Security Architect

As a Security Architect, you'll be responsible for shaping and assuring secure architectures across complex defence products and systems. You will ensure security is integrated from conception through to delivery, embedding Secure by Design principles throughout the engineering lifecycle.

You'll collaborate closely with engineering, product, security, and project teams to ensure solutions are resilient to evolving cyber and information threats., * Identify, interpret, and integrate security requirements throughout the product and system development lifecycle.

• Lead threat modelling and risk assessments, applying recognised frameworks such as ISO/IEC 27001, NIST 800-30/53, and ISO 31000.
• Use and configure industry-standard threat-modelling tools (e.g., STRIDE-based tools, attack-tree tooling).
• Provide expert advice on secure architectures, ensuring risks are understood, prioritised, and mitigated.
• Ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-138 / 05-139, and ISN 23/09 Secure by Design.
• Support incident response, security investigations, and remediation activities for product and system-related events.
• Produce and maintain security artefacts, documentation, and guidance materials.
• Communicate complex risk findings and recommendations to technical teams, project leadership, and senior stakeholders.

You will bring deep experience in cyber and information security within a Defence, Government, National Security, or Aerospace context, with the confidence to influence both engineering and business teams., * Demonstrable experience as a Security Architect or Security Engineer in Defence, Aerospace, or National Security environments.

• Hands-on experience applying Secure by Design within product development, not only infrastructure.
• Practical, working knowledge of Def Stan 05-139 and its application within engineering lifecycles.
• Experience using threat-modelling tools and applying structured threat-modelling methodologies.
• Strong understanding of HMG Security Policy Framework and MOD security standards.
• Familiarity with security and risk management methodologies (ISO 27001/2, ISO 27005, NIST frameworks).
• Analytical, structured problem-solver able to assess complex scenarios and provide actionable guidance.
• Collaborative communicator who can balance technical assurance with delivery and business priorities.
• Proactive approach with the ability to manage multiple concurrent workstreams.