Cyber Security Professional Practitioner (Security Testing)

HM Revenue and Customs

Apply before 11:55 pm on Tuesday 31st January 2023



Reference number



£41,782 - £44,932
In some cases, external (non-Civil Service) candidates may be offered a Higher Starting Pay between the HMRC salary advertised ranges (London or National ranges respectively apply). This Higher Starting Pay is only offered according to skills levels and experience. This will be discussed with successful candidates when HMRC make a provisional offer for the post.

Job grade

Senior Executive Officer

Contract type


Business area

HMRC - CDIO - Chief Information and Security Officer (CSIR)

Type of role


Working pattern

Flexible working, Full-time, Job share, Part-time

Number of jobs available



Bristol, South West England, BS2 0ES : Cardiff, Wales, CF10 1EP : Leeds, Yorkshire and the Humber, LS1 4AP : Salford, North West England, M3 5BS : Newcastle upon Tyne, North East England, NE98 1ZZ : Telford, West Midlands (England), TF3 4NT

Job summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve. 

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Do you have experience or a Passion for security testing and continual development within this area?

Are you interested in working for an organisation that truly champions a healthy work/life balance?

If so, continue reading to find out more about this fantastic opportunity to join HMRC - one of the largest and most dynamic IT infrastructures in Europe, and we are now one of the most digitally advanced tax authorities in the world.

Now is a great time to join us as we establish a team of outstanding people in the field of Enterprise Security Architecture, Risk Management and Testing, who will create and run these new and improved technology services. This is a chance to work on services that matter and affect the lives of millions of citizens.

Job description

The Team

Our Cyber Security Technical Services (CSTS) multidisciplinary team supports HMRC to assess business and reputational risks and are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.

We continually adapt and evolve to emerging technologies, the ever-changing threat and risk landscape to meet HMRC/HMG business needs.

We are part of an active and encouraging cyber security community, within HMRC and across government.

The Role

As a Cyber Security Professional Practitioner working within Security Testing, you will play a key role in providing security testing, vulnerability assessment and continual security compliance capabilities in order to secure HMRC’s services and to ensure the best possible technical security risk-based advice is
given to our customers.

As part of role you will also contribute to wider CSTS services as required.

You will work collaboratively with key business & technical stakeholders, to deliver appropriate security testing risk based technical security advice and guidance, to enable the secure delivery of HMRC solutions and services.

This is an exciting time to join us and the chance to work on services that matter and affect the lives of millions of citizens. 

Broadly, we would expect the successful candidate to align with the Government Security Professional for Security Testing and Vulnerability Management Framework.


  • Engage with internal and external partners to manage and provide appropriate security Testing and assurance to the required standard and in accordance with policy and regulations.
  • Scope, conduct, or support security assessments, pen testing and other non-functional security testing, appropriately recording and sharing any findings.
  • Provide Vulnerability management and continual security compliance expertise across on premise and cloud-based solutions.
  • Work collaboratively with project managers and programme leads to provide subject matter expertise on a range of security testing requirements.
  • Act as escalation point to deal with security testing related incidents.
  • Research, identify, validate, and embrace new technologies and methodologies.
  • Champion consistency across the business in support of our “one team” ethos.
  • Support assessments of threats and vulnerabilities determine deviations from acceptable/defined baselines.
  • Communicate threat, vulnerabilities, and risk information to stakeholders in a clear and concise manner.
  • Assist in the development and delivery of Security testing documentation sets.
  • Research and assess new threats and security/vulnerability alerts, and recommend remedial actions.

Person specification

Essential Criteria

  • Good Technical understanding/grounding along with relevant IT security experience and qualifications.
  • Passion for security testing and continual development within this area.

Desirable Criteria

You will have knowledge, understanding and/or experience of:

  • Using vulnerability management/scanning tooling, compiling reports and conducting regular scanning and assessment activities.
  • Understanding of penetration testing tools and techniques.
  • Experience at managing and/or conducting a wide range of testing in different environments with different complexity.
  • Compiling Security testing reports, with the ability to work with stakeholders to determine real impact and probability of exploits being successful.
  • Security and privacy risks and threats, along with key principles such as confidentiality, availability, integrity, non-repudiation and privacy.
  • Building relationships with stakeholders and communicating technical information to diverse audiences.
  • Using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
  • Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues.
  • Developing and delivering change and successful delivery of technical security aspects of projects.
  • How technical security is applied in real life environments.
  • Technical security controls, threats and vulnerabilities and current IT and security best practice approaches.
  • IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures.
  • A good understanding of threats and threat vectors.

Technical skills

We'll assess you against these technical skills during the selection process:

  • Technical Aptitude
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%

Team members that are moving offices as a result of the Locations Programme will be entitled to a Moves Adjustment Payment for three years where they incur additional costs. This is calculated based on the difference between the costs of travelling to and from the new and old office, over a weekly period. You will get more detail on this as part of targeted locations move communications.

Find more about HMRC benefits in 'Your little extras and big benefits handbook' for further information or visit Thinking of joining the Civil Service.

