Posted 16 June, 2026

Fraud Proactive Protection Lead - HMRC - G7

Government Digital & Data

United Kingdom Hybrid Full Time

Salary: £58,541 to £72,711 Annually

National minimum- £58541 National maximum- £64624 London minimum- £65869 London maximum- £72711

Location

Bristol, Cardiff, Leeds, Newcastle-upon-Tyne, Salford, Telford, Stratford

Please note that due to workforce controls, Stratford and Newcastle are only available to existing HMRC staff in these locations. HMRC staff based in Reading can also apply to move to Stratford in line with Migration path. HMRC staff based in 100PS can also apply to move to Stratford.

About the job

Job summary

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

The Fraud Prevention Centre (FPC) in HMRC Security is a growing area, focusing on countering fraud across HMRC services and providing secure Identity and Access Management services for customers. Our mission is to protect our customers and their online accounts from malicious actors, providing a high-quality customer service and support.

Our team is rapidly growing as we invest in new technologies and capabilities, and we are in search of enthusiastic individuals who can help us in achieving our mission.

We are continually improving the service we give to our customers and in line with this we are creating a new response and management team within the HMRC Fraud Prevention Centre.

Job description

Join HMRC’s Fraud Prevention Centre and lead the fight against online fraud. We’re looking for a Fraud Proactive Protection Lead (Grade 7) to spearhead fraud detection and response across HMRC’s digital services. This is a high-impact leadership role where you’ll drive proactive strategies to identify, disrupt, and prevent fraudulent activity at scale. You’ll oversee digital profiling of user interactions, manage complex risk rules to automate interventions, and lead investigations into anomalies and suspicious behaviours.

Working at the heart of HMRC’s transformation, you’ll be ensuring the effective exploitation of our growing range of technical capabilities, including advanced analytics, fraud detection and behavioural analytics, and threat intelligence with big data and SIEM platforms like Splunk, enabling real-time interventions and data-driven decisions. You’ll also collaborate with FPC Customer Operations, compliance teams in Risk, Intelligence and Fraud Investigation, and cyber security specialists to deliver joined-up fraud prevention and incident response. Your work will directly protect millions of taxpayers, safeguard public funds, and strengthen HMRC’s digital resilience against evolving threats to identity and access services.

Information session

HMRC are hosting an information session on Monday 22nd of June at 11am to accompany the application process where you will be able to hear more about the vacancy . You'll also be able to find out more about HMRC from the people who currently work in the role, including:

Who we are
What we do
Why we do it

There will also be the opportunity to ask any questions you may have about the role or the application process.

To join the session, you will need to register by completing the following:

https://forms.cloud.microsoft/e/hMCkMqdfHb

Person specification

Lead and develop teams of security and fraud analysts by example, driving excellence in proactive fraud prevention, detection and response across all customer communications channels.
Design and manage risk rules to identify suspicious patterns and behaviours across HMRC’s digital services, partnering with HMRC Compliance & Customer teams.
Conduct digital profiling of suspect interactions, leveraging intelligence, behavioural analytics to drive response activity and develop automated interventions.
Investigate anomalies and suspicious activity, applying intelligence-led approaches to disrupt fraudulent behaviour or influence customer compliance.
Work closely with FPC Threat Intelligence to understand threats and their scope and scale, FPC Engineering to inform controls, and FPC Performance on reporting.
Partner with wider HMRC compliance teams, including Risk, Intelligence, and Fraud Investigation, to share insights and coordinate fraud disruption strategies.
Analyse large-scale datasets using tools like Splunk, applying advanced techniques and developing tools and dashboards to support efficient action by junior analysts.
Integrate threat intelligence and data enrichment services (e.g., email, phone reputation) into detection workflows.
Work closely with FPC Customer Operations teams to investigate suspicious activity linked to customer reporting and ensure timely resolution.
Support incident management investigations, providing technical expertise and analysis to inform response actions and track them to conclusion.
Drive continuous improvement through automation, intelligence sharing, and feedback loops across FPC and partner teams.
Build strong partnerships across FPC and HMRC (including our Customer Compliance teams, tax and customs service leads) and with external bodies to ensure a coordinated approach to fraud prevention.
Support innovation and continuous improvement in fraud prevention techniques, leveraging automation, anomaly detection, and advanced analytics to stay ahead of evolving threats, and ensure a prompt and effective response.
Adjust fraud prevention controls to protect customers effectively while maintaining trust and minimising friction in HMRC services.

