Cyber Incident Operations Manager - Leeds

About the job

Discover a career in your hands at HMRC. Cyber Security provides vital protection for digital assets that provide essential services to the public. This role is essential for the investigation and review of our systems and data to identify security weaknesses, provide recommendations to improve our security posture and to drive delivery of those improvements.

This outcome of the role is to methodically identify and reduce threats to the HMRC estate using the technical countermeasures we have available. Ensuring our cyber security controls are effective and fit for purpose with accurate configuration and security posture. As well as continuously identifying new technical controls to answer risks.

Job description

You'll work in our Incident Management Team, an exciting and fast-paced group responsible for monitoring and responding to Cyber threats. You will lead a team of 6 specialists, providing support and guidance on technical issues whilst remaining cool under pressure.

You will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem-solving skills.

We would like to hear from applicants with the following cyber security operations skills:

• Triaging and investigating security alerts from multiple systems.
• Managing the response to cybersecurity incidents and related investigations, following the incident response lifecycle, to a timely and effective resolution.
• Developing alerts and use cases against very large data sets over some of the latest technology.
• Malware Analysis: ability to perform static and dynamic malware analysis to understand the nature of malware.
• Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.
• Serve as a subject matter expert on cyber security frameworks, including NIST, MITRE ATT&CK, and the Cyber Kill Chain.
• Computer Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.

Person specification

You will be curious and inquisitive by nature, a person who enjoys getting to the root cause of issues, especially around threats to our network. You are a team player who enjoys working collaboratively with colleagues across teams and business areas, including suppliers. You will have proven analytical skills, using data and information in various formats. You will have good report writing and presentation skills.

Essential Criteria

• Knowledge of threat landscape, their TTPs and IoCs.
• A good understanding of operating systems including Windows and Unix and Network principles.
• A good understanding of Cloud Architecture and components.
• Experience of working in a SOC as part of an incident response function.
• You will hold at least one of the qualifications or experience of one of the following listed in the Qualifications section.

Desirable Criteria

• EDR and other Microsoft monitoring systems
• Mitre/NIST Frameworks
• Good Understanding of Threat Hunting TTP's

Qualifications

At least one of the following:

• SANS certification.
• Experience using common security technologies such SIEM, EDR, IDPS, Network Security Analysis.
• Degree in Cyber Security or similar IT field.

Behaviours

We'll assess you against these behaviours during the selection process: Communicating and Influencing.

Technical skills

We'll assess you against these technical skills during the selection process: You will be asked technical skills questions related to Cyber Security.

Benefits

Alongside your salary of 45,544, HM Revenue and Customs contributes 13,194 towards you being a member of the Civil Service Defined Benefit Pension scheme. HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs. We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

Pension- We make contributions to our colleagues' Alpha pension equal to at least 28.97% of their salary. Family friendly policies. Personal support. Coaching and development.

Things you need to know

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours, Strengths, Experience and Technical skills.

How to Apply

As part of the application process, you will be asked to provide the following:

• A name-blind CV including your job history and previous experiences.
• Your CV should cover up to your last 5 roles, detailing your responsibilities and key achievements (max 100 words per role).
• A 500-word Personal Statement.

Your Personal Statement should clearly demonstrate how your skills and experience meet the essential criteria and person specification. Please evidence any Desirable Criteria where applicable (up to 250 words max). This is not essential for the role but may be considered by the vacancy holder where candidates have the same score at interview.

Further details around what this will entail are listed on the application form.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. Mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we may not be able to reopen your application for you.

If you do make a mistake with your eligibility form, or have withdrawn yourself in error and need your application reinstated whilst the campaign is still live, please contact us via email.

HMRC is an office-based organisation, and colleagues are expected to spend 60% of their working time in the office. Our offices provide opportunity for interaction, collaboration which aids learning and development and a sense of community. Where the role allows it, and where the home environment is suitable, colleagues can work from home for up to 2 days a week, averaged over a calendar month.

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should contact the UBS Recruitment team as soon as possible before the closing date to discuss your needs.

Technical Support

If you are experiencing problems that cannot be resolved by our 'help' section, then technical support is available. You will receive a reply in 2 working days.

Additional Security Information

Please note in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy.

Important information for existing HMRC contractual homeworkers

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need.

Terms and Conditions

Current Civil Servants (all contract types) will need to ensure that they are still employed as a Civil Servant on or beyond the start date for the post.

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.