Technical Cyber Security Operations Manager

£41,782 - £44,932 + benefits
10 Jun 2022
23 Jun 2022
Contract Type


At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

The Customer Protection Team sits within HMRC's Cyber Security Operation. The work of the team involves delivering anti-phishing operations for HMRC staff and customers alike, together with work to maintain the credibility of the HMRC brand in the online space. The work is critical for HMRC's Digital transformation and the team work in a high-profile, complex and rapidly changing security environment. As such, it is high-profile with significant interest from Directors and opportunities for working across HMRC teams and with other Government Departments.

We operate from two Cyber Security Command Centres, in Telford and Leeds. The team includes Apprentices, Fast-streamers and Industrial Placements (on a sandwich year from university) as well as established analysts.

Job description

As a "Technical Cyber Security Operations Manager" your responsibilities which directly support the department's Cyber and Digital Strategies include:

  • Experience of managing technical teams and getting the best from people.
  • Investigating and delivering detailed analysis of the HMRC phishing and brand abuse operational landscape through analysis of big data sets to identify suspicious or malicious activities.
  • Driving improvements in the team's capability and efficiency in line with the Cyber Security team and Departmental Cyber Security strategies.
  • To act as technical escalation point for strand analysts.
  • To proactively develop attack detection techniques, process development and improvement.
  • Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.
  • Experience developing specific detections based on Tactics, Techniques and Procedures (TTPs) obtained from threat intelligence and other sources.
  • Effective reporting, presentation skills with the ability to communicate technical issues to non-technical audience and explain the impact of threats in business focused language.
  • Knowledge and understand of a wide variety of security technologies, including Network Infrastructure, Endpoint Security, Application Security, SIEM, Incident Response.
  • Industry specific skills and certifications such are preferred, but willingness to certify is required.
  • Passion and aptitude for technical Cyber Security work with the motivation to develop and maintain subject matter expertise .
  • Build documented processes and procedures to ensure all aspects of incident response, digital forensics are carried out in an evidentially secure manner and comply with all statutory, Departmental and ethical guidelines.
  • Collaborative working with external suppliers.


The successful candidate will have a good knowledge of IT and Information Security, and be able to engage and communicate complicated IT Security matters to a business/stakeholder and technical audience.

Ideal candidates will be able to demonstrate technical skills and knowledge in using the following technologies and tools:


  • Security Incident and Event Management
  • Email Fundamentals
  • Network Fundamentals
  • Web Development Principles

Essential Criteria:

The successful candidate must possess strong team and communications skills as well as sound technical knowledge in the subject of Information Technology and Security. He/she must have experience of managing technical analysts.

Desirable Knowledge, Criteria and Skills


  • Strong analytical and problem solving skills.
  • Excellent troubleshooting methodologies and root cause analysis skills.
  • Knowledge of PHP, Java script, HTML etc.
  • Competent at data manipulation through MS Office Applications.
  • Awareness and enthusiastic in cyber security developments, current trends, analysis and technically equipped with basic scripting skills..
  • Previous exposure to SIEM platforms - in particular Splunk. (able to create and edit Splunk dashboards, and or understand how SIEM platforms function).
  • Experience writing signatures and detection patterns for SIEM..
  • Experience with programming/scripting languages.
  • Command-line operating system e.g. Linux, Windows etc.
  • Proven analytical and investigative skills.
  • Proven ability to communicate to different audiences at various levels of understanding in presentations and written submissions.


We'll assess you against these behaviours during the selection process:


  • Communicating and Influencing
  • Leadership
  • Making Effective Decisions
  • Working Together
  • Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:


  • Security Incident and Event Management
  • Email Fundamentals
  • Network Fundamentals
  • Web Development Principles



  • Learning and development tailored to your role.
  • An environment with flexible working options.
  • A culture encouraging inclusion and diversity.
  • A Civil Service pension.

Labour Market Supplement (LMS) is payable to suitably qualified candidates, although if these are not met there will be opportunity to work towards it as part of the annual personal development plan (PDP).

Apply before 11:55 pm on Wednesday 22nd June 2022.


Similar jobs

Similar jobs