Essential Criteria:

Proven experience in fraud detection, cyber security, or threat intelligence within a large organisation.
Experience using data analysis and Security Information and Event Management (SIEM) platforms, such as Splunk or ELK, preferably in a security operations setting.
Good technical understanding of web and API services and interaction with client applications, including identity proofing authentication processes.
Knowledge of applying kill chain methodology and MITRE ATT&CK, including the use of threat intelligence feeds to classify and detect threat actor activity.
Knowledge of fraud detection techniques, including behavioural analysis and anomaly detection and investigation and OSINT (Open Source Intelligence) methods.
Strong understanding of cyber security principles, including threat intelligence and incident response.
Skilled in reporting, presenting, and visualising complex data in creative, digestible formats for different audiences, from senior leaders to development teams.
Software development and scripting skills in a security or counter-fraud context.
Experience of leading in a technical field, developing others and sharing knowledge.

Desirable Criteria:

Experience of applying machine learning and advanced analytics techniques in fraud detection.
Certifications such as CISM or relevant GIAC qualifications in network defence, threat intelligence and incident handling.
Academic qualifications in science, technology, engineering or maths subjects.

Security clearance:

This role requires SC clearance to take up duty but, candidates must be willing and able to obtain DV clearance once in post. Please note: DV clearance requires continuous UK residency for the past 10 years.

Reserved post

This role is open to UK nationals only.

Transitional Sites

For more information on where you might be working, review this information on our locations.

If your location preference is for one of the following sites, it’s important to note that these are not long-term sites for HMRC and we will require you to move to a new building in the future, subject to our location strategy and the applicable employee policies at that time.

These sites are:

Benton Park View, Newcastle - moving to Pilgrims Quarter, Newcastle
Telford Plaza, Telford - moving to Parkside Court, Telford
Trinity Bridge House, Manchester - moving to an alternative office in Manchester/ Salford

You will be given more information about what this means at the job offer stage.

Leeds Locations

Moves Adjustment Payment will be available for this role, provided the successful applicant is a current HMRC colleague in Bradford and meets the eligibility requirements outlined in the HMRC’s Moves Adjustment Payment guidance.

Apply to this Job

Sign up for Job Alerts

If you are a human, ignore this field

1st Line Support
2nd Line
2nd Line Engineer
2nd Line IT Support Engineer
3rd Line Engineer
Account Director
Account Manager
Administrator
Agile
Agile Delivery Manager
Analyst
Analytics
Application Administrator
Application Developer
Apprenticeship
Architect
Artificial Intelligence
Asset Manager
Auditor
Automation Test
Automotive
AWS
Azure
Backend Engineer
Back End Engineer
Business
Business Analyst
Business Change
Business Development
C#
C# Developer
Change Manager
Chief Technology Officer
CI/CD
Civil Engineer
Cloud
Cloud Engineer
Cloud Operations Engineer
Cloud Solution Designer
Communications Manager
Computer Science
Configuration Manager
Consultant
Content Manager
Coordinator
CTO
Cyber Compliance Manager
Cyber Delivery Manager
Cyber Manager
Cyber Policy
Cyber Risk Compliance Manager
Cyber Risk Manager
Cyber Security
Data
Data Analyst
Data Architect
Database Administrator
Data Consultant
Data Engineer
Data Manager
Data Scientist
Delivery Manager
Design
Design Engineer
Designer
Desktop Support Engineer
Developer
Devops
Devops Engineer
Digital
Digital Engineer
Director
DV Cleared
Dynamics Developer
Electrical Engineer
Engineer
Engineering Manager
Enterprise Architect
ERP Consultant
Front End Developer
Front End Engineer
Full Stack Developer
GCP
Geospatial
Geospatial Technician
Gitlab
Graduate
Head Of IT
HPC
Incident Response
Information Manager
Infrastructure
Infrastructure Analyst
Infrastructure Engineer
Infrastructure Manager
Integration Specialist
Intern
Internship
IOS Engineer
IT
IT Auditor
IT Business Analyst
IT Manager
IT Project Manager
IT Security
IT Support
IT Support Engineer
IT Technician
Java
Java Developer
Junior
Kubernetes
Lead Developer
Lead Engineer
Linux
Manager
Managing Director
Marketing Manager
Mechanical-engineer
Mechanical-engineering
Mechanical Safety
Mechanical Safety Manager
Microsoft
Mobile Developer
MRP Consultant
.net
.net Developer
Network Engineer
Network Manager
Network Operations Specialist
Network Specialist
Operations Director
Operations Engineer
Operations Manager
Operations Specialist
PHP
PHP Developer
Policy Standard Manager
Product Delivery
Product Design
Product Designer
Product Engineer
Product Manager
Product Owner
Programme Manager
Project Administrator
Project Delivery
Project Engineer
Project Management
Project Manager
Public Sector
Python
Quality Engineer
React
React Developer
Recruitment
Returnship
Ruby
Ruby On Rails
Sales
SAP
SC Cleared
Scrum Master
Security
Security Architect
Security Cleared
Senior Analyst
Senior Backend Engineer
Senior Delivery Manager
Senior Developer
Senior Engineer
Senior Product Manager
Senior Product Owner
Senior Scrum Master
Senior Software Engineer
Service Desk
Service Lead
Service-manager
Service Now
Service Now Developer
Site Reliability Engineer
Software Analyst
Software Developer
Software Engineer
Solution Architect
SQL Jobs
Strategy Manager
Structural Engineer
Supply Chain Manager
Support
Support Engineer
System Architect
Systems Administrator
Systems Analyst
Systems Developer
Systems Development
Systems Engineer
Systems Manager
Technical Architect
Technical Consultant
Technical Delivery Manager
Technical Lead
Technical Specialist
Technician
Test
Test Engineer
Tester
UI Designer
User Research
UX Designer
Web Designer
Web Developer

