Lead Security Architect

Join the Home Office as a Lead Security Architect and steer the secure-by-design delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO-level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns that let teams adopt cloud, DevSecOps, IoT and zero-trust approaches safely. If you can blend deep technical insight with clear, influential communication, and enjoy turning complex risks into elegant, proportionate solutions, this role offers the chance to make a tangible impact on services millions rely on every day. Where business needs allow some roles may be suitable for a combination of office and home-based working. Where this is the case, employees will be expected to spend a minimum of 60% of their working time in the office. Watch this short video to hear from members of Home Office Digital talking about the projects they work on and their experience of working here: Working for Home Office Digital., As a Lead Security Architect you will direct secure architecture across a portfolio worth hundreds of millions of pounds. Working with product owners, delivery managers and enterprise architects, you will ensure every new or changed service conforms to Home Office and NCSC standards while enabling rapid, user-centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will rationalise design choices to technical and nontechnical audiences and document them for reuse. You will champion "secure by default" in agile pipelines, embedding IaC scanning, SAST/DAST, SBOM and cloud native guardrails, so security becomes a quality attribute owned by delivery teams. Through communities of practice and one-to-one coaching, you will nurture SEO architects and engineers, acting as escalation point for complex design decisions. Finally, you will cultivate relationships with external suppliers, government peers and industry forums to import good practice and influence future standards, ensuring Home Office services remain resilient, cost-effective and compliant., + Set portfolio level vision & patterns in line with Principal Security Architect strategy, translating them into reusable templates and guardrails.

• Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure.

• Perform and interpret threat modelling / pentest results, converting findings into road mapped improvements and measurable risk reductions.

• Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless), balancing usability, cost and compliance.

• Mentor and quality assure SEO Security Architects' work, fostering a culture of continuous learning and knowledge sharing.

• Engage senior stakeholders across technology, policy and operations, presenting security trade-offs in business terms and gaining consensus.

• Scan the horizon for emerging threats, tooling and regulatory change, recommending timely adoption or mitigation strategies.

• Oversee vendor and SaaS evaluations, ensuring contracts include appropriate security clauses and ongoing assurance. Essential Skills:

• Secure system design leadership; demonstrable track record creating or validating architectures for largescale, high risk services using recognised frameworks (SABSA, TOGAF, NCSC).

• Risk based decision making; expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost effective controls.

• Technical depth; hands on knowledge of cloud security, IAM, container & API security, network segmentation, encryption and DevSecOps toolchains; capable of explaining exploitability of complex vulnerabilities.

• Pentesting & threat modelling; scoping, overseeing and translating results into enforceable patterns and backlog items.

• Influential communication; demonstrate ability to engage Csuite and delivery squads alike, adapting style to gain agreement and drive secure by design culture.

• Mentoring & governance; experience line managing or coaching security architects/engineers and running architecture assurance or design review boards. SFIA capability framework Skills for the Information Age (SFIA) is the technical framework that sets the standard capability and development of all levels in the Home Office. This is a link to the capability framework: All skills A - Z English (sfia-online.org). We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process. The essential skills listed above are reflective of the Home Office Government Digital and Data Profession Career Framework (based on the industry standard SFIA framework). Use the SFIA Levels of responsibility to understand what would be expected for each technical skills listed below. SFIA Technical skills: Strategy & Architecture:

• Strategy and Planning o Strategic Planning (ITSP) - Level 3 o Solution Architecture (ARCH)- Level 5 o Innovation (INOV) - Level 3 o Enterprise and Business Architecture (STPL) - Level 3

• Advice & Guidance o Consultancy (CNSL) - Level 4 o Specialist Advice (TECH) - Level 4

Behaviours We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing

Technical skills We'll assess you against these technical skills during the selection process:

• Strategic Planning (ITSP) - Level 3
• Solution Architecture (ARCH)- Level 5
• Specialist Advice (TECH) - Level 4, This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. As part of the application process, you will be asked to complete a CV and Personal Statement (up to 1250 words). Please note your CV and personal statement should include all relevant experience that relates to our essential skills criteria listed in the advert and role description. We recommend that you use the STAR format in your examples and ensure that both components are completed thoroughly. Remove information that identifies you (for example your name, age or place of education) so that you will be judged on merit alone and not your personal background, circumstances, race or gender. Do NOT include e-mail addresses or links to online profiles, resumés, or prior work, either personal or business. Active links or e-mail addresses will result in your application being rejected. Watch our three short videos on how to apply for our roles: Applying - Home Office Careers. Plagiarism and Artificial Intelligence (AI) Artificial Intelligence can be a useful tool to support your application; however, all examples and statements provided must be truthful, factually accurate, and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn, and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use. Further action, including disciplinary action, may be considered in such cases involving civil servants. Providing false or misleading information would be contrary to the core values of honesty and integrity expected of all civil servants. Sift Stage The sift will be held on the CV and Personal Statement. Please read the essential skills for this position carefully. We will only consider those who meet the listed requirements. In the event of a high number of applications received, an initial sift may be held on the personal statement. Interview Stage Candidates reaching the required standard will then be invited to attend an interview. The interview will assess your Technical Skills (SFIA Framework) and Behaviours using technical and behaviour-based questions. At the beginning of the interview, you will be required to deliver a presentation. The presentation topic will be provided prior to your interview. If you are invited to an interview, you will be required to bring a range of documentation for the purposes of establishing identity and to aid any pre-employment checks. Please see the attached list of Home Office acceptable ID documents. Sift and Interview dates

