Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead a team to investigate and respond to cyber security incidents.
- Company: Join HMRC, a vital organisation protecting public digital assets.
- Benefits: Enjoy competitive pay, potential remote work, and professional development opportunities.
- Why this job: Be part of a fast-paced team making a real impact on national security.
- Qualifications: Must have cybersecurity experience and relevant certifications like SANS.
- Other info: Ideal for curious minds who thrive under pressure and love problem-solving.
The predicted salary is between 43200 - 72000 £ per year.
Overview
Join to apply for the Cyber Incident Operations Manager role at HMRC.
This range is provided by HMRC. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Cyber Security provides vital protection for digital assets that provide essential services to the public. This role is essential for the investigation and review of our systems and data to identify security weaknesses, provide recommendations to improve our security posture and to drive delivery of those improvements.
The outcome of the role is to methodically identify and reduce threats to the HMRC estate using the technical countermeasures we have available. Ensuring our cyber security controls are effective and fit for purpose with accurate configuration and security posture. As well as continuously identifying new technical controls to answer risks.
You’ll work in our Incident Management Team, an exciting and fast paced group responsible for monitoring and responding to cyber threats. You will lead a team of 6 specialists, providing support and guidance on technical issues whilst remaining cool under pressure.
You will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem-solving skills.
Responsibilities
- Triaging and investigating security alerts from multiple systems.
- Managing the response to cybersecurity incidents and related investigations, following the incident response lifecycle, to a timely and effective resolution.
- Developing alerts and use cases against very large data sets over some of the latest technology.
- Malware analysis: ability to perform static and dynamic malware analysis to understand the nature of malware.
- Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.
- Serve as a subject matter expert on cyber security frameworks, including NIST, MITRE ATT&CK, and the Cyber Kill Chain.
- Computer forensic analysis: experience using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
Person specification
You will be curious and inquisitive by nature, a person who enjoys getting to the root cause of issues, especially around threats to our network.
You are a team player who enjoys working collaboratively with colleagues across teams and business areas, including suppliers.
You will have proven analytical skills, using data and information in various formats. You will have good report writing and presentation skills.
Qualifications/Knowledge
At least one of the following:
- SANS certification.
- Experience of working in a SOC as part of an incident response function.
- Experience using common security technologies such as SIEM, EDR, IDPS, and Network Security Analysis.
EDR and other Microsoft monitoring systems (MCAS, etc).
Good understanding of Threat Hunting TTPs.
Seniority level
- Mid-Senior level
Employment type
- Full-time
Job function
- Information Technology and Legal
Industries
- Government Administration
Benefits
Labour Market Supplement (LMS) will be paid for suitable qualifications and experience.
#J-18808-Ljbffr
Cyber Incident Operations Manager employer: HMRC
Contact Detail:
HMRC Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Incident Operations Manager
✨Tip Number 1
Familiarise yourself with the latest cybersecurity frameworks like NIST and MITRE ATT&CK. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and understanding of industry standards.
✨Tip Number 2
Showcase your experience with incident response by preparing specific examples of past incidents you've managed. Highlight your role in triaging alerts and leading investigations, as this will illustrate your hands-on experience and leadership skills.
✨Tip Number 3
Network with professionals in the cybersecurity field, especially those who have experience in SOC environments. Engaging with them can provide insights into the role and may even lead to referrals, increasing your chances of landing the job.
✨Tip Number 4
Stay updated on the latest trends and threats in cybersecurity. Being knowledgeable about current events and emerging threats will not only prepare you for potential interview questions but also show your passion for the field.
We think you need these skills to ace Cyber Incident Operations Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in cybersecurity, particularly in incident response and team management. Use specific examples that demonstrate your technical skills and leadership abilities.
Craft a Strong Cover Letter: In your cover letter, express your enthusiasm for the role and the organisation. Mention your understanding of HMRC's mission and how your background aligns with their needs, especially in terms of improving security posture.
Highlight Relevant Certifications: If you have any certifications like SANS or experience with security technologies such as SIEM or EDR, make sure to mention these prominently in your application. They are crucial for this role.
Showcase Problem-Solving Skills: Provide examples in your application that illustrate your analytical skills and ability to resolve complex issues under pressure. This is key for a position that involves managing cybersecurity incidents.
How to prepare for a job interview at HMRC
✨Showcase Your Technical Expertise
Be prepared to discuss your technical background in cybersecurity. Highlight your experience with incident response, malware analysis, and the tools you've used, such as SIEM and EDR systems. This will demonstrate your capability to handle the responsibilities of the role.
✨Demonstrate Leadership Skills
As a Cyber Incident Operations Manager, you'll be leading a team. Share examples of how you've successfully managed teams in high-pressure situations. Discuss your approach to providing support and guidance, and how you foster collaboration among team members.
✨Familiarise Yourself with Cybersecurity Frameworks
Make sure you understand key cybersecurity frameworks like NIST and MITRE ATT&CK. Be ready to explain how these frameworks can be applied in real-world scenarios, particularly in incident response and threat management.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills and analytical thinking. Practice articulating your thought process when triaging security alerts or managing incidents, as this will showcase your ability to think critically under pressure.
