Full-Time Cyber Technical Investigator
HMRC is the UK’s tax, payments and customs authority and we have a vital purpose: we collect the money that pays for the UK’s public services and help families and individuals with targeted financial support.
HMRC’s Fraud Investigation Service (FIS) is responsible for the department’s civil and criminal investigations. FIS ensures that HMRC has an effective approach to tackling the most serious tax evasion and fraud. FIS is home to a wide range of people with a variety of skills and professional backgrounds – including accountants, cybercrime specialists, criminal justice professionals, tax professionals and operational delivery support teams to name but a few. We use a range of powers and approaches to protect funding for UK public services, investigating the most harmful tax cheats and ensuring nobody is beyond our reach.
Digital Support and Innovation (DSI) is the specialist support business area responsible for the provision of enhanced digital and covert specialist technological support to FIS investigations. DSI works across Law Enforcement and government. DSI provides investigative tools and covert techniques to front-line investigations and works with key partners to develop and provide access to new technology and systems to enable investigators to respond to serious and complex tax evasion and crime.
About the role
HMRC’s Cyber & Digital Forensics (C&DF) team has an important role to play in supporting HMG’s mission to make the UK a safe place to do business online, and delivering world class digital forensic support to HMRC investigations. The cyber threat posed to both HMRC and its customers are growing in sophistication, and the complexity of extracting and analysing digital evidence from devices continues to increase. To ensure that no-one is beyond our reach and to maintain the integrity of our digital channels, the C&DF team is undergoing an expansion.
The successful candidate will work colleagues within the cyber-crime team to technically analyse and investigate the impact of cybercrime on HMRC systems and services.
The successful candidate will assist in investigating criminal attacks against HMRC and its customers, informing the design of our security.
The successful applicant will:
• Working with large data sets, to identify patterns and trends to inform on cyber related attacks.
• Support HMRC criminal investigations by collating analysing and explaining a variety of internal and external data sources to support criminal justice outcomes
• Assist in conducting cybercrime and digital forensics examinations in a criminal justice capacity
• Provide witness statements and attend court in support of criminal investigations as required
• Assist the team in providing HMRC with insight on the impact of cybercrime on HMRC services and customers
• Use a variety of tools and scripting languages to conduct complex searches
• Understand the extent of their knowledge and when to ask questions.
• Maintain and convey their technical knowledge of current cyber threats to financial institutions and UK businesses to stakeholders.
• Assist in devising and applying innovative mitigations to address risks within HMRC using up-to-date knowledge of cyber-crime attacks and malware capabilities.
• Keep their knowledge and skills up to date and acquire new knowledge and skills through formal learning and their own research.
The successful candidate will be able to evidence a number of skills from the following:
• Experience in analysing hard drives and memory for indicators of compromise.
• Experience in analysing packet captures of network traffic for indicators of compromise.
• Sound technical understanding of current cyber threats to financial institutions and UK businesses, from financial Trojans to web application attacks.
• Able to apply insight from industry research to determine methods, tools and perpetrators of cyber-crimes against HMRC.
• Ability to work in a Windows, Linux and Mac OSX environment.
• Experience analysing large data sets.
• Ability to use basic scripting for data manipulation, including familiarity with regular expressions, sed, awk, Excel, etc
• Familiarity with relevant of tools:-
o Commercial and open source forensic tools.
o Virtualization tools.
o Scripting and programming, e.g. Python
o Malware analysis tools, Disassemblers & Debuggers.
o Memory forensics tools.
o Data visualization tools.
o Data Analysis tools.
o Application and Infrastructure penetration testing tools.
The successful candidate have recent experience working in Cyber Security/incident response/Digital forensics roles.
Knowledge of relevant UK law enforcement legislation (CPIA RIPA CMA IPA Disclosure)
• A full driving license.
Industry recognised certifications and qualifications with incident response Cyber Security/Digital forensics experience. Membership of professional bodies, like the IISP, would be a positive.
• Digital Forensics vendor specific qualifications
• SANS GIAC certifications
• CompTIA Certifications
How to ApplyWe'll assess you against these behaviours during the selection process: Making Effective Decisions Delivering at Pace Working Together Developing Self and Others To apply please send your CV to Joanne Keane - email@example.com
24 total views, 1 today