** Starting Salary - £ 26,000 + 15% Shift Allowance **
*** This is a shift based role to cover our 24/7/365 operation ***
Location - Newcastle (NE98 postcode)
HM Revenue & Customs (HMRC) along with Revenue & Customs Digital Technology Services (RCDTS) are embarking on an ambitious and challenging digital transformation programme which will result in HMRC becoming one of the most digitally advanced tax authorities in the world.
Revenue & Customs Digital Technology Services (RCDTS) was set up in 2015 as a subsidiary of HMRC's Chief Digital & Information Officer Group and has one of the largest customer bases in the world.
The Customer Experience & Bridge Operations Centre (CE&BO) comprises of a number of teams focused around monitoring the customer experience for the HMRC IT network, services, applications, batch processing, security and incident management
The Security Analyst will work a rotational 12 hour shift pattern, providing 24*7*365 Security monitoring and support capability for the CE&BO and HMRC.
The Customer Experience & Bridge Operations Centre (CE&BO) comprises of a number of teams focused around monitoring the customer experience for the HMRC IT network, services, applications, batch processing, security and incident management.
The Security Analyst will work a rotational 12 hour shift pattern, providing 24*7*365 Security monitoring and support capability for the CE&BO
In line with this purpose, the Security Analyst has the following responsibilities:
• Continual real-time monitoring of the HMRC's Security Platforms such as Splunk.
• Maintain CE&BO's Cyber Security Team (CST) monitoring screens and adapt as and when necessary.
• Progressive maintenance and improvement of CST dashboards - in line with CE&BO's requirements to tailor dashboards that meet wider view requirements.
• Real-time monitoring of CST's mailbox, for potential alerts and other Important Information.
• Taking ownership of CST's cases and following CST tickets to full resolution state - in line with CST procedures as well as flagging relevant information to meet CE&BO's needs.
• React and respond to CE&BO's trending analysis raised by CE&BO colleagues to identify and eliminate any security issues assisting with findings where possible.
• Listen to CE&BO's bridge phone conversations and report to overall CST when incidents develop within the CE&BO - regardless what the issue is.
• Where new issues are identified in the CE&BO, collaborate and assist using cyber security skills where possible.
• In an event of HPI that involves Cyber Security, take ownership and be first point of contact, creating a knowledge bridge between CE&BO and CST as a whole, sharing information in real time to resolve incident to hand efficiently.
• Monitor Daily CE&BO communications in CST mailbox to maintain constant awareness.
In an event of a Major Incident (HPI) - CE&BO will have prepared an HPI environment in which various concerned stakeholders and service owners are involved. If this concerns issues associated with CST you are responsible for:
•Provide initial assessment of the situation and collaborate with CE&BO's team as well as CST in relation to the incident and creation of a CST ticket.
•Attend live calls and provide assistance and collaboration.
•Provide background material if available - and ensure (where sensitive information is identified), seek approval from CST management before disclosure.
•Capture timeline throughout the incident lifespan
•Real-time updates and application of skillset without delay is essential.
•For out of hours, if unable to resolve incident, use the on-call if incident is classified as severe and high risk of breach is identified to critical infrastructure environments.
• Excellent troubleshooting methodologies and root cause analysis skills
• Awareness and enthusiastic in cyber security developments, current trends, analysis and technically equipped with basic scripting skills.
• A good knowledge of Security Strategies, and Policies
• Understanding of the systems and high level architecture which underpin corporate IT systems and the techniques deployed to compromise these assets.
• Meticulous attention to detail
• Previous exposure to SIEM platforms - in particular Splunk.
• Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.
• Demonstrable understanding of digital forensics, skills, techniques and tools to perform forensics and root cause analysis on enterprise IT systems
• Certifications Preferred: GSEC, GCED, GCIH, CCNA Security or BSc in Cyber Security
• Proven analytical and investigative skills...... click apply for full job details