Cyber Security, Information and Risk Delivery Group (CSIR) are part of HMRC’s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
Our team comprises a range of cyber professionals, with a breadth of skills across security architecture, risk. assurance, testing and consultancy. We are growing our workforce with experienced Cyber Security Professionals to develop our vision to be a recognised Centre of Excellence.The Role
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you’ll be part of our active and encouraging cyber security community, within HMRC and across government
As a Senior Cyber Security Professional, you will work closely with senior business and technical partners to provide domain expertise on IBM Security Guardium and deliver appropriate risk based technical security advice to enable the secure delivery of HMRC solutions and services.
You will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.Ideal Candidate
You will be able to work in partnership and lead major projects, ensuring the work commitment required is delivered on time and to agreed quality standards.
You will be confident in your ability to engage with the UK security community and hold the technical credibility to represent our business at a range of events sharing a point of view and direction on our ‘secure by design’ ethos.
Willing to champion consistency across our business in support of our “one team” ethos you will be happy to provide technical reviews, develop individuals and contribute to the development of protective security practices.Responsibilities:
• Providing in-depth knowledge of IBM Guardium Database Activity Monitoring (DAM) planning, deployment and operation across multiple O/S and DBs, including the latest Oracle UEK Linux environments.
• Crafting, building, configuring delivering and commissioning a new cross platform Guardium deployment on Virtual and Cloud infrastructures.
• Working with projects to support the transition of critical databases from traditional on-premises environments.
• Support delivery of balanced and efficient risk management decisions, identifying vulnerabilities and resolutions in sophisticated architecture and leading complex penetration test
• Delivering cyber services from our service catalogue, while supporting our security lifecycle.
• Recognising when security measures impact on users or business needs, providing effective advice to inform business decision making, and handle partner concerns.
• Designing and implementing security solutions and associated security testing (Inc. penetration testing) for sophisticated applications or processes.
• Selecting suitable security techniques, tools and test strategies to confirm compliance with security standards and providing suggested remediation actions.
• Researching, identifying, validating and adopting new technologies and methodologies.
You will already have significant knowledge, understanding and experience of:
• Deploying Guardium in multiple environments across different technology platforms, both within the UK and global industries.
• Linux, including Linux kernel and the impact on database activity monitoring.
• Heterogenous database knowledge.
• Using VMWare to manage virtual servers, including Guardium appliances.
• The application of technical security in real life environments.
• Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.Desirable Criteria:
Ideally you will also have validated working knowledge and experience of:
• Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law and GDPR
• Security architectures, operating systems, networking architectures, technologies and the OSI Model.
• Cloud Security & Risk applied to all service models.
• ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
• Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Penetration testing and requirements.
• Security, privacy, risks and threats along with a proven understanding of key considerations such as confidentiality, availability, integrity, non-repudiation and privacy.
• Handling effective relationships with senior partners, suppliers and customers.
• Effective team engagement, sharing knowledge, guiding and training colleagues.
• Communicating effectively to diverse technical and non-technical audiences at all levels.
• Designing and delivering change.
• Crafting and conveying information security and risk management aligned to corporate risk appetite across several enterprises.Professional Qualifications:It is essential you already hold the following qualifications:• IBM Guardium v10 Certified Qualification
It is desirable that candidates have the following qualifications:
• IBM Guardium v11 Certified Qualification
• Certified Information Systems Security Professional
• Certified Cloud Security Professional
• Certified Information Systems Manager
• CESG Certified Professional
• Member of Chartered Institute of Information Security
• Certified Ethical Hacker
• AWS Security Specialist
• Microsoft Certified Azure Security Engineer Associate