HMRC is the UK’s tax, payments and customs authority and we have a vital purpose: we collect the money that pays for the UK’s public services and help families and individuals with targeted financial support.

Digital Support and Innovation (DSI) sits within HMRC’s wider Fraud Investigation Service (FIS) responsible for the department’s civil and criminal investigation work. FIS ensures that HMRC has an effective approach to taking on the most serious tax evasion and fraud.

Working across Law Enforcement and government, DSI provides investigative tools and covert techniques to front-line investigations and works with key partners to develop and provide access to new technology and systems to enable investigators to respond to serious and complex tax evasion and crime.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

We are looking for a cybercrime and digital forensics analyst to join our growing team.

The cybercrime team is a small team of around 25 staff who are specialist technical analysts and investigators. We gather intelligence and investigate online fraud against HMRC. We provide evidence to support criminal investigations and insight to shape the security of HMRC’s online services.

You will work collaboratively as part of the team, assisting in the forensic analysis of seized devices, utilising your technical knowledge to add value to investigate the impact of cyber-crime on HMRC systems and services.

Assisting senior colleagues with the cybercrime aspects of HMRC criminal investigations by collating analysing and explaining a variety of internal and external data sources to support criminal justice outcomes. 

Providing expert witness statements and attending court in support of Criminal investigations as required. 

Assist in the forensic examination of relevant devices, including malware and intrusion analysis. This may include both on site examinations and laboratory-based acquisitions as well. 

Help test new forensic methodologies as required, carry out experiments to validate forensics findings and results. 

Keeping abreast of emerging technologies and methodologies that impact the work of the cybercrime team. 

Assist colleagues acting as a technical consultant assisting operational, policy and software development teams with advice on defensive and detective methods to counter cyber-crime threats. 

Assist in the analysis and manipulation of large complex data sets, devising new methods as required.  

Maintaining knowledge on cybercrime and cyber security through personal development and research. 

Essential Criteria:

​The successful candidate will be able to evidence a number of skills from the following:  

Cyber Crime - Demonstrate experience in a cyber security/incident response field with a sound technical understanding of the current cyber threat landscape, threat intel and opens source relevant to the threat against financial institutions, UK business and criminal tools tactics and techniques.

Computer Forensics skills - Proven ability to perform digital forensic analysis from various devices, platforms and operating systems, both in the lab and field, interpret complex forensic artefacts relevant to cybercrime and being fully compliant with ACPO Principles and quality frameworks (ISO17025).

Data Manipulation - Experience in manipulating and analysing large data sets, utilising basic scripting and/or data visualisation tools.  

Reporting - Proven Experience in authoring technical reports for different stakeholders with varying levels of technical knowledge and where appropriate writing witness statements and presenting findings in court.

Security Vetting - This post requires you to achieve National Security Vetting at Developed Vetting (DV) clearance level and you must be willing to apply for DV vetting if not already held.

Desirable Criteria: 

• Technical experience of one or more: Scripting/Programming; SQL; Malware Analysis; Data Analysis tools – Splunk/Neo4j/Maltego
• Industry recognised certifications e.g SANS GIAC, CompTIA, OSCP, CISSP & Digital Forensic Vendor specific.
• Membership of professional bodies, e.g CIISec or ICDIP.
• Knowledge of relevant UK law enforcement legislation would be helpful (CPIA, PACE, IPA, RIPA, CMA)

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing
• Delivering at Pace

We'll assess you against these technical skills during the selection process:

• Presentation Interview question