Lead Security Architect

• Risk Management within a Defence and Security Sector;

• Security / Cyber architectures are proportionate to the GSC of the systems;

• Security architectures are delivered in conjunction with other IT Architects and SMEs;

• Apply security design specifics to develop the security architecture;

• Strategic direction of Security projects;

• Producing evidence to meet various MOD regulations;

• Designing options and solutions to mitigate vulnerabilities;

• Working with various teams across the business including Software Engineering, DevSecOps Engineering, Infrastructure Engineering, Agile and Cyber Security; and

• Either holds or has recently held government security clearance already, or is suitable for and willing to go through the vetting process (suitability would include an absence of a serious criminal record, a right to work and live in UK and, preferably, a record of 5 years' UK residency)

• Able to perform Risk management using industry approved methodologies (such as NIST 800-53). Identification of suitable risk management activities (technical, physical, or procedural) to treat /mitigate the identified risks;

• Support development in a secure by design methodology;

• Be able to work at a technical level with teams;

• Identification / design / selection of appropriate security components to provide security enforcing functions (e.g. network, endpoints, cryptography, authentication, authorisation, data inspection etc) for a variety of infrastructures including cloud environments;

• Legal and regulatory topics that merit consideration when conducting various activities in the field of cyber security;

• Creation of security documentation to support the development of a system, these could include: security Aspects, Risk Assessment, Risk Management, Security Policies, Security Test Plans/Results, Evaluation documents;

• Knowledge of JSP 604 / 453 and creation if assurance artefacts; and

• High standards in written report and design documentation.

Experience (Nice to have)

• Knowledge and experience of Agile, DevSecOps, CI/CD principles and their application in secure environments

• Appreciation of the constraints and requirements imposed on development within secure, safety critical environments

• Concepts and technologies that are used to engineer systems which inherently protect systems;

• Understanding of MOD and other departmental IT in defence and security

• Experience of working with MOD Accreditors; and

• Knowledge of Onsite / project tech stack includes but is not limited to Azure, AWS, Docker, Kubernetes, Apache (NiFi, Kafka), NodeJS, Typescript, MongoDB, AI, Machine Learning etc.

About SiXworks SiXworks is a leading provider of secure digital solutions, specialising in digital experimentation and focused on fail-safe-fast cutting-edge technology solutions deployed in highly secure environments. We are unified in our mission to accelerate innovation and adoption of secure, digital technology to improve the operational agility of Defence and National Security. This is an exciting time for us, we have ambitious plans for continued growth and development, and we are seeking to add brilliant, experienced, motivated, and passionate people to our team to work with us on this journey. Why join SiXworks? SiXworks' expertise includes Secure-by-Design, cloud computing, advanced network and infrastructure design, rapid application development, cross-security domain systems, multi-tenanted High-Performance Compute, multi-source data platforms, cyber vulnerability mitigation, and intelligence systems. We provide supplier-agnostic, technical, and business consultancy to customers while championing open-source and best-of-breed technologies. What can we offer in return? SiXworks offers a unique work culture around our core principles Agility, Security, Innovation, Quality, Collaboration and Inclusivity. Together, these six principles form SiXworks' NORTH STAR, guiding the organisation towards success. This is reflected in the raft of benefits available to all our employees. A word on UK Security Clearance Due to the secure nature of the position and working environment, you must have, or be eligible to obtain Security Clearance. More details relating to UK Security Clearance can be found here: United Kingdom Security Vetting: clearance levels - GOV.UK (www.gov.uk) SiXworks is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organisation. SiXworks will be the hiring entity. By proceeding with this application, you understand that SiXworks will share your personal information with other IBM subsidiaries involved in your recruitment process, wherever these are located. More Information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here: https://www.ibm.com/privacy Notice SiXworks recognises the benefits of Reserve service to Country, Company and individual.