Back to search

Cybercrime Investigator

Apply now
Civil Service
Categories: Government Finance Employer website Report this listing

Job Description

Job summary

Discover what its like to work in a compliance role that makes an impact. Could you help us shape a stronger, fairer future? Your next career move starts here.

The team is located across HMRCs regional centres at Stratford in London, Manchester, Leeds and Nottingham. You will occasionally be required to attend these locations in addition to your home office location and may have to stay overnight. Due to the operational activity conducted by the team you will occasionally be required to work away from the office in the UK and overseas. The Cybercrime Team utilise a range of technical capabilities, Intelligence tools and investigative work to detect, mitigate and investigate the most significant attacks against HMRCs online services, our customers, and our data.

Consisting of 3 strands working together to reduce cyber enabled harm to UK citizens, businesses and HMRC from organised criminal networks using technology to fraudulently access customers devices and online accounts.

Strategy and Business Management

This key area underpins and brings together the vision, purpose, and insights of the Cybercrime team. It ensures the ambition, strategic direction and priorities for the teams Strategy are set and actioned against HMRCs Strategy, the Risk Treatment Plan and Tactical priorities.

Business Management fulfils a variety of roles and functions in support of the Senior Leadership Team and wider team, including, inbox/diary management, recruitment, change management, knowledge management, including training and corporate assurance.

Technical Investigation

The Technical Investigators use their specialist skills in Digital Forensics, online log data analysis, malware analysis and knowledge of cyberspace and cybercriminals tactics working alongside investigators to identify and develop investigations from inception to producing technical evidence for court. They use this insight to enhance HMRCs capability to defend and investigate cybercrime attacks.

Intelligence, Investigation & Operational Engagement

This area of the team utilises a range of covert and sensitive intelligence, investigation capabilities and partnerships to detect cybercrime attacks and identify online criminal actors posing a threat to HMRC online services, our data and customers.

They conduct criminal investigations where appropriate and act as HMRCs link into the Cybercrime Law Enforcement and Intelligence communities in the UK and with our key international partners.

This is underpinned by specialist Dedicated Disclosure Teams.

Job description

As a Cybercrime Investigator, you will be involved in some of the most challenging yet rewarding work within law enforcement. You will be engaged with sensitive intelligence sources to identify online fraud and cybercrime threats to HMRC; identifying evidence gathering opportunities and planning interdictions.

You will liaise with internal and external intelligence and investigation partners in response to threats they identify. This will include teams across HMRC, wider government and law enforcement partners both in the UK (police forces, ROCUs and the NCA) and internationally.

You will use your investigative skills and cybercrime knowledge to support investigations and, at times, deploy operationally with HMRC and law enforcement partners to support interventions, which may include conducting searches of premises as well as preparing and conducting suspect interviews.

The nature of these investigations requires dynamic collaboration in real time utilising a wide range of techniques in digital pursuit of those attacking our services, including:

  • Interrogation of departmental information systems;
  • Analysis of transactional data on HMRC online services to identify lines of enquiry;
  • Exploitation of Open Source and Digital investigation techniques;
  • Analysis of financial intelligence and developing financial investigation strategies, including crypto-asset tracing;
  • Analysis and exploitation of communications data to identify lines of enquiry;
  • Obtaining a full range of surveillance and data acquisition authorities where appropriate;
  • Support visits to HMRC customers who may have been victims to sophisticated cybercrime attacks, where you will work with forensic practitioners to gather digital evidence.

Additional Information

This post attracts a Level 2 Flexibility Payment (FP) that is paid monthly with salary. This FP allows HMRC flexibility to change your work pattern, at short notice, to meet business needs.

You will be expected to undertake periods of On Call. You will also be expected to work additional hours, at weekends and outside your normal working hours/days (including bank holidays).

In applying for a position and accepting the FP you agree that you can and will meet those attendance requirements.

Note: Payment of FP is dependent on successful completion of role specific training and you will move to Level 2 FP eligibility in stages (see the attached document for details).

FP levels are reviewed annually on a business need and personal basis and may be subject to change.

Details of the Flexibility Payment can be found in the attached document

Person specification

Cybercriminals can be inventive and ingenious with technology, just as you will need to be innovative when using HMRCs wide-ranging legal powers and investigative techniques in response.

