Cyber Incident Operations Manager

Details
-----------

Reference number

464496

Salary

£45,544 \- £49,523
The role attracts a Labour Market Supplement (LMS) of £10,000 and is payable to suitably qualified and experienced candidates, although if these are not met there will be opportunity to work towards it as part of the annual personal development plan (PDP).
A Civil Service Pension with an employer contribution of 28\.97%
GBP

Job grade

Senior Executive Officer### Contract type

Permanent### Business area

HMRC \- CDIO \- HMRC Security \- Core### Type of role

Security### Working pattern

Flexible working, Full\-time, Job share, Part\-time### Number of jobs available

1
Contents
------------

• Location


• About the job


• Benefits


• Things you need to know


• Apply and further information

Location
------------

Leeds, TelfordAbout the job
-----------------

Job summary

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

Cyber Security provides vital protection for digital assets that provide essential services to the public. This role is essential for the investigation and review of our systems and data to identify security weaknesses, provide recommendations to improve our security posture and to drive delivery of those improvements.

This outcome of the role is to methodically identify and reduce threats to the HMRC estate using the technical countermeasures we have available. Ensuring our cyber security controls are effective and fit for purpose with accurate configuration and security posture. As well as continuously identifying new technical controls to answer risks.

Job description

You’ll work in our Incident Management Team, an exciting and fast paced group responsible for monitoring and responding to Cyber threats. You will lead a team of 6 specialists, providing support and guidance on technical issues whilst remaining cool under pressure.

You will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem\-solving skills.

We would like to hear from applicants with the following cyber security operations skills:

Triaging and investigating security alerts from multiple systems.

• Managing the response to cybersecurity incidents and related investigations, following the incident response lifecycle, to a timely and effective resolution.


• Developing alerts and use cases against very large data sets over some of the latest technology.


• Malware Analysis: ability to perform static and dynamic malware analysis to understand the nature of malware.


• Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.


• Serve as a subject matter expert on cyber security frameworks, including NIST, MITRE ATT\&CK, and the Cyber Kill Chain.


• * Computer Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.

Person specification

You will be curious and inquisitive by nature, a person who enjoys getting to the root cause of issues, especially around threats to our network.

You are a team player who enjoys working collaboratively with colleagues across teams and business areas, including suppliers.

You will have proven analytical skills, using data and information in various formats. You will have good report writing and presentation skills.

Essential Criteria

Knowledge of threat landscape, their TTPs and IoCs.

• A good understanding of operating systems including Windows and Unix and Network principles.


• A good understanding of Cloud Architecture and components.


• Experience of working in a SOC as part of an incident response function.


• * You will hold at least one of the qualifications or experience of one of the following listed in the Qualifications section.

Desirable Criteria

EDR and other Microsoft monitoring systems

• Mitre/NIST Frameworks


• * Good Understanding of Threat Hunting TTP’s

Transitional Sites Information

If your location preference is for the following site, it’s important to note that this is not long\-term site for HMRC and we will require you to move to a new building in the future, subject to our location strategy and the applicable employee policies at that time.

For more information on where you might be working, review this information on our locations

This site is:

• Telford Plaza, Telford \- moving to Parkside Court, Telford

You will be given more information about what this means at the job offer stage.

Leeds Locations

Moves Adjustment Payment will be available for this role, provided the successful applicant is a current HMRC colleague in Bradford and meets the eligibility requirements outlined in the HMRC’s Moves Adjustment Payment guidance.

Qualifications

At least one of the following:

•

SANS certification.

•

Experience using common security technologies such SIEM, EDR, IDPS, Network Security Analysis.

•

Degree in Cyber Security or similar IT field### Behaviours

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

• You will be asked technical skills questions related to Cyber Security.

Benefits
------------

Alongside your salary of £45,544, HM Revenue and Customs contributes £13,194 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

• Pension\- We make contributions to our colleagues’ Alpha pension equal to at least 28\.97% of their salary.


• Family friendly policies.


• Personal support.


• Coaching and development.

To find out more about HMRC benefits and find out what it’s really like to work for HMRChear from our insiders or visit Thinking of joining the Civil Service.

Things you need to know
---------------------------

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.### Selection process details

This vacancy is using Success Profiles , and will assess your Behaviours, Strengths, Experience and Technical skills.How to Apply

As part of the application process, you will be asked to provide the following:

A name\-blind CV including your job history and previous experiences. Your CV should cover up to your last 5 roles, detailing your responsibilities and key achievements (max 100 words per role).

• * A 500\-word Personal Statement. Your Personal Statement should clearly demonstrate how your skills and experience meet the essential criteria and person specification.

Please evidence any Desirable Criteria where applicable (up to 250 words max). This is not essential for the role but may be considered by the vacancy holder where candidates have the same score at interview.

Further details around what this will entail are listed on the application form.

Sift

In the event of a large number of applications being received, an initial sift may be held on Your Personal Statement.

At full sift your CV and your Personal Statement will be assessed, with the successful candidates being invited to interview.

We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview

During the panel interview, your behaviours, strengths and technical skills will be assessed, to determine your suitability for the role, as well as to explore what you enjoy, and what motivates you.

You will be asked technical skills questions related to Cyber Security.

This is an example of a strengths\-based question:

“It is often said that the customer's needs should come first. To what extent do you agree or disagree with this statement?”

There is no expectation or requirement for you to prepare for the strengths\-based questions in advance of the interview, though you may find it helpful to spend some time reflecting on what you enjoy doing and what you do well.

Interviews will take place via video link. Sift and interview dates to be confirmed.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. Mistakes sometimes happen but if you contact us later than two working days (Monday\-Friday) before the vacancy closes, we may not be able to reopen your application for you. If you do make a mistake with your eligibility form, o

This listing is from indeed. View original listing ↗