HMRC Security are part of HMRC's Chief Digital Information Office (CDIO) and support the department in assessing business and reputational risks in one of the largest IT estates in Europe.

Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSeC) are an integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

Our vision is to be recognised as a centre of expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape.

It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG.

As an Enterprise Security Architect and Principal Cyber Security Professional, you will work in a multidisciplined team in Cyber Security Technical Services (CSTS). You will be part of our active and encouraging Cyber Security and Architecture communities, within HMRC and across government.

You will collaborate and play a leading role with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance. This enables the secure delivery of His Majesty's Government solutions and services. You will engage at a strategic level, influencing policy and setting direction for technical and business change developing the capability through coaching, mentoring and training.

You will have the opportunity to promote consistent security architecture across a multi-billion-pound portfolio of business transformation projects including cross-government work within HMRC. This will include creation, maintenance, communication and evolution of security technology and tooling roadmaps, design patterns and reference architectures that will drive adoption of modern technology meeting HMRC's business driven need towards rationalised strategic platforms.

In addition, you may be encouraged to undertake line management responsibilities developing and managing a team.

You may be expected to own and develop CSTS capabilities and/or services.

Person specification

Ideal candidate:

• A business and technology leader in the strategic selection, development and delivery of technical security controls and services.
• Focused expertise to develop and lead within one or many security technology domains aligning capability to security tooling.
• Key stakeholder management experience across senior business and technical environments including vendors, partners and other government departments.
• Able to demonstrate a proven history of delivering high value outcomes in challenging and complex environments.
• You will be confident in your ability to engage within the UK security and architecture community and hold the technical credibility to represent our business at a range of engagements sharing a point of view and direction.
• Always clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve great results.
• Willing to champion consistency across our business in support of our "one team" ethos, you will be happy to provide technical reviews, develop individuals and contribute to the development of protective security practices.
• Constant and never-ending individual improvement adding value in all engagements.

Responsibilities:

• You will be responsible for leading, influencing and developing domains within the Security Technology and Tooling Strategy for the organisation. Your visionary leadership will not only shape the security landscape within HMRC but also set a benchmark for best practices across the UK Government landscape.
• You will drive transformative change, leveraging cutting-edge technologies and innovative tools to fortify our defences. Your influence will extend beyond our walls, inspiring a culture of excellence and resilience in cybersecurity throughout the public sector.
• Strategic Direction Setting: Define and steer enterprise security strategies, ensuring alignment with Zero Trust principles and architectural standards.
• Technology Leadership: Lead the creation and implementation of security and architectural principles, technology strategies, and tooling plans, addressing business risks and supporting policy development.
• Technical Expertise Building: Cultivate the technical security and enterprise architecture capabilities of the CSTS and Cyber GSeC teams, driving a robust learning and development strategy.
• Effective Communication: Recognize and articulate the impact of security measures on users and business needs, providing clear, actionable advice to inform decision-making and address partner concerns.
• Methodology and Framework Enhancement: Contribute to the development and refinement of enterprise security architecture methodologies, such as TOGAF and SABSA and Framework adoption such as those in NIST 2.0.
• Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders.
• Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective security controls.
• You will support the Head of Capability in driving and delivering Enterprise-wide security technology change, engaging at a strategic level and working through the lifecycle to governing the technical implementation of security services and solutions.
• Collaborative Expertise and Cyber Service Delivery: Work collaboratively with HMG security teams to offer subject matter expertise on security and risk requirements and lead the delivery of cyber services from the service catalogue and withing the Secure by Design Lifecycle.
• Innovation and Adoption: Research, validate, and adopt new technologies and methodologies, contributing to the organization's broader security technology strategy.
• Governance, Mentorship, and Stakeholder Management: Represent the organization at governance boards, provide peer reviews and mentoring, and build strong relationships with stakeholders across the civil service, departments, suppliers, vendors, and programs.

Essential Criteria:

You will have significant experience or knowledge as follows:

• Communication Skills: Proficient in managing stakeholder relationships across business and technical domains through active engagement and clear communication.
• Security Knowledge: Deep understanding of security and privacy risks, including confidentiality, availability, integrity, non-repudiation, and privacy.
• Architectural Methodologies: Experienced with TOGAF and SABSA.
• Security Frameworks: Knowledgeable in standard security frameworks.
• Output Development: Skilled in creating reference architectures, roadmaps, design patterns, technical standards, policies, principles, guidance, and procedures.
• Security Controls Design: Experienced in designing security controls from non-functional requirement catalogues and associated design patterns, procedures, and technical guidance.
• Technical Security Strategy: Capable of developing technical security strategies based on business and technical risks.
• Technical Proficiency: Proficient in technologies and security processes across at least two architectural domains.
• Real-World Application: Experienced in applying technical security in real-life environments and delivering security aspects of major projects.
• Team Engagement and Leadership: Effective in engaging teams, sharing knowledge, guiding, and training colleagues, and managing change.
• Proficiency in at least one or many of the following cross-section of technologies and supporting security processes towards the application of technical security in real life environments:
• Identity and Access Management Capabilities and Solutions.
• Infrastructure Security including Endpoints, Operating Systems, Network Security architectures, technologies and the OSI Model.
• Knowledge of Application and Data Security Solutions and modern practices of deployment.
  Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Knowledge and Experience of Modernised Security Operations Centre including Attack Surface Management.
• Cloud Security & Risk applied to all service and deployment ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0.