  • Experience of working in an operational intelligence or investigation environment.
  • Strong collaborative skills, with the ability to work dynamically and in real time with colleagues across digital, intelligence and forensic disciplines.
  • Analytical and critical thinking ability, enabling you to assess complex digital, financial and communications data to identify meaningful lines of enquiry.
  • Adaptability and curiosity, using a wide range of investigative techniques and adjusting approach as new information emerges.
  • Excellent problem‑solving skills, applying judgement and creativity to develop effective investigation and financial intelligence strategies, including in technically complex areas such as crypto‑assets.
  • Clear and confident communication skills, able to explain findings, develop investigative rationale and engage effectively with both internal stakeholders and external partners.
  • Professional empathy and resilience, particularly when supporting customers who have been victims of sophisticated cybercrime.
  • High levels of integrity and discretion, demonstrating sound judgement when handling sensitive information and operating within legal and ethical frameworks.
  • Effective organisational skills, managing multiple lines of enquiry, priorities and authorisation processes in a fast‑paced investigative environment
  • Flexibility, motivation and a thirst for learning
  • Experience of working with a range of stakeholders across and beyond own business area.
  • Ability to demonstrate an understanding of UK cybercrime threats, online criminal marketplaces and enabling cybercrime services, especially cash-out.
  • Familiarity with online fraud detection systems in government, financial or the retail sector
  • Familiarity with Cyber Threat Intel Analysis, including open-source techniques in relation to cybercrime and attribution.

Essential Criteria

You must demonstrate the following:

Experience in Utilisation of Criminal Justice procedures.

Experience working with Use of the powers within the Police and Criminal Evidence Act 1984 for posts in England and Wales, Police and Criminal Evidence (Northern Ireland) Order 1989 for posts in Northern Ireland and Criminal Justice (Scotland) Act 2016 & Criminal Justice and Licensing (Scotland) Act 2010 for posts based in Scotland.

Understanding Property Interference as defined within Police Act 1995 and the utilisation of the Regulation of Investigatory Powers (RIPA) Act 2000 and/or Investigatory Powers Act (IPA) 2016.

Applied knowledge of Criminal Procedure & Investigation Act 1996, (CPIA 96) ensuring strong standards of Disclosure Practise.

Experience of the creation or assurance of investigative strategies, applying technical competence to identify pertinent lines of enquiry including the day-to-day management of criminal investigation cases.

Experience of supporting operational activities to secure best evidence and an understanding of crime scene control, systematic search techniques and risk management.

Additional Security Information

In addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. Once in post you will be required to apply for Developed Vetting ( DV ) clearance which has a requirement for 10 years UK residency. If you have any ...

Apply now

Yodel are hiring now

Working at Yodel, they promise to support you, develop you and give you all the tools you need to do a great job. They have a range of opportunities across the UK now - why not see if Yodel have the perfect role for you?

See Yodel jobs

More jobs like this More jobs in Leeds
NHS NHS Senior Lead - Central Financial Management. Full Time 79504.00 - 91609.00 a year Leeds 6d
Civil Service Civil Service Head of Financial Reporting. Full Time 70,106 Leeds 6d
Civil Service Civil Service Finance and Systems Assurance Officer. Part Time 37,682 - 46,077 Leeds 6d
NHS NHS Apprentice Clinical Support worker. Part Time 25272 a year Leeds Today
Government jobs in Leeds Finance jobs in Leeds
More jobs in Leeds
Prezzo Prezzo Waiting Staff - Part Time Part Time Up to £12.71 / hour Leeds 6d
Johnsons Hotel Linen Johnsons Hotel Linen HGV Driver Full Time Leeds 1d
Lidl Lidl Warehouse Shift Leader Full Time Leeds 6d
Booker Booker Picker Full Time Competitive Salary & Benefits Leeds 1d
All jobs in Leeds
Report this listing

Good luck with your application

Before you go, we’d love to stay in touch. Sign up to Rest Less now to get the latest jobs and personalised recommendations straight to your inbox.

By signing up you acknowledge you have read our Privacy Policy & Terms.

No thanks. Take me to the application page, please.