Telephony Fraud Specialist

Job Title: Telephony Fraud Specialist

Location: Hybrid
Duration: 6 Months
Start Date: ASAP
Rate: Competitive (Inside IR35)

We want to maximise the potential of everyone who chooses to work for us. We offer a great work life balance. You have the opportunity to work at any of our brand-new Regional Centres and to also work remotely. Contracts vary in length dependent upon the project with the possibility to extend.

Your time spent with us short or long term will be invaluable - your skills and expertise are needed to deliver the largest projects in Government. There really couldn’t be a better time to join HMRC for your new contract opportunity!

Shape the future of fraud prevention at HMRC

Protect HMRC and its customers from telephonybased fraud (e.g., vishing, account takeover via contact centres, number spoofing, deepfake voice attempts), by improving prevention and detection controls across the voice channel, leading triage and investigations, and shaping continuous control improvement in partnership with contact centre operations and security teams. (Telephony threat examples and definitions include vishing and voicespoofing countermeasures.)

Key Responsibilities

• Threat monitoring & triage (voice channel): Identify, assess and triage suspected telephony fraud (vishing, socialengineering, ANI/CLI spoofing, SIMswap vectors, deepfake voice). Use callrisk indicators, network/number validation and antispoofing signals to decide response paths.
• Detection analytics: Use data sources (e.g., telephony platforms, call event logs, SIEM) and techniques (KQL/SQL, Splunk searches) to surface anomalies, patterns and repeat offenders; tune rules and thresholds.
• Case investigation & resolution: Lead investigations from intake to closure, capturing evidence, documenting modus operandi, and recommending targeted mitigations and customerremediation steps.
• Control design & improvement: Propose and help implement preventive and detective controls (e.g., strengthened callerverification flows, voicespoof detection, callrisk scoring, gating of sensitive journeys). Validate effectiveness and iterate.
• Runbook development: Create and maintain playbooks/runbooks for frontline advisers and specialist teams covering intake, verification, escalation, and handoffs (including when not to proceed and how to contain risk).
• Collaboration: Work daily with contactcentre leadership, Security colleagues, and fraud/intelligence partners (e.g., FRG/RIS intake for public fraud reports; FIS/CyberCrime on criminal MO; OE Customer Comms on scripts).
• Incident response: Support security incident management for telephony fraud events, contributing to rapid containment, customer impact assessment and postincident reviews.
• Metrics & insight: Produce clear MI on attack types, volumes, loss avoidance and control efficacy; brief stakeholders and feed lessons into prevention roadmaps.
• Customer & complaints interface: Provide expert input on complex telephonyfraud complaints and redress handling in line with HMRC complaints guidance.
• Policy & compliance: Ensure work complies with HMRC policies (e.g., Security Policy, identity/monitoring policy, recording rulescustomer calls are not to be recorded except where expressly allowed).
• Education & advocacy: Contribute to adviser training content and concise threat briefings to uplift firstline fraud awareness and callerverification discipline.

Essential criteria

1. Telephony fraud expertise. Practical experience preventing, detecting, or investigating voicechannel fraud (e.g., vishing, contactcentre social engineering, number spoofing, SIMswap) and translating MOs into effective controls.
2. Voicesecurity controls. Working knowledge of callerverification models (e.g., voice biometrics), antispoofing/detection signals, and network/number validation; ability to explain their strengths and limitations to nonspecialists.
3. Analytical skills. Proficiency querying and interpreting operational data (e.g., KQL/SQL, Splunk/Log search), turning signals into investigations and control changes; familiarity with SIEM and auditlogging principles.
4. Investigation & case handling. Structuring investigations, capturing evidence and decisions, and progressing cases collaboratively to closure with strong written records.
5. Risk & control mindset. Ability to assess fraud risk vs. customer friction, propose proportionate mitigations, and evidence control effectiveness with MI.
6. Stakeholder engagement. Credible partnering with contact centre leaders, security operations, and fraud/intelligence functions; confident briefings to senior stakeholders during incidents.
7. Policy compliance. Understanding of HMRC security expectations and dataprotection sensitivities in voice contexts, including the prohibition on routine recording of customer calls

Desirable criteria:

• Experience deploying or operating voice biometrics at scale (enrolment/consent journeys, optouts, watchlisting, antispoof “gatekeeper” capabilities).
• Background in a large publicsector or regulated contactcentre environment; knowledge of HMRC contactcentre callerverification learning/materials.
• Recognised fraud/security qualifications (e.g., GCFP Fraud Risk Assessment learning, CFE, CFCS, CISSP/SSCP) and/or experience applying government counterfraud standards.
• Familiarity with threatinformed approaches (killchain/TTP framing) and using these to preempt telephonyenabled account takeover.
• Knowledge or experience of CEDAR

Our Values

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact your designated recruiter to request accommodation.