Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead intelligence strategy to combat identity-based fraud and protect public funds.
- Company: Join HMRC's Fraud Prevention Centre, a leader in tackling fraud with advanced technology.
- Benefits: Competitive salary, professional development, and the chance to make a real impact.
- Why this job: Shape the future of fraud prevention and safeguard millions of taxpayers.
- Qualifications: Experience in threat intelligence operations and strong stakeholder engagement skills.
- Other info: Dynamic role with opportunities for growth and collaboration across security teams.
The predicted salary is between 48000 - 72000 £ per year.
Overview
The Fraud Prevention Centre (FPC) is HMRC's dedicated hub for tackling identity-based fraud at scale, protecting the integrity of the UK's tax system and safeguarding public funds. As part of HMRC Security's Identity team, the FPC combines advanced analytics, intelligence, and cutting-edge technology to identify and disrupt fraudulent activity before it impacts customers.
In this critical role as Threat Intelligence Lead, you will shape and drive our intelligence strategy — providing actionable insights on emerging threats, guiding proactive defence measures, and ensuring HMRC stays ahead of adversaries. Working at the heart of HMRC's digital transformation, you'll collaborate across security teams and the wider organisation to deliver intelligence that underpins trust and resilience in our services.
You will establish and lead a team to maintain a threat intelligence taxonomy grounded in MITRE ATT&CK, mapping adversary TTPs to HMRC-relevant techniques and detection logic to ensure consistency and traceability from intel to action. By structuring intelligence using STIX/TAXII standards and operationalising indicators in MISP, you'll enable rapid enrichment, correlation, and automated distribution of high-fidelity IOCs to the right teams.
Working across the FPC and wider HMRC, you'll enable threat-informed, real-time interventions, integrating threat intelligence platforms with SIEM and orchestration technology. You'll establish feedback loops with the SOC, red/purple teams, and data science functions to validate signal quality, tune detections against ATT&CK techniques, and continuously uplift coverage. Your approach will embed measurable coverage metrics (e.g., ATT&CK heatmaps, detection maturity scores) and ensure intelligence is actionable, timely, and resilient against evolving fraud threats.
Join us to lead intelligence to combat fraud — harness advanced tools, shape strategy, access world-class training, and make a real impact by protecting millions of taxpayers and safeguarding the UK's digital future.
Qualifications
- Oversee and task intelligence collection and analysis from multiple sources (FPC teams, teams across HMRC, open-source, commercial feeds, internal telemetry).
- Lead the acquisition and analysis of cybercrime tools that pose a threat to HMRC services to inform appropriate controls for detection and response.
- Transform raw data into actionable intelligence for proactive threat detection and fraud prevention, mapped to a taxonomy tailored MITRE ATT&CK.
- Work with Engineering to operationalise intelligence through platforms like MISP, ensuring integration with SIEM, SOAR, and detection technologies.
- Manage real-time exploitation of intelligence, enabling automated enrichment and distribution of indicators, supporting proactive analytical teams.
- Produce intelligence reports and contribute data to FPC dashboards for leadership, including threat trends and control effectiveness.
- Provide expert advice on aspects of cybercrime threats and techniques, supporting stakeholders across HMRC through the FPC advisory function.
- Work closely with FPC analysts, incident response, and wider HMRC teams to validate intelligence and improve detection logic.
- Provide training and guidance to drive consistency in intelligence reporting and promote its wider use across HMRC teams, including the application of organisational and wider standards for data handling and intelligence sharing.
- Provide technical leadership to the FPC, championing leading methodologies in cyber threat intelligence practices and their application in a fraud context.
- Deputise on behalf of the Head of Proactive Protection as needed, partnering with peers across the Fraud Prevention Centre.
- Proven experience in threat intelligence operations, including collection, analysis, and dissemination of actionable intelligence.
- Ability to develop and maintain intelligence taxonomies, ensuring consistency and traceability from indicators to detection logic.
- Strong understanding of cyber threat landscapes, adversary tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATT&CK.
- Excellent stakeholder engagement skills, with experience collaborating across security teams and wider business units.
- Knowledge of fraud prevention techniques and how threat intelligence supports proactive defence in large-scale environments.
- Certifications such as GCTI (GIAC Cyber Threat Intelligence), CISM, or equivalent.
- Experience with automation and orchestration for intelligence workflows.
- Understanding of regulatory and compliance requirements relevant to HMRC and UK government security standards.
IDVA Threat Lead in London employer: HM Revenue & Customs
Contact Detail:
HM Revenue & Customs Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land IDVA Threat Lead in London
✨Tip Number 1
Network like a pro! Reach out to current employees at HMRC or in the fraud prevention sector on LinkedIn. Ask them about their experiences and any tips they might have for landing a role like the IDVA Threat Lead.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of MITRE ATT&CK and the latest trends in cyber threats. We recommend creating a cheat sheet with key points to discuss, so you can impress the interviewers with your expertise.
✨Tip Number 3
Showcase your skills through practical examples. Be ready to discuss specific instances where you've transformed raw data into actionable intelligence or led a team in threat analysis. Real-life stories resonate well!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace IDVA Threat Lead in London
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with threat intelligence and fraud prevention. We want to see how your skills align with the specific requirements of the IDVA Threat Lead role.
Showcase Your Achievements: Don’t just list your responsibilities; share your successes! Use concrete examples of how you've transformed data into actionable intelligence or improved detection logic in previous roles. This will help us see the impact you can make.
Be Clear and Concise: When writing your application, keep it straightforward and to the point. We appreciate clarity, so avoid jargon unless it's relevant to the role. Make it easy for us to understand your qualifications and motivations.
Apply Through Our Website: We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at HM Revenue & Customs
✨Know Your MITRE ATT&CK
Familiarise yourself with the MITRE ATT&CK framework and how it applies to HMRC's operations. Be ready to discuss specific adversary tactics, techniques, and procedures (TTPs) relevant to the role, and think about how you would map these to actionable intelligence.
✨Showcase Your Analytical Skills
Prepare to demonstrate your ability to transform raw data into actionable intelligence. Bring examples of past experiences where you've successfully analysed cyber threats and how your insights led to proactive measures in fraud prevention.
✨Engage with Stakeholders
Highlight your experience in collaborating with various teams. Be prepared to discuss how you've engaged with stakeholders across different business units to validate intelligence and improve detection logic, as this is crucial for the role.
✨Stay Updated on Cyber Threats
Keep abreast of the latest trends in cybercrime and fraud prevention techniques. During the interview, reference current events or emerging threats that could impact HMRC, showcasing your proactive approach to threat intelligence.
