HMRC has one of the UK’s largest IT estates ranging from ‘state of the art’ data analytics platforms to complex legacy systems. We are building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.
This is a exiting time to join an organisation that probably doesn’t work how you’d imagine a government organisation would. Our blog tells you a bit more about what we do and how we do it! here
We are undergoing a major transformation programme, which includes a major investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones therefore we are building a team of outstanding people who will create and run these new and improved technology services.
Whether developing new systems or making changes to existing ones, our delivery group works within Agile frameworks to deploy and operate via DevSecOps practices. This role will see you work closely with our development teams to ensure that they design, develop and operate secure services by default.
If you have a passion for IT Security, enjoy collaborating with people and have a good understanding of secure development methodologies, we want you to apply.
DPS prides itself on operating with an open, forward-thinking and hard-working environment in which your ideas will be welcomed and you will get to work with passionate, knowledgeable individuals and teams alongside being enabled to learn new skills, gain valuable experience and grow along with our current digital transformation.
The Data Platform Services Group is building an engineering capability to help run, maintain, and evolve its strategic Data Analytics platforms and services and we see security as a critical enabler to this.
We sit within HMRC’s Chief Digital & Information Group (CDIO) so we’re at the heart of HMRC’s ambitious digital transformation and cutting-edge innovation. The team was set up just over 3 years ago in response to HMRC's desire to take control of building and running its critical data capabilities in complex and multi-sourced environments. This is a fantastic time to get involved and join us on our mission.
We provide cradle to grave services supporting agile project delivery and provides live service support to all analytical services, including HMRC’s next generation data analytics platform. The Delivery Group has grown significantly over the last 24 months from little over a dozen people to nearly 200 people, but the Delivery Group is yet to see its biggest growth in 21/22, driven by a maturing operating model, increased demands for services, and a focus on building internal capability.
You will be expected to:
• Develop strategies, aligned to departmental objectives, to deliver a portfolio of activities which lead to risk reduction outcomes for the organisation.
• Collaborate with team members to ensure they design solutions and services with security controls embedded, specifically engineered to mitigate against security threats by default.
• Build and lead a security community of practice, attracting the right people to champion security in their functional areas.
• Work with developers to review code and ensure Static and Dynamic Application Security Testing (SAST/DAST) capabilities form part of the Software Development Lifecycle (SDLC).
• Support DevOps engineers and the Service Management team to ensure security patches are up to date and/or advise appropriate hardening measures.
Strong interpersonal skills, effective people management and an ability to influence others are key to performing effectively in this role.
Your application should address the following criteria:
• Ability to partner with multiple teams across functional and technical skillsets, removing ambiguity concerning security and risk.
• Experience tackling and solving security challenges in large scale IT organisations
• Experience of assessing, analysing and translating technical security risks into business risks.
• Understanding of Security/Enterprise Architectures (i.e. data transformation, storage & processing, virtualisation, containerisation and cloud technologies)
• Experience Threat Modelling systems with developers, engineers, architects and others and advising on controls to design out identified risks.
• Understanding the phases of the Software Development Lifecycle and how to build security into products and applications at every step of the process.
• Either hold or be willing to work towards recognised qualifications and experience on par with:
- Senior/Lead CESG/NCSC Certified Professional Schemes (CCP) or;
- Experience performing vulnerability discovery activities (scanning) with common tool sets and producing post scan reports.