Technical Security within one or many of the following domains:

• Identity and Access Management: Expertise in PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models, AzureAD, MIM, FIM, and modern authentication protocols (SAML, OIDC).
• Network Security: Proficient in designing segmentation, securing WLAN, LAN, WAN, SDWAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust.
• Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security.
• Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities.
• Cyber Security Operations: Proficient in incident response, vulnerability management, SIEM, SOAR, threat modeling, threat hunting, intelligence, data analytics, and anti-phishing methodologies.
• Infrastructure and Endpoint Security: Experience with endpoint security control technologies (EDR, EPP, UEBA, baseline configurations) including the Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, and DAAS.
• Cloud Security: Expertise in developing reference architectures for cross-hybrid cloud platforms (AWS, Azure - IaaS, PaaS, SaaS, FaaS) and new platform tools like CASB, CSPM, CWPP, and containerization security.

Desirable Qualifications:

• CCSP (Certified Cloud Security Professional).
• CISSP (Certified Information Systems Security Professional).
• CRISC (Certified in Risk and Information Systems Control).
• Microsoft Cybersecurity Expert incl. M365 Security, Azure Security, Identity & Access Management and Security Operations.
• AWS Security.
• NIST Cybersecurity Professional (NCSP) Practitioner.
• ISO27001.
• Vendor Qualifications - Cisco, VMware, Fortinet, Checkpoint etc.
• Chartered membership in professional security bodies.

Additional Information

Candidates must hold or be willing to obtain a minimum of SC Clearance, as this is a requirement of the role.

Benefits

Alongside your salary of £68,966, HM Revenue and Customs contributes £19,979 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension - We make contributions to our colleagues' Alpha pension equal to at least 28.97% of their salary.
• Family friendly policies.
• Personal support.
• Coaching and development.

To find out more about HMRC benefits and find out what it's really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil

Things you need to know

Selection process details

How to Apply

As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history to demonstrate your last 3 roles, previous skills and experiences relating to your technical security, key responsibilities and achievements. Please demonstrate your proven experience in line with the Essential Criteria.
• A 1000-word personal statement summarising how your experience demonstrates the Essential Criteria and Person Specification.

Further details around what this will entail are listed on the application form.

We acknowledge that AI can assist you in your application. Find our guidelines here.

Sift

In the event of a large number of applications being received, an initial sift may be held on your CV.

At full sift your CV and Personal Statement will be assessed, with the successful candidates being invited to interview.

Interviews will take place virtually. Sift and interview dates to be confirmed.

We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview

During the panel interview,you will be assessed on experience-based and technical skill-based questions. Both will be scenario based to test your aptitude on technical security knowledge and qualifciations held. Details of this technical skill scenario will be given prior to the Interview if you reach this stage.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk - Use the subject line to insert appropriate wording for example - 'Please re-open my application - 405238 & vacancy closing date 30/05/2025.

To check that you are eligible to apply for this role, please review the eligibility information before submitting your application .

Reserve List

A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles - if this applies to you, we'll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should:

• Contact the UBS Recruitment team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the "Assistance required" section in the "Additional requirements" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a Language Service Professional.

Additional Security Information

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

Important information for existing HMRC contractual homeworkers:

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need. Please consider the advertised office locations for this role when applying and only select locations from the 'location preferences' section that you can travel to.

Additional Information

We are looking into ways to enhance the applicant experience.

As part of our legitimate interests, we are testing the use of new technologies such as automation and/or Artificial Intelligence in the assessment for CV, personal statement and behaviour statement.

Please note that for this specific vacancy, this testing may run in parallel with our standard assessment process and will not influence or determine the outcome of your application in any way. You can read the Civil Service Jobs and HMRC Privacy Notices for more information about our lawful basis for processing your personal data and HMRC's use of AI.

If you don't want your data to be used as part of the trial, please send your Application ID and the Vacancy Reference to talentacquisitionaiteam@hmrc.gov.uk

Terms and Conditions

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations .

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window) .

See our vetting charter (opens in a new window) .

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Clive D'Souza
• Email : clive.desouza@hmrc.gov.uk
• Telephone : 03000 587483

Recruitment team

• Email : unitybusinessservicesrecruitmentresults@hmrc.gov.uk

Further information
Appointment to the Civil Service is governed by the Civil Service Commission's Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles.
In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.

Attachments
Terms & Conditions July 2024 Opens in new window (pdf, 254kB)