Cyber Security Professional Practitioner

Newcastle, Bristol, Cardiff, Salford, Telford, Leeds
£41,782 - £44,932 + benefits
10 Aug 2022
23 Aug 2022
Job Type
Cyber Security
Contract Type

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

At HMRC, we are already one of the most digital advanced tax authorities in the world and have one of the largest IT infrastructures and data sources in the UK. With 50 million customers to serve, over 60 thousand colleagues to support, and 600 billion to collect to fund UK Plc, our IT operation is huge. Operating on a stage this big would faze many, and it is not for everyone. But, for those who are up to the challenge, we offer unique and unparalleled opportunities to work with some of the latest technologies and make a real, lasting difference.

We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.

Now is a great time to join us as we establish a team of outstanding people in the field of Enterprise and Security Architecture, Risk Management and Testing, who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.

Job description

The Team

HMRC Security are part of HMRC's Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.

We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

We continually evolve and adapt to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs

We are currently expanding our workforce, our team comprises: experienced Cyber Security Professionals in a range of capabilities, Security Architecture, Risk Assessment and Testing, to help us develop our vision to be a recognised Centre of Excellence.

See what it's like to work at HMRC: Framework


  • Deliver the range of HMRC and CSTS technical cyber security services, while supporting our security lifecycle.
  • Stakeholder management for major projects ensuring the CSTS work commitment required is delivered to time and quality.
  • Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security & risk requirements.
  • Act as escalation point to deal with technical security related incidents.
  • Collaborate with Governance Risk and Compliance team to manage and handle CSTS-identified cyber security risks.
  • Identify, raise and escalate technical cyber risks for the business, supporting and advising on risk mitigation.
  • Determine skills and resources needed and secure these in collaboration with our Operations Management Team.
  • Scope technical security testing (including penetration testing) with project teams, interpreting and impacting outputs.
  • Provide Vulnerability management and continual security compliance expertise across On premise and cloud-based solutions.
  • Research, identify, validate and embrace new technologies and methodologies.
  • Champion consistency across the business in support of our one team ethos.
  • Represent our technical business during project development, delivery and governance.
  • Provide peer reviews and coaching and mentoring as appropriate.

The role may involve line management responsibilities

Essential Criteria

You will have proven knowledge, understanding and experience of:
  • Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation and privacy.
  • Building relationships with stakeholders and communicating technical information to diverse audiences.
  • Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
  • Internal team engagement, working collaboratively, sharing knowledge, advising and training colleagues.
  • Developing and delivering change and successful delivery of technical security aspects of projects.
  • How technical security is applied in real life environments.

Ideally you will also have working knowledge of:
  • Fixed time variable scope projects.
  • Working in an Agile/DevOps environment.
  • Overseeing & delivering technical security & risk management, while demonstrating professional credibility and behaviours.
  • Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
  • Security architectures, design, and best practices.
  • Security testing, Vulnerability Management and Continual Security Compliance.
  • Infrastructure, Operating systems, networking architectures.
  • Application and Data Security tools including concepts of Dev (Sec)Ops.
  • Identity and access management.
  • Cloud Security & Risk.
  • Appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and 10008.
  • NIST CSF and associated publications including Security Controls, Risk Management and Zero Trust Architecture.
  • Cryptography, including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
  • Pen test approaches and skills with experience of test scoping and report interpretation.

Desirable Qualifications:

It is desirable that candidates have one or more of the following qualifications

• Certified Information Systems Security Professional (CISSP).

• Certified Cloud Security Professional (CCSP).

• Certified Information Systems Manager (CISM).

• CESG Certified Professional (CCP).

• Member of Chartered Institute of Information Security (CIISec).

• AWS Security Specialist.

• Microsoft Certified Azure Security Engineer Associate.

Technical skills

We'll assess you against these technical skills during the selection process:
  • Technical Aptitude


  • Access to learning and development tailored to your role

  • A working environment that supports a range of flexible working options

  • A working culture which encourages inclusion and diversity

  • 22 days leave (pro rata for part time staff), which increases to 25 after a year's service and 30 days after 10 years service.

A Civil Service pension with an average employer contribution of 27%

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.