Cyber Security Analyst

The Customer Experience & Bridge Operations Centre (CE&BO) comprises of a number of teams focused around monitoring the customer experience for the HMRC IT network, services, applications, batch processing, security and incident management.

The Security Analyst will work a rotational 12 hour shift pattern, providing 247365 Security monitoring and support capability for the CE&BO.

This role attracts an Annual Attendance Allowance (AAA) payment. This is a 25.35% monthly payment on top of your basic salary. This payment could vary to reflect the specific type and number of unsocial hours you are rostered to work.

You will perform your contracted hours on an annualised hours basis, working fixed shift patterns over a 4-week rostering period consisting of days, nights, weekends, and public holidays.

The total number of hours worked over the 4-week rostering period is 148 hours. This is not inclusive of breaks which are unpaid.

If the rostered shift falls on a Bank Holiday, colleagues are expected to work this.

Typically, in 2 out of the 4 weeks, there is a requirement to work 52.75 hours per week, and in the other 2 weeks, a requirement to work 21.25 hours per week. This is subject to change in accordance with business needs.

Current (typical) shift patterns are as follows:

Week 1

Monday 6:45am – 7pm Tuesday, Friday, Saturday, Sunday 7am – 7pm

Week 2

Wednesday 6:45am – 7pm Thursday 7am to 7pm

Week 3

Monday 6:45pm – 7am Tuesday, Friday, Saturday, Sunday 7pm – 7am

Week 4

Wednesday 6:45pm – 7am Thursday 7pm – 7am

Please note that allowances paid within HMRC are subject to change in accordance with respective policy changes, and the Annual Attendance Allowance is currently under review.

Person specification

• Continual real-time monitoring of the HMRC’s Security Platforms.
• Maintain CE&BO’s Cyber Security Team (CST) monitoring screens and adapt as and when necessary.
• Real-time monitoring of CST’s mailbox, for potential alerts and other Important Information.
• Taking ownership of CST’s cases and following CST tickets to full resolution state – in line with CST procedures as well as flagging relevant information to meet CE&BO’s needs.
• React and respond to CE&BO’s trending analysis raised by CE&BO colleagues to identify and eliminate any security issues assisting with findings where possible.
• Listen to CE&BO’s bridge phone conversations and report to overall CST when incidents develop within the CE&BO – regardless what the issue is.
• Where new issues are identified in the CE&BO, collaborate and assist using cyber security skills where possible.
• In an event of MI (Major Incident) that involves Cyber Security, take ownership and be first point of contact, creating a knowledge bridge between CE&BO and CST as a whole, sharing information in real time to resolve incident to hand efficiently.
• In an event of a Major Incident (MI) – CE&BO will have prepared an MI environment in which various concerned stakeholders and service owners are involved. If this concerns issues associated with CST you are responsible for progressing.
• Provide initial assessment of the situation and collaborate with CE&BO’s team as well as CST in relation to the incident and creation of a CST ticket.
• Attend live calls and provide assistance and collaboration.
• Provide background material if available – and ensure (where sensitive information is identified), seek approval from CST management before disclosure.
• Capture timeline throughout the incident lifespan
• Real-time updates and application of skillset without delay is essential.
• For out of hours, if unable to resolve incident, use the on-call if incident is classified as severe and high risk of breach is identified to critical infrastructure environments., If you have an HMRC online account already, sign straight in using your ID and password. If not, you can prove your identity by answering some questions or providing your photo ID.

You’ll then be able to access the app quickly and easily by signing in using a 6-digit PIN, your fingerprint, or facial recognition.

You can find guidance for technical issues on GOV.UK: Technical support with HMRC online services.

Reserve List

A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Hybrid working at HMRC

HMRC is an office-based organisation, and colleagues are expected to spend 60% of their working time in the office. Our offices provide opportunity for interaction, collaboration which aids learning and development and a sense of community. Where the role allows it, and where the home environment is suitable, colleagues can work from home for up to 2 days a week, averaged over a calendar month (or a proportionate amount of time for colleagues who work less than full time).

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate., HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

For more Information for people applying for, or thinking of applying for, roles at HM Revenue and Customs, please see link: Working for HMRC: information for applicants - GOV.UK. Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter . People working with government assets must complete baseline personnel security standard (opens in new window) checks., * UK nationals

• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Do you have experience in Scripting?, Do you have a Bachelor's degree?, * Excellent troubleshooting methodologies and root cause analysis skills, meticulous attention to detail& proven analytical and investigative skills.

• Awareness and enthusiastic in cyber security developments, current trends, analysis and technically equipped with basic scripting skills.
• A good knowledge of Security Strategies, Policies and Cyber Security Incident Handling
• Understanding of the systems and high level architecture which underpin corporate IT systems and the techniques deployed to compromise these assets.
• Effective reporting, presentation skills with the ability to communicate technical issues to non-technical audience and explain the impact of vulnerabilities or threats in business focused language
• Demonstrated experience using Security Information and Event Management (SIEM) platforms within a security operations environment with the ability to script searches.
• Endpoint Detection and Response (EDR): Proficiency in monitoring, analysing and resolving incidents.
• Previous exposure to Cloud Security Environments i.e. Understanding security in AWS & Azure.
• Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.
• Passion and aptitude for technical Cyber Security work with the motivation to develop and maintain subject matter expertise

Desirable Criteria

• Malware Analysis: Ability to analyse malicious code to understand its impact and behaviour.
• Certifications Preferred: GSEC, GCED, GCIH, CCNA Security or BSc in Cyber Security., Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

Alongside your salary of £31,096, HM Revenue and Customs contributes £9,008 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC. Visit our YouTube channel to watch the full series and come and discover your potential. If you’re looking to challenge yourself and develop, you are looking in the right place. We are the UK's tax, payments and customs authority. We collect taxes and duties from 45 million individuals and 5.2 million businesses, support trade and growth through customs and pay tax credits to 4.6 million household and Child Benefit to 7.5 million families. We have a complex IT estate with a big digital strategy that sees us already handle 1.15 billion transactions a year - 70% of all government transactions. You will have read and heard in the news how getting Cyber Security wrong has the potential to destroy the reputations of organisations. So with such an important role for government and making great progress with online digital services we take Cyber Security seriously. We invest in our people and you’ll work along aside committed people who want to be the best at what they do. You will have access to some of the latest technologies and platforms and be given the space and support to help drive innovation. At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve., Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles. In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. Please note that we do not accept complaints or appeals regarding scoring of outcomes of campaigns, unless candidates can provide clear evidence that the campaign did not follow the Recruitment Principles. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.   You must create an Indeed account before continuing to the company website to apply