Cyber Security Professional Practitioner (Security Testing)
HM Revenue and Customs
Apply before 11:55 pm on Friday 8th November 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.
Visit our YouTube channel to watch the full series and come and discover your potential.
Do you have experience or a Passion for security testing and continual development within this area?
Are you interested in working for an organisation that truly champions a healthy work/life balance?
If so, continue reading to find out more about this fantastic opportunity to join HMRC - one of the largest and most dynamic IT infrastructures in Europe, and we are now one of the most digitally advanced tax authorities in the world.
Now is a great time to join us as we establish a team of outstanding people in the field of Enterprise Security Architecture, Risk Management and Testing, who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.
At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.
We want to maximise the potential of everyone who chooses to work for us, and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.
Diverse perspectives and experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.
Job description
The Team
Our Cyber Security Technical Services (CSTS) multidisciplinary team supports HMRC to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are part of an active and encouraging cyber security community, within HMRC and across government.
The Role
As a Cyber Security Professional Practitioner working within Security Testing, you will play a key role in providing security testing, vulnerability assessment and continual security compliance capabilities in order to secure HMRC’s services and to ensure the best possible technical security risk-based advice is given to our customers.
As part of role you will also contribute to wider CSTS services as required.
You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.
This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens.
Broadly, we would expect the successful candidate to align with the Government Security Professional for Security Testing and Vulnerability Management Framework.
Person specification
Responsibilities
• Engage with internal and external partners to manage and provide appropriate security Testing and assurance to the required standard and in accordance with policy and regulations.
• Scope, conduct, or support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings.
• Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions.
• Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements.
• Act as escalation point to deal with security testing related incidents.
• Research, identify, validate, and embrace new technologies and methodologies.
• Champion consistency across the business in support of our “one team” ethos.
• Support assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines.
• Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner.
• Assist in the development and delivery of Security testing documentation sets.
• Research and assess new threats and security/vulnerability alerts, and recommend remedial actions.
These posts require a minimum of SC Security Clearance and must be prepared to undertake this level of security vetting if not already held.
Please be aware that if the required standard of vetting for the role is not granted, the offer will be removed, and you will be released from the role. This is likely to result in you being placed into the redeployment pool if another suitable position is unavailable. The vetting process can take some months and can be intrusive. Please speak with the vacancy holder if you have any questions regarding the vetting process before you apply.
Essential Criteria
• Understanding and experience of how technical security is applied in real life environments, technical security controls, threats and vulnerabilities (incl. threat vectors) and current IT and security best practice approaches.
• Using vulnerability management/scanning tooling, compiling reports and conducting regular scanning and assessment activities.
• Related Industry accreditations such as CREST, Offensive Security, SANS/GIAC or equivalent recognised qualifications with relevant IT Security experience.
• Experience at managing and/or conducting a wide range of testing in different environments with different complexity.
• Passion for security testing and continual development within this area.
• Ability to build relationships with stakeholders and communicating technical information to diverse audiences.
Desirable Criteria
You will have knowledge, understanding and/or experience of:
• Understanding of penetration testing tools and techniques.
• Compiling Security testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.
• Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation and privacy.
• Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
• Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues.
• Developing and delivering change and successful delivery of technical security aspects of projects.
• IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures.
• A good understanding of threats and threat vectors.
Technical skills
We'll assess you against these technical skills during the selection process:
- Technical scenario
- Technical questions
Benefits
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
- Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
- Family friendly policies.
- Personal support.
- Coaching and development.
To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service.
Things you need to know
Selection process details
How to Apply
As part of the application process, you will be asked to provide the following:
- A name-blind CV including your job history, previous experiences and achievements. Please ensure you have provided reasons for any significant gaps in employment history within the last two years.
- A 500-word Personal Statement providing examples of how you consider your technical and personal skills, qualities and experience define your suitability for the role. It is crucial that you provide particular reference to the Essential Criteria (technical and personal skills) that are set out in the advert.
Please note that the Personal Statement is an important part of your application and is as much the means by which you will be assessed as your CV.
You will also be asked to provide a statement addressing the Desirable Criteria, if applicable, which will not be sifted on but may be used in the event of a tie-break.
Further details around what this will entail are listed on the application form.
Sift
At full sift your CV and your Personal Statement will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, candidates will be asked to respond to a suggested cyber security scenario and security testing technical questions.
Interviews will take place via video link. Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake, please contact us via:
unitybusinessservicesrecruitmentresults@hmrc.gov.uk – Use the subject line to insert appropriate wording for example – ‘Please re-open my application – 375140 & vacancy closing date [insert date]’
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.
Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.
Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.
Merit List
After interview, merit lists will be created for each location advertised within the vacancy. If you are successful at interview, you will be placed on the merit list for any locations you have expressed an interest for. Appointments from each merit list will be made in strict merit order.
Reasonable Adjustments
We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.
If you need a change to be made so that you can make your application, you should:
- Contact the UBS Recruitment Team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.
Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
Additional Security Information
Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.
Important information for existing HMRC contractual homeworkers
This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need. Please consider the advertised office locations for this role when applying and only select locations from the ‘location preferences’ section that you can travel to.
Terms and Conditions
Current Civil Servants (all contract types) will need to ensure that they are still employed as a Civil Servant on or beyond the start date for the post. If their contract ends (for example due to the end of Fixed Term Appointment contract or resignation) at any point during the application process for the advertised role, they will no longer be eligible and may be withdrawn.
Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.
HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.
Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.
Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.
Questions relating to an individual application must be emailed as detailed later in this advert.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Mark Foulkes
- Email : mark.foulkes1@hmrc.gov.uk
Recruitment team
- Email : unitybusinessservicesrecruitmentresults@hmrc.gov.uk
Further information
In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.
