Summary: The role of Cyber Security Architect involves designing secure architectures for complex environments, ensuring that security principles are integrated from the outset. The position requires leading Design Authorities and providing architectural assurance across multi-supplier programs, particularly in classified settings. Candidates must possess extensive experience in enterprise, cloud, and network security, along with the ability to navigate high-level security clearances. The role is hybrid, requiring on-site presence in Warton, Lancashire, for part of the week.
Key Responsibilities:
- Design end-to-end secure architectures (HLD/LLD)
- Lead Design Authorities and Technical Design Authorities
- Ensure security is consistently embedded into system design across all programmes
- Align architectural decisions with Secure-by-Design principles from the outset
- Define identity, cross-domain and data protection controls at the architecture level
- Enable structured, technically robust Design Authority interactions
- Provide architectural assurance across complex, multi-partner and classified environments
Key Skills:
- Secure-by-Design (MOD SbD / NIST 800-53r5 / NIST CSF / CIS CSC v8.1)
- Enterprise & Cloud Security Architecture (AWS, Azure, GCP, Oracle Cloud)
- Classified Platform Design (OFFICIAL, OFFICIAL-SENSITIVE, SECRET and ABOVE SECRET)
- Zero Trust, IDAM & PKI
- Threat Modelling (STRIDE / STRIDE-LM)
- Network & Boundary Security (Checkpoint, Palo Alto, Fortinet, Cisco)
- ServiceNow & M365 Architecture
- Container & DevSecOps (Kubernetes, Terraform, Ansible)
- Architecture Frameworks (TOGAF, ArchiMate, SABSA)
- HLD / LLD authoring, Security Patterns, Reference Architectures
- Design Authority leadership, Technical Security Boards
Salary (Rate): £90 per hour
City: Preston
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Senior
Industry: IT
Senior and Principal Security Architects£50-£90 per hour (Dependent on experience and level) - Inside IR3512 month contractsHybrid - 2/3 days a week on site - Warton (PR4)**Applicants must have the right to work in the UK****Successful applicants must be eligible for SC/DV clearance**Role Purpose / OverviewHighly experienced security architects with strong technical credentials across enterprise, cloud, network and classified environments. Responsible for designing end-to-end secure architectures (HLD/LLD), leading Design Authorities and Technical Design Authorities, and providing architectural assurance across multi-supplier programmes up to TOP SECRET / Above Secret classifications. Ensures Secure-by-Design principles are embedded from the outset across all programmes.Key OutcomesSecurity is consistently embedded into system design across all programmesArchitectural decisions align with Secure-by-Design principles from the outsetComplex, multi-partner and classified environments are designed securely and coherentlyIdentity, cross-domain and data protection controls are defined at the architecture levelDesign Authority interactions are informed, structured and technically robustKey ResponsibilitiesDesign end-to-end secure architectures (HLD/LLD)Lead Design Authorities and Technical Design AuthoritiesEnsure security is consistently embedded into system design across all programmesAlign architectural decisions with Secure-by-Design principles from the outsetDefine identity, cross-domain and data protection controls at the architecture levelEnable structured, technically robust Design Authority interactionsProvide architectural assurance across complex, multi-partner and classified environmentsTechnical Skills & Experience, a good mix of some or all of the following:Secure-by-Design (MOD SbD / NIST 800-53r5 / NIST CSF / CIS CSC v8.1) - design, maturity tracking and assurance across full programme lifecyclesEnterprise & Cloud Security Architecture - AWS, Azure, GCP, Oracle Cloud (multi-cloud landing zones, hybrid identity, secure migration patterns)Classified Platform Design - OFFICIAL, OFFICIAL-SENSITIVE, SECRET and ABOVE SECRET environments, ROSA, Garrison, Citadel, VCF, Cross-Domain SolutionsZero Trust, IDAM & PKI - conditional access, hybrid identity, cryptography, HSMs, IAM, RBAC, OIDC, federationThreat Modelling - STRIDE / STRIDE-LM, attack-surface analysis, trust boundary modelling, design reviewsNetwork & Boundary Security - Checkpoint, Palo Alto, Fortinet, Cisco, Juniper, F5, Zscaler, NSX-T, SD-WAN, encrypted WAN, DMZ, NACServiceNow & M365 Architecture - ITSM, ITOM, CSM, EAM, SharePoint Online, Purview, Entra, Sentinel, Defender, Power Platform, CoPilotContainer & DevSecOps - Kubernetes (EKS, Tanzu), Terraform, Ansible, CI/CD security, image scanning, container hardeningArchitecture Frameworks - TOGAF, ArchiMate, SABSA, Zachman, MODAF, JSP standards, NCSC architectural patternsHLD / LLD authoring, Security Patterns, Reference Architectures, Bill of Materials, Crypto Plans and JSP-compliant documentationDesign Authority leadership, Technical Security Boards, Gateway Reviews, multi-supplier governanceQualifications & CertificationsCISSP (multiple holders), CISM, CCSP, OSCP, CEHTOGAF 9 / TOGAF 9.2, SABSA Foundation, Zachman, ITIL v3/v4AWS Security Specialty, AWS Solutions Architect, AWS DevOps Pro, AWS Advanced NetworkingAzure Security Specialist (AZ-500), Azure Solutions Architect (AZ-303/304), Microsoft MCSECCIE (#38006), CCNP, CCDP, VCP, VCAP-NV, VCP-NV, Check Point CCSE/CCSA, PCNSEISO 27001 Lead Auditor, ISO 27005Prince2 Practitioner, MSP, Chartered Engineer (IET), MBCS CITPGovernment Clearances: SC, DV (active and historic), Five Eyes engagement