Selection process details

This vacancy is using Success Profiles, and will assess your Experience and Technical skills.

As part of the application process, you will be asked to submit a Personal Statement of no more than 750 words and this should outline examples of how you meet the essential criteria as outlined in the person specification.

You will also be asked to complete a CV setting out your career history outlining your key responsibilities and achievements (250 words max), along with your skills and experience (500 words max), and your qualifications.

Please ensure you have provided reasons for any significant gaps in employment history within the last two years.

Your CV and Personal Statement will be assessed at Sift. Please note that your application may be rejected if you exceed the word count as specified.

A sift will be carried out within 21 days of the closing date. An interview, if required, will be carried out within 21 days of the sift results.

During interview we will explore your experience, and you will be tested on how you respond to a suggested Cyber Security scenario.

Sift and interview dates to be confirmed.

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days (Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. The inbox to contact is:  - Use subject line to insert appropriate wording e.g. Please re-open my application - 262797 & vacancy closing date 31/01/2023.

Security Update

If you are successful and transferring from another Government Department, we will carry out a check of your identity, nationality, and immigration status (including the right to work in the UK) and a criminal record check before confirming your appointment. 

Successful candidates must pass a Disclosure and Barring Security Check. Please note that HMRC have an exemption under the Rehabilitation of Offenders Act 1974, which enables us to make enquiries about both unspent and spent convictions. 

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading. 

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. 

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

HMRC transformation

HM Revenue and Customs is currently going through an exciting ten-year transformation programme to create a tax authority fit for the future. As part of this, we are committed to providing high-quality jobs and giving employees a great place to work, whichever location you work from. 

HM Revenue and Customs has made significant progress with its plans to locate in 14 large, modern, flexible offices, equipped with high-speed digital infrastructure supporting improved customer service and compliance activity. These collaborative workspaces will enable smarter working and great training and development facilities, allowing for the sharing of expertise, local training, promotion, and provide great ongoing career development opportunities. 

These offices will be located in central locations in the following towns and cities close to accessible transport links: Glasgow, Edinburgh, Belfast, Newcastle, Leeds, Liverpool, Manchester, Nottingham, Birmingham, Bristol, Cardiff, Croydon, Portsmouth and Stratford.  

In addition, there will also be a small number of specialist sites where the work cannot be done anywhere else, in Gartcosh (near Glasgow), Telford, Ipswich, Worthing and Dover, as well as our headquarters in central London. What’s more, our Welsh language service has people located in Porthmadog, as well as Cardiff. 

We are letting you know about our future plans because if you are recruited into an office that is not one of these locations, you will be expected, subject to HM Revenue and Customs applicable policies, to move to one of these locations in the future. In some cases, this will be via one of our nine transitional sites. 

For more information please contact the vacancy holder.

Terms and Conditions

We really hope you decide to apply for this role. If you’re successful you need to know that in February 2021 members of recognised trade unions (ARC and PCS) voted to approve a pay and contract reform offer. This means that HMRC will adopt new terms and conditions for all colleagues as part of a multi-year pay deal and contract offer, the pay deal period is 01 June 2020 – 31st May 2023 and terms and conditions changes take place from the 01 June 2021 onwards. These terms will apply to colleagues who already work in HMRC and if you join us, it will apply to you too. We’ve put together a summary of the key changes that will be made and you can find this attached to the Job Advert.  


If you are currently working for an OGD and would like to consider the impact on your pay when joining HMRC, please see the attached document "Pay on Transfer from OGD" for further information. (Please note the attached document could also be called “Combined T&C and OGD Pay English”) 

New entrants are expected to join on the minimum of the pay band. 

Further Information

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement this will be tested as part of the selection process. 

A reserve list may be held for a period of 12 months from which further appointments can be made. 

Any move to HMRC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility here.

HMRC welcomes applications from those who need to work a more flexible arrangement and will agree to requests where possible, taking into account our operational and customer service needs. We can’t guarantee that we can meet all requests to work flexibly, as agreement will be subject to business ability to accommodate, and any request to work a more flexible arrangement should be made prior to your acceptance of the provisional offer.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. 

Important information for existing HMRC contractual homeworkers:

Please note that this role is unsuitable for contractual homeworkers due to the nature and/or requirements of the role.

Reasonable adjustment

We want to make sure no one is put at a disadvantage during our recruitment process because of a disability, condition or impairment. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate. Please see our Disability Matters: How we can support you during our selection process booklet for more details. 

If you need a change to be made so that you can make your application, you should:

  • Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs.
  • Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Feedback will only be provided if you attend an interview or assessment.


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

See our vetting charter.
People working with government assets must complete basic personnel security standard checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with settled or pre-settled status or who apply for either status by the deadline of the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
This vacancy is part of the Great Place to Work for Veterans initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : Allison Delaney
  • Email :
  • Telephone : 03000 557906

Recruitment team :

  • Email :

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel a department has breached the requirement of the Recruitment Principles. In the first instance, you should raise the matter directly with the department concerned via If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Click here

Share this page