Cyber Security Analyst

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.
Visit our YouTube channel to watch the full series and come and discover your potential.
If you’re looking to challenge yourself and develop, you are looking in the right place.
Access to learning and development tailored to your role.
A working culture which encourages inclusion and diversity.
A Civil Service pension.
We are the UK's tax, payments and customs authority. We collect taxes and duties from 45 million individuals and 5.2 million businesses, support trade and growth through customs and pay tax credits to 4.6 million household and Child Benefit to 7.5 million families. We have a complex IT estate with a big digital strategy that sees us already handle 1.15 billion transactions a year - 70% of all government transactions.
You will have read and heard in the news how getting Cyber Security wrong has the potential to destroy the reputations of organisations. So with such an important role for government and making great progress with online digital services we take Cyber Security seriously.
We invest in our people and you’ll work along aside committed people who want to be the best at what they do. You will have access to some of the latest technologies and platforms and be given the space and support to help drive innovation.
At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.
We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.
Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role., The Customer Experience & Bridge Operations Centre (CE&BO) comprises of a number of teams focused around monitoring the customer experience for the HMRC IT network, services, applications, batch processing, security and incident management.
The Security Analyst will work a rotational 12 hour shift pattern, providing 24/7/365 Security monitoring and support capability for the CE&BO
Labour Market Supplement (LMS) is payable to suitably qualified candidates, although if these are not met there will be opportunity to work towards it as part of the annual personal development plan (PDP)
Shift Breakdown
You will be joining a team that provides round-the-clock cover and service, 24 hours per day, 7 days per week, 365 days per year.
This role attracts an Annual Attendance Allowance (AAA) payment. This is a 25.35% monthly payment on top of your basic salary. This payment could vary to reflect the specific type and number of unsocial hours you are rostered to work.
You will perform your contracted hours on an annualised hours basis, working fixed shift patterns over a 4-week rostering period consisting of days, nights, weekends, and public holidays.
The total number of hours worked over the 4-week rostering period is 148 hours. This is not inclusive of breaks which are unpaid.
If the rostered shift falls on a Bank Holiday, colleagues are expected to work this.
Typically, in 2 out of the 4 weeks, there is a requirement to work 52.75 hours per week, and in the other 2 weeks, a requirement to work 21.25 hours per week. This is subject to change in accordance with business needs.
Current (typical) shift patterns are as follows:
Week 1
Monday 6:45am – 7pm
Tuesday, Friday, Saturday, Sunday 7am – 7pm
Week 2
Wednesday 6:45am – 7pm
Thursday 7am to 7pm
Week 3
Monday 6:45pm – 7am
Tuesday, Friday, Saturday, Sunday 7pm – 7am
Week 4
Wednesday 6:45pm – 7am
Thursday 7pm – 7am
Please note that allowances paid within HMRC are subject to change in accordance with respective policy changes, and the Annual Attendance Allowance is currently under review.
From 1 September 2021, full-time employees have a starting paid annual leave allowance of 25 days per year, pro rata, which will increase by one day for each year’s qualifying service up to a maximum of 30 days.
If you’re transferring over from an Other Government Department (OGD), we will take account of your previous qualifying service, provided there is no break in your service between you working for your previous department and taking up service with HMRC.
If you’re transferring over from a recognised Non-Departmental Public Body (NDPB), you will have your previous qualifying service recognised from 1 March 2011, provided it is continuous with your service with HMRC.
https://www.gov.uk/government/publications/working-for-hmrc-information-for-applicants/terms-and-conditions-in-hmrc, + Continual real-time monitoring of the HMRC’s Security Platforms.
+ Maintain CE&BO’s Cyber Security Team (CST) monitoring screens and adapt as and when necessary.
+ Progressive maintenance and improvement of CST dashboards – in line with CE&BO’s requirements to tailor dashboards that meet wider view requirements.
+ Real-time monitoring of CST’s mailbox, for potential alerts and other Important Information.
+ Taking ownership of CST’s cases and following CST tickets to full resolution state – in line with CST procedures as well as flagging relevant information to meet CE&BO’s needs.
+ React and respond to CE&BO’s trending analysis raised by CE&BO colleagues to identify and eliminate any security issues assisting with findings where possible.
+ Listen to CE&BO’s bridge phone conversations and report to overall CST when incidents develop within the CE&BO – regardless what the issue is.
+ Where new issues are identified in the CE&BO, collaborate and assist using cyber security skills where possible.
+ In an event of HPI that involves Cyber Security, take ownership and be first point of contact, creating a knowledge bridge between CE&BO and CST as a whole, sharing information in real time to resolve incident to hand efficiently.
+ Monitor Daily CE&BO communications in CST mailbox to maintain constant awareness.
+ In an event of a Major Incident (HPI) – CE&BO will have prepared an HPI environment in which various concerned stakeholders and service owners are involved. If this concerns issues associated with CST you are responsible for:
+ Provide initial assessment of the situation and collaborate with CE&BO’s team as well as CST in relation to the incident and creation of a CST ticket.
• Attend live calls and provide assistance and collaboration.
+ Provide background material if available – and ensure (where sensitive information is identified), seek approval from CST management before disclosure.
+ Capture timeline throughout the incident lifespan.
+ Real-time updates and application of skillset without delay is essential.
+ For out of hours, if unable to resolve incident, use the on-call if incident is classified as severe and high risk of breach is identified to critical infrastructure environments.
You must hold or be willing to obtain SC level clearance. Please see Additional Security Information below., We'll assess you against these behaviours during the selection process:
+ Making Effective Decisions
+ Changing and Improving

