Shipley Contract type:
Permanent Closing date:
Within HMRC, our digital division is called CDIO (Chief Digital Information Officer Group) and has a number of internal delivery groups all working towards our digital transformation. The delivery group in which this vacancy sits, is called Data Engineering; this delivery group provides data analytics and reporting services for the whole of HMRC across legacy and new systems, with a focus on investing in future technologies to create the most digitally-advanced tax authority in the world. Data Engineering provides support to HMRC’s Hadoop-based Enterprise Data Hub (EDH) services, is primarily based in Manchester and also has a presence across sites in London, Southend and Telford.
This is an exciting opportunity to join Data Engineering, as an Information Security Manager (Development).
Our services are made within Agile frameworks and are deployed and operated via DevOps practices and the opportunity exists to work with the development teams to ensure that they design, develop and operate secure services by default. This role would suit someone who has worked in a software development environment, has a good understanding of software development methodologies and has an interest in software and application security. You will:
Essential skills and experience:
- Build a DEDG Security Champions Network (DSC) of developers from each product area/scrum team across the delivery group
- Engage with the DSC network to ensure that security related user stories are considered at sprint 0, that threat models are undertaken in order to determine the risks that service presents and that security is built in to the way that the services are designed and operated
- Translate technical risks into business risks in order that the business risk owner and assurance team [formerly accreditors] understand the level of risk exposure from all new and change projects
- Work with developers and architects to understand the technical risks that their service presents
- Support DevOps engineers in ensuring that security patches are up to date for all DEDG servers and that automatic code scanning results are interpreted and actioned
- Maintain close working relationships with key internal and external stakeholders including corporate HMRC security (and other shared services), Human Resources, Legal, Outsourced Service Suppliers and Internal Support teams
Desirable skills and experience:
- Understanding of software development lifecycles and how they integrate with security
- Knowledge of hosting environments and the associated security context e.g. AWS, Azure, GCP, private cloud, etc.
- Knowledge of virtualisation and containerisation technologies e.g. Docker
- Must hold or be willing to undertake SC clearance
• Experience in operating within HMG security frameworks e.g. SPF, JSP-440, etc.
• Experience of implementing security policy above OFFICIAL Qualifications
Relevant security qualifications on a par with:
• Senior/Lead CESG Certified Practitioner (CCP), or
• Undergraduate degree/Postgraduate qualification/Masters in an Information Security disciplineIf you are interested in this role, please apply and should your skills and experience match the above job spec, a HMRC recruiter will be in touch with you. For further information regarding the role, it is also advertised through Civil Service Jobs.