Job Specifications
Leeds, Telford
Job Summary
Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.
Visit our YouTube channel to watch the full series and come and discover your potential.
HMRC is the UK’s tax, payments, and customs authority. Our vital purpose is to collect the money that pays for the UK’s public services and help citizens with targeted financial support. As such, the need to protect and preserve the ability of HMRC to function and serve the public against threats posed by possible cyber-attacks is critical.
Cyber Threat Operations (CTO) is part of the Cyber Security Delivery (CSD) function in HMRC Security. CTO covers a diverse range of responsibilities across the span of anti-phishing, brand abuse management, cyber threat intelligence, data science, and threat hunting.
We are seeking an G7 Cyber Threat Intelligence Lead, who will report to the G6 Head of CTO. The successful candidate will manage three SO Cyber Threat Intelligence Managers and one SO Threat Hunting Manager.
Job Description
As the Cyber Threat Intelligence Lead, on a day-to-day basis you will be overseeing and directing the work of Cyber Threat Intelligence and Threat Hunting which will involve:
Overseeing the delivery of high quality cyber threat analysis at the tactical, operational, and strategic levels, managing all aspects of this including stakeholder requirements, technical collection and investigation methods, and employment of analytical best practice;
Steering, supporting and directing threat hunts on the HMRC estate;
Introducing new tooling, technologies, and processes to continue to mature the team’s capability;
Developing and maintaining threat understanding through subject matter expertise and productive partnerships and networks across wider government departments.
As The Cyber Threat Intelligence Lead, On a Day-to-day Basis You Will Be Overseeing And Directing The Work Of Cyber Threat Intelligence And Threat Hunting Which Will Involve
Overseeing the delivery of high quality cyber threat analysis at the tactical, operational, and strategic levels, managing all aspects of this including stakeholder requirements, technical collection and investigation methods, and employment of analytical best practice;
Steering, supporting and directing threat hunts on the HMRC estate;
Introducing new tooling, technologies, and processes to continue to mature the team’s capability;
Developing and maintaining threat understanding through subject matter expertise and productive partnerships and networks across wider government departments.
Person specification
The Responsibilities For This Role Will Include
Driving the production of intelligence to inform our understanding of the current and future threat landscape for HMRC, its people, and platforms;
Managing and motivating personnel to deliver to the best of their capacity;
Liaising closely with colleagues across other CTO functions to inform threat-focused outputs and joint-working efforts;
Supporting efforts to drive towards increased automation and adoption of AI-enabled capabilities where appropriate;
Forging relationships with other teams in CSD, HMRC Security, and beyond, to further the goals of CTO in protecting HMRC
Essential Criteria
Proven ability to manage and lead teams operating in cyber intelligence and/or threat hunting;
Demonstrated experience in forming and executing strategies aligned with organisational goals;
Excellent communication skills (both written and verbal) across a range of outputs, from longform through to presentations;
Experience of forging and maintaining effective working relationships with internal and external stakeholders;
Ability to work effectively under pressure and direct the progression of multiple tasks simultaneously.
Desirable Criteria
Familiarity with open source (clear, deep, and dark web) investigations and associated tooling such as Cyjax, Flashpoint, Silobreaker etc
Familiarity with threat hunting methodologies
Familiarity with cyber threat intelligence models and frameworks like the Diamond Model, MITRE ATT&CK etc
Familiarity with email security tools and/or SIEM/SOAR tooling like Splunk/Sentinel etc
Relevant cyber or intelligence qualifications such as CCTIM, GCTI etc
Behaviours
We'll assess you against these behaviours during the selection process:
Leadership
Seeing the Big Picture
Managing a Quality Service
Delivering at Pace
Alongside your salary of £56,344, HM Revenue and Customs contributes £16,322 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
Family friendly policies.
Personal support.
Coaching and development.
To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.
How To Apply
As part of the application process, you will be asked to provide the following:
A name-blind CV detailing your work experience to-date, as well as any relevant qualifications.
A 1000-word Personal Statement. Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and Person Specification outlined in the advert.
Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.
Further details around what this will entail are listed on the application form.
We acknowledge that AI can assist you in your application. Find our guidelines here.
Sift
In the event of a large number of applications being received, an initial sift may be held on your CV.
At full sift your CV and your Personal Statement will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, your experience will be assessed and you will...
About the Company
HM Revenue and Customs (HMRC) is the UK’s tax, payments and customs authority.
We collect the money that pays for the UK’s public services and help families and individuals with targeted financial support. We help the honest majority to get their taxes and payments right, and make it hard for the dishonest minority to cheat the system.
We use LinkedIn to post regular updates about HMRC’s work on subjects that will be of interest to the LinkedIn community, for instance business tax and advice on running your company, news o...
Know more