Aberdeen
Aldermaston
America
Amsterdam
Atherstone
Australia
Bangor
Basingstoke
Bath
Bedford
Bedfordshire
Belfast
Belgium
Berkshire
Bideford
Birmingham
Blackpool
Bournemouth
Bracknell
Brazil
Brentwood
Brighton
Bristol
Brussels
Bude
Burton
Cambridge
Cambridgeshire
Canada
Cannock
Cardiff
Cheadle
Cheltenham
Cheshire
Chesterfield
Chippenham
Coalville
Colchester
Cornwall
Corsham
Cossington, Leicestershire
Coventry
Crewe
Cumbria
Darlington
Daventry
Derbyshire
Devon
Doncaster
Dublin
Dunstable
Eastleigh
Edinburgh
Essex
Europe
Exeter
Flexible
France
Gaydon
Germany
Glasgow
Gloucester
Gloucestershire
Grantham
Guernsey
Guildford
Halifax
Hampshire
Hastings
Havant
Haywards Heath
Heathrow
Hertfordshire
Hounslow
Hull
Huntingdon
Hybrid
International
Inverclyde
Inverness
Ireland
Italy
Jersey
Jobs In Haliifc
Kent
Lancashire
Leatherhead
Leeds
Leicestershire
Lincolnshire
Liverpool
London
Loughborough
Malta
Manchester
Middlesex
Midlands
Milton Keynes
Netherlands
Newbury
Newcastle
Newcastle-upon-tyne
Newport
New York
Norfolk
Northallerton
Northampton
Northamptonshire
Norwich
Nottingham
Oakdale
Oxford
Oxfordshire
Perth
Peterborough
Plymouth
Poland
Poole
Portsmouth
Reading
Remote
Rivenhall
Romania
Rugby
Russia
Salford
Salford Quays
Scarborough
Scotland
Sheffield
Shrewsbury
Solihull
Southampton
Southport
Spain
Staffordshire
Stevenage
Stockholm
Suffolk
Surrey
Swansea
Sweden
Swinton
Taunton
Telford
Thatcham
Tilbury
UK
United Kingdom
United States
Wakefield
Wales
Walsall
Walton-on-thames
Warrington
Warsaw
Warszawa
Warwick
Warwickshire
Watford
Wellingborough
Wembley
West Bromwich
West Drayton
West Midlands
West Sussex
Wilmslow
Wolverhampton
Working From Home
Worldwide
Yeovil
York
Yorkshire