Application Security
- Data Security
- Security Operations
- Infrastructure and Endpoint Security
- Continual Security Compliance
- Cloud Security
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
Permanent, Full Time
- Industry Sector Public Sector & Services