Senior Cyber Security Analyst

£34,404 - £36,985 + benefits
18 Aug 2022
31 Aug 2022
Contract Type


At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

HMRC collect more than 600bn in revenue for the UK Government, money used to run vital services for more than 67m people across Great Britain. As you'd expect then, the security of our online services and data assets is something we take incredibly seriously, and we're now looking to add a Senior Cyber Security Analyst to the team.

Primarily working within the Investigation and Response element of the team, you'll get to investigate, contain, correct and prevent re-occurrence of malicious traffic and incidents.

This is varied, interesting and vital work so if you're looking for a new challenge, putting your experience and skills to the test, we'd love to hear from you.

See what it's like to work at HMRC:

Job description

The Job

The Incident Management Team are the front-line operational arm of the HMRC Cyber Security Team, responsible for protecting the confidentiality, integrity and availability of HMRC online services and data assets. The team and the successful individual undertake the following 2 core activities:

  • Detect and Identify
  • Investigate and Respond


Responsibilities include:

  • Continual real-time monitoring of the HMRC's Security Platforms such as Splunk.
  • Ensure the prompt analysis of anomaly detection tools to help identify security breaches, cyber-attacks, and reporting activity.
  • Progressive maintenance and improvement of CST Splunk dashboards.
  • Build procedures to ensure all aspects of incident response, digital forensics and malware analysis are carried out in secure manner and comply with statutory, guidelines.
  • Exercise, tune and innovate security incident playbooks/standard operating processes
  • Taking ownership of CST's cases and following CST tickets to full resolution state in line with CST procedures.
  • Collaborative working with external suppliers.
  • Perform analysis and forensics on network artefacts and malware samples to document attack capabilities, understand propagation characteristics and define signatures for detecting its presence.

You will already have knowledge and experience of:

  • sing a variety of analytical tools to identify security compromises within large amounts of complex data.
  • Analysing large datasets to find unusual system and user behaviours multiple technical. environments, including but not limited to, cloud, networking, operating systems, databases
  • Exposure to the cyber security, including knowledge and experience of the breadth and depth of threat actors and vectors available.
  • Using digital forensic and malware analysis tools, whether that be commercial products or open source.
  • The structures underpinning corporate IT systems and how these structures can be compromised and exploited.
  • Security monitoring, intrusion detection, prevention and control systems including firewalls, anti-virus, web proxies.


We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Changing and Improving

Technical skills

We'll assess you against these technical skills during the selection process:

  • Cyber Security Analysis


  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.