Cyber Proactive Protection Senior Analyst

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

The Fraud Prevention Centre (FPC) in HMRC Security is a growing area, focusing on countering fraud across HMRC services and providing secure Identity and Access Management services for customers. Our mission is to protect our customers and their online accounts from malicious actors, providing a high-quality customer service and support.

Our team is rapidly growing as we invest in new technologies and capabilities, and we are in search of enthusiastic individuals who can help us in achieving our mission.

We are continually improving the service we give to our customers and in line with this we are creating a new response and management team within the HMRC Fraud Prevention Centre., Proactive Protection within HMRC’s Fraud Prevention Centre (FPC) plays a pivotal role in safeguarding customers and the organisation against identity-related fraud and emerging threats. This position supports the vision for proactive fraud prevention, ensuring HMRC remains resilient against evolving tactics through intelligence-led insights and advanced technical controls. Operating at the heart of the FPC’s mission, the role helps to anticipating risks, mitigate vulnerabilities, and deliver on innovative solutions that protect critical services and maintain public trust.

As a senior analyst within the Proactive Protection function, you will play a pivotal role in delivering advanced preventive measures to safeguard HMRC’s digital services. You’ll use your cyber security and data analysis experience to drive the implementation of sophisticated anomaly detection, adaptive risk controls, and seamless integration of threat intelligence, ensuring our defences remain agile and effective. Operating at the heart of a multidisciplinary team stretching across HMRC teams, you will foster a collaborative approach to fraud prevention, embedding robust governance and compliance frameworks throughout our operations. You will champion a culture of continuous improvement, harnessing automation and advanced analytics to enhance detection capabilities and proactively disrupt emerging threats.

This is considered a ‘Reserved Post’ under the Civil Service Nationality Rules and is open to UK nationals only., • Provide day-to-day guidance and mentorship to junior analysts, supporting their development and ensuring high standards of analytical rigour and teamwork across the function. • Conduct digital profiling of suspect interactions, leveraging intelligence, behavioural analytics to drive response activity and develop automated interventions. • Investigate anomalies and suspicious activity, applying intelligence-led approaches to disrupt fraudulent behaviour or influence customer compliance. • Work closely with FPC Threat Intelligence to understand threats and their scope and scale, FPC Engineering to inform controls, and FPC Performance on reporting. • Design and manage risk rules to identify suspicious patterns and behaviours across HMRC’s digital services, partnering with HMRC Compliance & Customer teams, and develop dashboards and automations to provide efficiencies for wider teams. • Partner with wider HMRC compliance teams, including Risk, Intelligence, and Fraud Investigation, to share insights and coordinate fraud disruption strategies. • Integrate threat intelligence and data enrichment services (e.g., email, phone reputation) into detection workflows. • Analyse large-scale datasets using tools like Splunk, applying advanced techniques and developing tools and dashboards to support efficient action by junior analysts. • Work closely with FPC Customer Operations teams to investigate suspicious activity linked to customer reporting and ensure timely resolution. • Support incident management investigations, providing technical expertise and analysis to inform response actions and track them to conclusion. • Drive continuous improvement through automation, intelligence sharing, and feedback loops across FPC and partner teams • Build strong partnerships across FPC and HMRC (including our Customer Compliance teams, tax and customs service leads) and with external bodies to ensure a coordinated approach to fraud prevention. • Support innovation and continuous improvement in fraud prevention techniques, leveraging automation, anomaly detection, and advanced analytics to stay ahead of evolving threats, and ensure a prompt and effective response. • Adjust fraud prevention controls to protect customers effectively while maintaining trust and minimising friction in HMRC services., During the panel interview, your Experience, technical questions and Strengths will be assessed. There is no need to prepare for the technical questions.

This is an example of a strengths-based question:

“It is often said that the customer's needs should come first. To what extent do you agree or disagree with this statement?”

There is no expectation or requirement for you to prepare for the strengths-based questions in advance of the interview, though you may find it helpful to spend some time reflecting on what you enjoy doing and what you do well.

Interviews will take place via video link. Sift and interview dates to be confirmed.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, or have withdrawn yourself in error and need your application reinstated whilst the campaign is still live, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk – Use the subject line to insert appropriate wording for example – ‘Please re-open my application – [insert vacancy ref] & vacancy closing date [insert date]’.

To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.

Reserve List

A reserve list may be held for up to 6 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Hybrid working at HMRC

HMRC is an office-based organisation, and colleagues are expected to spend 60% of their working time in the office. Our offices provide opportunity for interaction, collaboration which aids learning and development and a sense of community. Where the role allows it, and where the home environment is suitable, colleagues can work from home for up to 2 days a week, averaged over a calendar month (or a proportionate amount of time for colleagues who work less than full time).

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate., HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

For more Information for people applying for, or thinking of applying for, roles at HM Revenue and Customs, please see link: Working for HMRC: information for applicants - GOV.UK. Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter . People working with government assets must complete baseline personnel security standard (opens in new window) checks., Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles. In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. Please note that we do not accept complaints or appeals regarding scoring of outcomes of campaigns, unless candidates can provide clear evidence that the campaign did not follow the Recruitment Principles. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.

Do you have experience in Splunk?, • Proven experience in fraud detection, cyber security, or threat intelligence within a large organisation. • Experience using Security Information and Event Management (SIEM) platforms, preferably in a security operations setting, including building data customised dashboards and complex data analysis. • Knowledge of applying kill chain methodology and MITRE ATT&CK, including the use of threat intelligence feeds to classify and detect threat actor activity. • Knowledge of fraud detection techniques, including behavioural analysis and anomaly detection and investigation and OSINT (Open Source Intelligence) methods. • Data analysis skills and experience with large data sets, with proficiency software development and scripting complex queries in analysis environments. • Solid technical understanding of web and API services (e.g. cookies, IP addresses, authentication processes) and threats to those services from cybercrime actors and tools.

Security Information

This role requires the successful candidate to hold or be willing to hold Security Check (SC) clearance. Once in post the successful candidate will be required to hold Developed Vetting (DV) clearance - more information can be obtained from the vacancy holder., * A name-blind CV including your job history and previous experience. Your CV will be scored against the experience required outlined in the advert., Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

Alongside your salary of £45,544, HM Revenue and Customs contributes £13,194 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.