Technical skills
We'll assess you against these technical skills during the selection process:
+ Question, + A 500-word personal statement. Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and person specification outlined in the advert.
+ Separate 250 word statements for the following behaviours:-
Making Effective Decisions
Changing and Improving
Further details around what this will entail are listed on the application form.
We acknowledge that AI can assist you in your application. Find our guidelines here.
Sift
At full sift all behaviour statements, your CV and your Personal Statement, will be assessed, with the successful candidates being invited to interview.
We may also raise the score required at any stage of the process if we receive a high number of applications.
Interview
During the panel interview, you will be assessed on Experience, Behaviours, Strengths, and Technical questions linked to the role.
This is an example of a strengths-based question
“It is often said that the customer's needs should come first. To what extent do you agree or disagree with this statement?”
There is no expectation or requirement for you to prepare for the strengths-based questions in advance of the interview, though you may find it helpful to spend some time reflecting on what you enjoy doing and what you do well.
Interviews will take place via video link.
Sift and interview dates to be confirmed.
Eligibility
Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk – Use the subject line to insert appropriate wording for example – ‘Please re-open my application – [insert vacancy ref] & vacancy closing date [insert date]’.
To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.
Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.
Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.
Merit List
After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.
Reasonable Adjustments
We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.
If you need a change to be made so that you can make your application, you should:
+ Contact the UBS Recruitment team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.
Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
Additional Security Information
Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.
Important information for existing HMRC contractual homeworkers
Please note that this role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.
Terms and Conditions
Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.
HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.
Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.
Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.
Questions relating to an individual application must be emailed as detailed later in this advert.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
New entrants will join on the minimum of the pay band.
If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks., Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles.
In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.

+ Excellent troubleshooting methodologies and root cause analysis skills.
+ Awareness and enthusiastic in cyber security developments, current trends, analysis and technically equipped with basic scripting skills.
+ A good knowledge of Security Strategies, and Policies.
+ Understanding of the systems and high level architecture which underpin corporate IT systems and the techniques deployed to compromise these assets.
+ Meticulous attention to detail.
Desirable Criteria
+ Previous exposure to SIEM platforms
+ Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.
+ Demonstrable understanding of digital forensics, skills, techniques and tools to perform forensics and root cause analysis on enterprise IT systems
+ Certifications Preferred: GSEC, GCED, GCIH, CCNA Security or BSc in Cyber Security
+ Proven analytical and investigative skills.
+ Effective reporting, presentation skills with the ability to communicate technical issues to non-technical audience and explain the impact of vulnerabilities or threats in business focused language
+ Passion and aptitude for technical Cyber Security work with the motivation to develop and maintain subject matter expertise, This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Strengths, Experience and Technical skills.

Alongside your salary of £29,475, HM Revenue and Customs contributes £8,538 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.
We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.
+ Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
+ Family friendly policies.
+ Personal support.
+ Coaching and development.
To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service