Cyber Security Professional Practitioner
Cyber Security Professional Practitioner
- Closing on: Apr 9 2025
- £44,110 - £47,664
The Team
HMRC Security are part of HMRC's Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually evolve and adapt to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are currently expanding our workforce, our team comprises: experienced Cyber Security Professionals in a range of capabilities, Security Architecture, Risk Assessment and Testing, to help us develop our vision to be a recognised Centre of Excellence.
The Role
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you'll be part of our active and encouraging cyber security community, within HMRC and across government.
As a Cyber Security Professional Practitioner, you will play a key role in securing HMRC's services, to ensure the best possible technical security risk and solution architecture-based advice is given to our customers.
You will engage with multiple stakeholders from many other professions (Finance, Commercials, Legal, Operational) to enable the secure delivery of HMRC solutions and services.
You will work collaboratively with key senior business & technical stakeholders, to deliver appropriate, proportional, and relevant risk and solution architecture-based technical security advice and guidance.
This is an exciting time to join us and the chance to work on multiple services that matter and affect the lives of millions of citizens, UK industry and commerce, including Critical (UK) National Infrastructure.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework.
Person specification
Responsibilities
Deliver the range of HMRC and CSTS technical cyber security services, while supporting our security lifecycle.
Stakeholder management for major projects ensuring the CSTS work commitment required is delivered to time and quality, working collaboratively with project managers and programme leads to provide subject matter expertise on a range of security architecture & risk requirements.
Act as escalation point to deal with technical security related incidents.
Collaborate with Enterprise Security Risk and Resilience team to manage and handle CSTS-identified cyber security risks.
Identify, raise, and escalate technical cyber risks for the business, supporting and advising on risk mitigation.
Determine skills and resources needed and secure these in collaboration with our Operations Management Team.
Identify and elaborate Secure by Design requirements and architectural solution.
Scope technical security testing (including penetration testing) with project teams, interpreting and impacting outputs.
Provide Vulnerability management and continual security compliance expertise across On premise and cloud-based solutions.
Research, identify, validate, and embrace new technologies and methodologies.
Champion consistency across the business in support of our "one team" ethos
Represent our technical business during project development, delivery, and governance.
Provide peer reviews and coaching and mentoring as appropriate.
The role may involve line management responsibilities.
Essential Criteria:
You will have proven knowledge, understanding and experience of:
Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation, and privacy.
Building relationships with stakeholders and communicating technical information to diverse audiences.
Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues.
Developing and delivering change and successful delivery of technical security aspects of projects.
How technical security and security Governance is applied in real life environments.
Desirable Criteria:
Ideally you will also have a working knowledge of:
Working in a Digital/IT environment.
Overseeing & delivering technical security & risk management, while demonstrating professional credibility and behaviours.
Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
Security architectures, design, and best practices.
Security testing, Vulnerability Management and Continual Security Compliance
Infrastructure, Operating systems, networking architectures.
Application and Data Security tools including concepts of Dev (Sec)Ops.
Identity and access management.
Cloud Security & Risk.
Appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and 10008.
NIST CSF and associated publications including Security Controls, Risk Management and "Zero Trust" Architecture.
Cryptography, including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses, and mitigations.
Pen test approaches and skills with experience of test scoping and report interpretation.
It is desirable that candidates have one or more of the following qualifications:
Certified Information Security Management Principles CISMP.
Introduction to cyber security: stay safe online.
AWS Cloud Essentials.
Microsoft Certified: Azure Fundamentals.
Benefits
Alongside your salary of £44,110, HM Revenue and Customs contributes £12,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
Things you need to know
Selection process details
How to Apply
As part of the application process, you will be asked to provide the following:
Further details around what this will entail are listed on the application form.
We acknowledge that AI can assist you in your application. Find our guidelines here.
Sift
At sift your CV, and your Personal Statement, will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, your experience will be assessed.
Interviews will take place via video link. Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk - Use the subject line to insert appropriate wording for example - 'Please re-open my application - 398289 & vacancy closing date 09/04/2025'.
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application .
Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles - if this applies to you, we'll let you know via your Civil Service Jobs account.
Merit List
After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.
Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.
Reasonable Adjustments
We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.
If you need a change to be made so that you can make your application, you should:
Additional Security Information
Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.
Important information for existing HMRC contractual homeworkers:
Please note that this role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.
Terms and Conditions
Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.
HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations .
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.
Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.
Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.
Questions relating to an individual application must be emailed as detailed later in this advert.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
New entrants will join on the minimum of the pay band.
Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.
If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window) .
See our vetting charter (opens in a new window) .
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .
Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job contact :
Appointment to the Civil Service is governed by the Civil Service Commission's Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles.
In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.
Attachments
Combined TC and OGD Pay - English Opens in new window (docx, 132kB)
HMRC Security are part of HMRC's Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe.
We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.
We continually evolve and adapt to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.
We are currently expanding our workforce, our team comprises: experienced Cyber Security Professionals in a range of capabilities, Security Architecture, Risk Assessment and Testing, to help us develop our vision to be a recognised Centre of Excellence.