The sift will commence from 05/12/2025., The advertised role is part of the Home Office Government Digital and Data Profession. This role has access to a digital capability-based allowance. Applicants who are successful at interview will be invited to complete a Capability and Skills Assessment post-interview. Any allowance awarded will be based on the assessment of your capability against the six skills advertised for this role. Please see the Home Office Pay Framework Allowance Careers page for more information. The allowance values are set by the Home Office, subject to remaining in a qualifying role and are non-pensionable. This allowance is non-contractual, subject to an annual review and could be withdrawn at any time. For both new entrants and existing civil servants, the total compensation offer is a combination of base salary and, if applicable, a capability-based allowance. The pay ranges for this role are National: £60,300 - £66,330 and London: £64,300 - £70,730. New entrants to the Civil Service will start on the pay range minimum. For existing civil servants, our policies on level transfer and promotion will apply. Working at the Home Office Every day, Home Office civil servants do brilliant work to develop and deliver policies and services that affect the lives of people across the country and beyond. To do this effectively and fairly, the Home Office is committed to representing modern Britain in all its diversity, and creating a welcoming, inclusive workplace where all our people can bring their whole selves to work and perform at their best. We are flexible, skilled, professional and diverse. We work to recruit and retain disabled staff and area Disability Confident Leader. We are proud to be one of the most ethnically diverse departments in the civil service. We are a Social Mobility Foundation top 75 employer. New entrants are expected to join on the minimum of the pay band. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment. For further information please see the attached notes for candidates which must be read before making an application. Existing Civil Servants should note that some of the Home Office terms and conditions of employment have changed. It is the candidate's responsibility to ensure they are aware of the Terms and Conditions they will adopt should they be successful in application and should refer to the notes for candidates for further details. Transfer Terms: Voluntary. You will need to meet the nationality requirements for this role and obtain the necessary security clearance to take it up. Any move to the Home Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk., + UK nationals

• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window)

Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

For meaningful security checks to be carried out, individuals need to have lived in the UK for a sufficient period of time. Learn more on our website. Security Checks - Home Office Careers. Please note that this role requires Security Check (SC) clearance, which would normally need 5 years' UK residency in the past 5 years. However, in exceptional circumstances security clearance applications for candidates who have been present in the UK for at least 3 of the last 5 years may be considered. Failure to meet this residency requirement will result in your security clearance application being rejected., We are unable to sponsor any individuals via Skilled Worker Sponsorship / Tier 2 (General) work visas as we do not hold a UK Visa & Immigration (UKVI) Skilled Worker License.

£60,300 - £70,730 National: £60,300 - £66,330 London: £64,300 - £70,730 New entrants to the Civil Service will start their role on the salary band minimum £60,300 for National Roles or £64,300 for London Roles You may be eligible for an additional non-pensionable allowance, pending a Capability and Skills assessment, with a value of up to £20,100. A Civil Service Pension with an employer contribution of 28.97% GBP, Alongside your salary of £60,300, Home Office contributes £17,468 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. Why work for us... Find out more information at: Benefits - Home Office Careers, but some of the primary ones are:

• A competitive starting salary.
• A Civil Service Pension with employer contribution rates of at least 28.97%.
• In-year reward scheme for one-off or sustained exceptional personal or team achievements.
• The ability to potentially adopt flexible working options that suit your work/life balance, plus the opportunity in future to take a career break.
• 25 days annual leave on appointment, rising with service.
• Eight days public holidays, plus one additional privilege day.
• 26 weeks maternity, adoption or shared parental leave at full pay, followed by 13 weeks statutory pay and a further 13 weeks unpaid, after qualifying service.
• Maternity and adoption support leave (also known as paternity leave) of two weeks full pay, after qualifying service.
• Paid leave for fostering approval processes, support when a child is substantively placed with you plus a foster to adopt policy.
• Support for Guardians and Kinship carers.
• Corporate membership of 'Employers for Carers' providing additional information and advice for carers, plus a 'Carer's Passport' to discuss workplace needs and underpin supportive conversations.
• Time off to deal with emergencies and certain other unplanned special circumstances.