Senior and Principal Security Architects
£50-£90 per hour (Dependent on experience and level) - Inside IR35
12 month contracts
Hybrid - 2/3 days a week on site - Warton (PR4)
**Applicants must have the right to work in the UK**
**Successful applicants must be eligible for SC/DV clearance**
Role Purpose / Overview
Highly experienced security architects with strong technical credentials across enterprise, cloud, network and classified environments. Responsible for designing end-to-end secure architectures (HLD/LLD), leading Design Authorities and Technical Design Authorities, and providing architectural assurance across multi-supplier programmes up to TOP SECRET / Above Secret classifications. Ensures Secure-by-Design principles are embedded from the outset across all programmes.
Key Outcomes
- Security is consistently embedded into system design across all programmes
- Architectural decisions align with Secure-by-Design principles from the outset
- Complex, multi-partner and classified environments are designed securely and coherently
- Identity, cross-domain and data protection controls are defined at the architecture level
- Design Authority interactions are informed, structured and technically robust
Key Responsibilities
- Design end-to-end secure architectures (HLD/LLD)
- Lead Design Authorities and Technical Design Authorities
- Ensure security is consistently embedded into system design across all programmes
- Align architectural decisions with Secure-by-Design principles from the outset
- Define identity, cross-domain and data protection controls at the architecture level
- Enable structured, technically robust Design Authority interactions
- Provide architectural assurance across complex, multi-partner and classified environments
Technical Skills & Experience, a good mix of some or all of the following:
- Secure-by-Design (MOD SbD / NIST 800-53r5 / NIST CSF / CIS CSC v8.1) - design, maturity tracking and assurance across full programme lifecycles
- Enterprise & Cloud Security Architecture - AWS, Azure, GCP, Oracle Cloud (multi-cloud landing zones, hybrid identity, secure migration patterns)
- Classified Platform Design - OFFICIAL, OFFICIAL-SENSITIVE, SECRET and ABOVE SECRET environments, ROSA, Garrison, Citadel, VCF, Cross-Domain Solutions
- Zero Trust, IDAM & PKI - conditional access, hybrid identity, cryptography, HSMs, IAM, RBAC, OIDC, federation
- Threat Modelling - STRIDE / STRIDE-LM, attack-surface analysis, trust boundary modelling, design reviews
- Network & Boundary Security - Checkpoint, Palo Alto, Fortinet, Cisco, Juniper, F5, Zscaler, NSX-T, SD-WAN, encrypted WAN, DMZ, NAC
- ServiceNow & M365 Architecture - ITSM, ITOM, CSM, EAM, SharePoint Online, Purview, Entra, Sentinel, Defender, Power Platform, CoPilot
- Container & DevSecOps - Kubernetes (EKS, Tanzu), Terraform, Ansible, CI/CD security, image scanning, container hardening
- Architecture Frameworks - TOGAF, ArchiMate, SABSA, Zachman, MODAF, JSP standards, NCSC architectural patterns
- HLD / LLD authoring, Security Patterns, Reference Architectures, Bill of Materials, Crypto Plans and JSP-compliant documentation
- Design Authority leadership, Technical Security Boards, Gateway Reviews, multi-supplier governance
Qualifications & Certifications
- CISSP (multiple holders), CISM, CCSP, OSCP, CEH
- TOGAF 9 / TOGAF 9.2, SABSA Foundation, Zachman, ITIL v3/v4
- AWS Security Specialty, AWS Solutions Architect, AWS DevOps Pro, AWS Advanced Networking
- Azure Security Specialist (AZ-500), Azure Solutions Architect (AZ-303/304), Microsoft MCSE
- CCIE (#38006), CCNP, CCDP, VCP, VCAP-NV, VCP-NV, Check Point CCSE/CCSA, PCNSE
- ISO 27001 Lead Auditor, ISO 27005
- Prince2 Practitioner, MSP, Chartered Engineer (IET), MBCS CITP
- Government Clearances: SC, DV (active and historic), Five Eyes engagement
