Principal Cyber Security Professional (Security Testing Capability Lead)

Newcastle, Stratford, Bristol, Cardiff, Salford, Telford, London, Leeds
£64,052 - £79,588 + benefits
25 Nov 2021
09 Dec 2021
Contract Type


Newcastle upon Tyne, Stratford, Bristol, Cardiff, Salford, Telford, London, Leeds


National (£64,052- £72,202), London (£70,603- £79,588)


At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

HMRC is building a modern, digital tax administration and runs the biggest digital operation in Government, providing digital services for 45 million individuals and 4.9 million business customers. Our digital programme is multi-award winning and the envy of other government organisations.

We are undergoing a major transformation programme, which includes a significant investment in digitisation. This means customers can do more for themselves online, in real time, on computers, tablets and smartphones.

We are building a team of outstanding people who will create and run these new and improved technology services and now is a great time to join us.

Cyber Security, Information and Risk Delivery Group (CSIR) is part of HMRC's Chief Digital Information Office. We provide support to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

Job description

The Team

Cyber Security Technical Services (CSTS) is an integral part of CSIR. Our vision is to be a recognised Centre of Excellence working collaboratively to deliver a holistic, customer-centric set of services. We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.

Our team comprises of cyber professionals, with a range of experience and skills across security architecture, risk, assurance, testing and consultancy.

We are expanding and looking for Principal Cyber Security Professionals to build and shape the security team in one of the largest IT estates in Europe.

This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across Government.

The Role

As a Principal Cyber Security Professional, you will play a leading role in securing HMRC's services, working to the Deputy Director, to ensure the best possible technical security risk-based advice is given to our customers.

You will work collaboratively with senior business & technical stakeholders, to deliver appropriate risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services. You will be the security champion for major HMRC programmes, leading security teams as appropriate.

You will be integral to the Senior Leadership Team, establishing our strategy and steering plans to deliver. You will engage at a strategic level within the business and drive organisational objectives. You will influence policy and lead on technical and business change.

You will be assigned as a Capability Lead for Security Testing where you will be responsible for the development and management of the new Continual Security Compliance Capability. In addition, you will be defining, building and managing the security testing capability. This will involve but not be limited to being responsible for the technical security testing strategy for functional and non-functional security testing, penetration testing, ongoing vulnerability management of the estate, developing the team's skills required to support the capability, tooling, and plan risk-based mitigation actions.

Broadly, we would expect the successful candidate to align with the Government Security Professional Framework for the following role:

Cyber Security - Research, Development and Design - Penetration Testing

The ideal candidate will be:

  • A leader in the delivery and development of a Security Testing Capability and expertise of the wider team and drive the learning & development strategy for this.
  • A leader in managing key partners on major programmes, working with Programme Leaders and Governance Boards.
  • Able to demonstrate a proven history of delivering high value outcomes in challenging environments.
  • Flexible to meet business needs and champion consistency across our business in support of our "one team" ethos.
  • Always clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve great results.
  • A security testing subject matter expert, able to identify, raise and escalate cyber risks for the business and influence appropriate decisions in keeping with the HMRC risk appetite


You will have significant experience or knowledge as follows:

  • Managing effective relationships with senior partners, effective team engagement and strong leadership.
  • Extensive experience as either a senior penetration tester or managing a security testing team.
  • Proven successful delivery of security aspects of major projects and demonstrable professional credibility and authority having been within a key security role working on large projects.
  • Sharing knowledge, advising and training colleagues.
  • Experience ensuring effective governance controls in a complex business environment and maintaining supplier/customer relationship management.
  • Demonstrable experience designing & delivering technical security & risk management aligned to corporate risk appetite across several enterprises.
  • Communicating effectively to technical and non-technical audiences at all levels using excellent written and verbal skills.
  • Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation and privacy.
  • Proven professional experience of how technical security is applied in real life, large scale complex environments.

Desirable Criteria:

Ideally, you will also have experience of:

  • Leading multi-disciplinary security teams and building strong relationships across team/business area/ departmental/ boundaries.
  • Deep knowledge of penetration testing skills and requirements.
  • Proven experience in developing security testing capability within a large organisation, including empowering, supporting and developing staff to achieve the highest performance standards.
  • Applied knowledge of security architectures, operating systems & networking architectures, technologies & the OSI Model.
  • Strong working knowledge of Cloud Security & Risk applied to all service models.
  • Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
  • Working knowledge of appropriate ISO standards including 27001, 27002, 27005, 270017, 27018, 22301.
  • Good working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
  • CREST/TIGER/CHECK or similar equivalent penetration testing qualification.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • Nationals of Commonwealth countries who have the right to work in the UK
  • Nationals of the Republic of Ireland
  • Nationals from the EU, EEA or Switzerland with settled or pre-settled status or who apply for either status by the deadline of the European Union Settlement Scheme (EUSS)
  • Relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • Relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • Certain family members of the relevant EU, EEA, Swiss or Turkish nationals

Further information on nationality requirements

This vacancy is open to external candidates and additionally open to all Civil Service employees and employees of accredited non-departmental public bodies (NDPBs) who were appointed on merit following a fair and open competition; or were appointed to a permanent post through an exception in the Civil Service Commissioners' rules.

Working for the Civil Service.

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Technical skills

We'll assess you against these technical skills during the selection process:

  • Technical Aptitude - using a scenario, which will test the candidate's technical security knowledge and present their knowledge articulately Test and Presentation


  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Apply before 11:55 pm on Wednesday 8th December 2021