Salary for London is -£57,440 - Nationally is - £51,050 + 25% Pension & up to 27 days holiday
(If pay award is agreed, salary will rise to 13% across HMRC + Flexi Time + 2 day home working)
We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.
We are building a team of outstanding people who will create and run these new and improved technology services and now is a great time to join us.
Cyber Security, Information and Risk (CSIR) is part of HMRC’s Chief Digital Information Office (CDIO). We provide support to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
Cyber Security Technical Services (CSTS) is an integral part of CSIR. Our vision is to be a recognised Centre of Excellence working collaboratively to deliver a holistic, customer-centric set of services. We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
Our team comprises of cyber professionals, with a range of experience and skills across security architecture, risk, assurance, testing and consultancy.
We are expanding and looking for Senior Cyber Security Professionals to build and shape the security team in one of the largest IT estates in Europe.
This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across Government
This is a chance to work on services that matter and affect the lives of millions of citizens
As a Senior Cyber Security Professional for Application & Network Testing, you will play a leading role in securing HMRC’s services, to ensure the best possible technical security risk-based advice is given to our customers.
You will sit within a multidisciplinary team in Cyber Security Technical Services (CSTS) and work closely with senior business & technical partners, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
Your role will specifically be around Application and Network Security Testing and you will be expected to engage with internal and external partners to manage and provide appropriate security testing and assurance to the required standard and in accordance with policy and regulations. You will scope, conduct, or procure application security assessments, penetration tests, functional/non-functional security testing and other tests, appropriately recording and sharing any findings.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for Security Penetration Testing
The ideal candidate will be:
• a well-rounded and seasoned Information Security professional with a proven history of delivering high value outcomes in challenging environments.
• flexible to meet business needs and champion consistency across our business in support of our “one team” ethos.
• Committed to continuous improvement, innovation, embracing change and developing others.
• always clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve great results.
The consummate professional in everything you do, you will be willing to learn, seek and value feedback and celebrate success.
Candidates are strongly encouraged to read the attached Candidate Information Sheet, which provides further detail of the key responsibilities of the role.
You will have significant experience or knowledge of:
• Senior partner management and engagement skills with the ability to involve and influence others regardless of grade or position.
• Communicating effectively to technical and non-technical audiences at all levels using excellent written and verbal skills.
• Performing application security testing and network/infrastructure-level penetration testing. including using manual techniques as well as vulnerability testing tools and/or code review tools.
• Compiling penetration testing portfolio/images/test environments and change management.
• Cloud Security & Risk applied to all service models.
• International, UK and Government standards, best practice and guidance in appropriate domains such as Security testing, Secure coding and development.
• Relevant industry accreditations (including at least one that is test related) e.g., CHECK, CREST, OSCP, Tiger Scheme, CISSP or equivalent recognised security testing certifications with significant relevant IT Security experience
Ideally, you will also have one or more of the following:
• A degree in computer security, computer science or equivalent
• Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR
• Applied knowledge of risk & security assurance & audit
• Industry recognised (non - test) security qualification e.g.
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Privacy Professional-Europe (CIPP/E)
• Certified Information Systems Manager (CISM)
• Membership of a security focussed professional body, e.g.
• Chartered member of British Computer Society (MBCS-CITP)
• CESG Certified Professional (CCP)
• Member of Chartered Institute of Information Security (CIISec)
Relevant industry accreditations (including at least one that is test related) e.g., CHECK, CREST, OSCP, Tiger Scheme, CISSP or equivalent recognised security testing certifications with significant relevant IT Security experience
We'll assess you against these technical skills during the selection process:
Follow the link to the application.
As part of the application process, you will be asked to submit a CV and Personal Statement. Read the application on what to focus on.
No Agencies please