The Role
Working in a multidisciplinary team in Cyber Security Technical Services (CSTS), you'll be part of our active and encouraging cyber security community, within HMRC and across government.
As a Cyber Security Professional Practitioner, you will play a key role in securing HMRC's services, to ensure the best possible technical security risk and solution architecture-based advice is given to our customers.
You will engage with multiple stakeholders from many other professions (Finance, Commercials, Legal, Operational) to enable the secure delivery of HMRC solutions and services.
You will work collaboratively with key senior business & technical stakeholders, to deliver appropriate, proportional, and relevant risk and solution architecture-based technical security advice and guidance.
This is an exciting time to join us and the chance to work on multiple services that matter and affect the lives of millions of citizens, UK industry and commerce, including Critical (UK) National Infrastructure.
Broadly, we would expect the successful candidate to align with the Government Security Professional Framework.
Person specification
Responsibilities
Deliver the range of HMRC and CSTS technical cyber security services, while supporting our security lifecycle.
Stakeholder management for major projects ensuring the CSTS work commitment required is delivered to time and quality, working collaboratively with project managers and programme leads to provide subject matter expertise on a range of security architecture & risk requirements.
Act as escalation point to deal with technical security related incidents.
Collaborate with Enterprise Security Risk and Resilience team to manage and handle CSTS-identified cyber security risks.
Identify, raise, and escalate technical cyber risks for the business, supporting and advising on risk mitigation.
Determine skills and resources needed and secure these in collaboration with our Operations Management Team.
Identify and elaborate Secure by Design requirements and architectural solution.
Scope technical security testing (including penetration testing) with project teams, interpreting and impacting outputs.
Provide Vulnerability management and continual security compliance expertise across On premise and cloud-based solutions.
Research, identify, validate, and embrace new technologies and methodologies.
Champion consistency across the business in support of our "one team" ethos
Represent our technical business during project development, delivery, and governance.
Provide peer reviews and coaching and mentoring as appropriate.
The role may involve line management responsibilities.
Essential Criteria:
You will have proven knowledge, understanding and experience of:
Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation, and privacy.
Building relationships with stakeholders and communicating technical information to diverse audiences.
Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues.
Developing and delivering change and successful delivery of technical security aspects of projects.
How technical security and security Governance is applied in real life environments.
Desirable Criteria:
Ideally you will also have a working knowledge of:
Working in a Digital/IT environment.
Overseeing & delivering technical security & risk management, while demonstrating professional credibility and behaviours.
Multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
Security architectures, design, and best practices.
Security testing, Vulnerability Management and Continual Security Compliance
Infrastructure, Operating systems, networking architectures.
Application and Data Security tools including concepts of Dev (Sec)Ops.
Identity and access management.
Cloud Security & Risk.
Appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and 10008.
NIST CSF and associated publications including Security Controls, Risk Management and "Zero Trust" Architecture.
Cryptography, including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses, and mitigations.
Pen test approaches and skills with experience of test scoping and report interpretation.
It is desirable that candidates have one or more of the following qualifications:
Certified Information Security Management Principles CISMP.
Introduction to cyber security: stay safe online.
AWS Cloud Essentials.
Microsoft Certified: Azure Fundamentals.
Benefits
Alongside your salary of £44,110, HM Revenue and Customs contributes £12,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
- Pension - We make contributions to our colleagues' Alpha pension equal to at least 28.97% of their salary.
- Family friendly policies.
- Personal support.
- Coaching and development.
Things you need to know
Selection process details
How to Apply
As part of the application process, you will be asked to provide the following:
- A name-blind CV including your job history.
- A 1000-word personal statement. Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and person specification outlined in the advert.
Further details around what this will entail are listed on the application form.
We acknowledge that AI can assist you in your application. Find our guidelines here.
Sift
At sift your CV, and your Personal Statement, will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, your experience will be assessed.
Interviews will take place via video link. Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk - Use the subject line to insert appropriate wording for example - 'Please re-open my application - 398289 & vacancy closing date 09/04/2025'.
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application .
Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles - if this applies to you, we'll let you know via your Civil Service Jobs account.
Merit List
After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.
Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.
Reasonable Adjustments
We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.
If you need a change to be made so that you can make your application, you should:
- Contact the UBS Recruitment team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.
Additional Security Information
Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.
Important information for existing HMRC contractual homeworkers:
Please note that this role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.
Terms and Conditions
Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.
HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations .
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.
Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.
Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.
Questions relating to an individual application must be emailed as detailed later in this advert.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
New entrants will join on the minimum of the pay band.
Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.
If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window) .
See our vetting charter (opens in a new window) .
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .
Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job contact :
- Name : Martin Fort
- Email : martin.fort@hmrc.gov.uk
- Email : unitybusinessservicesrecruitmentresults@hmrc.gov.uk
Appointment to the Civil Service is governed by the Civil Service Commission's Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles.
In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.
Attachments
Combined TC and OGD Pay - English Opens in new window (docx, 132kB)
Apply now
Thank you
Subscribe to job alerts
Thank you
Apply Now
Thank you
