Purple Team Lead Active SC Clearance must already be in place to be considered The Team HMRC Security are part of HMRC s Chief Digital Information office (CDIO) and support HMRC to assess business and reputational risks in one of the largest IT estates in Europe. Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSeC) are integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats. Our vision is to be a recognised Centre of Excellence, delivering a holistic, customer-centric set of technical services to HMRC and wider HMG. We continually adapt and evolve our services to emerging technologies and the ever-changing threat and risk landscape to meet HMRC/HMG business needs. This is an exciting time to be part of our active and encouraging cyber security community, within HMRC and across HMG. The Role As a Senior Cyber Security Professional working as the Purple Team Lead within Security Testing, you will play a leading role in providing security testing and purple team capabilities in order to secure wider HMG and HMRC s services and to ensure the best possible technical security risk-based advice is given to our customers. In this role, you will design, manage, and execute a comprehensive program of simulated cyber-attacks tailored to prioritised threats targeting several Government Organisations. The simulated cyber-attacks will be carried out by a commissioned supplier. Your work will validate the supplier s ability to form, execute and report upon the attacks. You will also assess the department s capability to detect and respond to cyber incidents while supporting investigations, incident management, and the effective resolution and mitigation of cyber risks. You will lead various work packages and actively contribute to broader CSTS and Cyber GSeC initiatives, collaborating with key business and technical stakeholders. This is an exceptional opportunity to work on services that impact the lives of millions of citizens. Your leadership in merging offensive and defensive strategies will play a crucial role in strengthening government cyber resilience and advancing the overall security posture. Responsibilities can include: Overseeing execution of Advanced Persistent Threat (APT) scenarios against on-prem and cloud environments to improve the organisation's ability to detect, prevent, and respond to adversaries, underpinned through threat intelligence. Research, verify, and internally disclose suspected control gaps and vulnerabilities during activities. Test key threat scenarios against an organisation's business using adversarial attack tools, tactics, techniques, and procedures. Working with a commissioned supplier to replicate sophisticated cyber-attacks to test and improve the capability of an organisation s Security Operations Centre, Incident Management and Forensic response teams. Work closely with cyber security consultants, taking the lead on Cyber GSeC and CSTS Purple Team initiatives, and collaborating with both Red and Blue teams to refine detection and response capabilities. Formulate and implement a comprehensive purple teaming strategy, that links into the overall Security Testing Strategy, shaping a Secure by Design framework through detailed documentation of testing approaches against established control sets. Analyse the results and outcomes of tests and simulations to identify vulnerabilities, misconfigurations, and detection gaps. Producing detailed, prioritised reports and present findings to both technical teams and executive leadership to inform remediation and future planning. Ensure that all simulation activities comply with internal protocols, industry standards, and regulatory requirements. Contribute to the development and delivery of comprehensive security testing documentation sets. Collaborate with key stakeholders to refine security frameworks, tools, and policies. Scope, conduct and support security assessments, pen testing and other non-functional security testing, ensuring testing methodologies are robust and comprehensive for a variety of test types. Essential Criteria At application and interview, you must demonstrate intensive experience of: Prior experience in red teaming, purple teaming and/or demonstrable experience of working in a technical security position, penetration testing, cyber-attack simulation program, Security Operations Centre, or similar background. Commercial awareness and supplier management skills Possess an in-depth knowledge of information security and risk. You will be well practiced in advising departments on penetration testing processes, tabletop exercises and leading teams undertaking sophisticated tests. Strong problem-solving skills with the ability to assess complex security issues and recommend appropriate countermeasures. A keen strategic mindset to continuously adapt and refine the purple team s engagement approach in a dynamic threat landscape. Understanding and experience of how technical security is applied in real life environments, technical security controls, threats, and vulnerabilities (incl. threat vectors) and current IT and security best practice approaches. Strong understanding of network security, penetration testing, threat intelligence, ethical hacking techniques and defensive security strategies. Passion for security testing and continual development within this area. Experience at managing and/or conducting a wide range of testing in different environments with different complexity. Hands-on expertise with Penetration testing toolsets, simulation platforms and familiarity with frameworks such as MITRE ATT&CK and the Cyber Kill Chain. Developing and leading effective relationships with stakeholders, using effective communication skills to communicate effectively at all levels to technical and non-technical audiences. Internal team engagement, working collaboratively, sharing knowledge, advising, and training colleagues Please ensure your CV clearly demonstrates how you meet this essential criteria Desirable Qualifications Ideally you will also have knowledge, understanding and/or experience of: IT infrastructure (hardware, databases, operating systems, local area networks etc.) and application architectures. Industry qualifications such as CHECK Team Leader, CREST Certified Red team or Simulated Attack Specialist. Strong project management skills and the ability to manage multiple initiatives simultaneously in a fast-paced environment. Familiarity with security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), and other key security monitoring solutions. Please note that SC Clearance is required for this position.