Do you want to push yourself, and develop your career?

Have you got a good awareness of modern malware execution methods?

Are you experienced in troubleshooting methodologies?

If you’ve answered yes to these then a career within our Cyber Security team will be the right place for you!  

The Customer Experience & Bridge Operations Centre (CE&BO) comprises of a number of teams focused around monitoring the customer experience for the HMRC IT network including security and incident management. The Security Analyst will work a rotational 12 hour shift pattern, providing 24/7, 365 day Security monitoring and support capability for the CE&BO.

As a Security Analyst some of your responsibilities include:

• Continual real-time monitoring of the HMRC’s Security Platforms.
• Taking ownership of CST’s cases and following CST tickets to full resolution state – in line with CST procedures as well as flagging relevant information to meet CE&BO’s needs.
• React and respond to CE&BO’s trending analysis raised by CE&BO colleagues to identify and eliminate any security issues assisting with findings where possible.
• Listen to CE&BO’s bridge phone conversations and report to overall CST when incidents develop within the CE&BO.
• In an event of a Major Incident take ownership and be first point of contact, creating a knowledge bridge between CE&BO and CST as a whole – CE&BO will have prepared an HPI environment in which various concerned stakeholders and service owners are involved. If this concerns issues associated with CST you are responsible for:
• Provide initial assessment of the situation and collaborate with CE&BO’s team as well as CST in relation to the incident and creation of a CST ticket.
• Attend live calls and provide assistance and collaboration.
• Provide background material if available – and ensure (where sensitive information is identified), seek approval from CST management before disclosure.
• Capture timeline throughout the incident lifespan.
• Real-time updates and application of skillset without delay is essential.
• Ensure the prompt analysis of anomaly detection tools to help identify security breaches, cyber-attacks.
• Triage events and raise incidents tickets for the incident response team to investigate.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Shift Pattern

You will perform your contracted hours on an annualised hours basis, working fixed shift patterns over a 4-week rostering period consisting of days, nights, weekends, and public holidays.

The total number of hours worked over the 4-week rostering period is 148 hours. This is not inclusive of breaks which are unpaid.

If the rostered shift falls on a Bank Holiday, colleagues are expected to work this.

Typically, in 2 out of the 4 weeks, there is a requirement to work 52.75 hours per week, and in the other 2 weeks, a requirement to work 21.25 hours per week. This is subject to change in accordance with business needs.

Current (typical) shift patterns are as follows: 

Week 1

Monday 6:45am – 7pm.
Tuesday, Friday, Saturday, Sunday 7am – 7pm.

Week 2

Wednesday 6:45am – 7pm.
Thursday 7am to 7pm.

Week 3

Monday 6:45pm – 7am.
Tuesday, Friday, Saturday, Sunday 7pm – 7am.

Week 4

Wednesday 6:45pm – 7am.
Thursday 7pm – 7am.

We have 2 positions available in Telford, and 1 in Newcastle.

Travel and overnight stays are rare, but generally are connected to training courses or visiting our other site.

Essential Criteria: 

• Excellent troubleshooting methodologies and root cause analysis skills.
• Awareness and enthusiastic in cyber security developments, current trends, analysis and technically equipped with basic scripting skills.
• A good understanding of modern malware - execution methods, persistence, detection, C2 methods, delivery mechanisms and entry points.
• Understanding of the systems and high-level architecture which underpin corporate IT systems and the techniques deployed to compromise these assets.
• Understanding of network protocols - TCP/IP.

Desirable:

• Previous exposure to SIEM platforms.
• Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.
• Demonstrable understanding of digital forensics, skills, techniques and tools to perform forensics and root cause analysis on enterprise IT systems.
• Certifications Preferred: GSEC, GCED, GCIH, CCNA Security or BSc in Cyber Security/computing related field.
• Proven analytical and investigative skills.
• Effective reporting, presentation skills with the ability to communicate technical issues to non-technical audience and explain the impact of vulnerabilities or threats in business focused language.