Security Architect
Role details
Job location
Tech stack
Job description
Our client is seeking an experienced Security Architect to support a major internal programme responsible for delivering capabilities that underpin critical infrastructure operations.
This role will embed within an agile delivery programme while also contributing to the wider Security Architecture Community of Practice, working alongside enterprise and domain security architects to strengthen security architecture practices across the organisation.
The successful candidate will provide security architecture leadership for an internal application within the programme, ensuring security is embedded throughout the development lifecycle using secure-by-design and shift-left principles.
You will work closely with engineering, architecture, and delivery teams to ensure security risks are identified early, appropriate controls are designed, and systems are resilient against evolving threats., Programme Security Architecture
- Own the security architecture for an internal application supporting critical infrastructure programmes.
- Embed secure-by-design and shift-left practices within agile delivery teams.
- Work closely with engineers and product teams to ensure security is integrated into design and development activities.
- Provide architectural guidance across agile sprints and feature releases.
Security Risk & Threat Analysis
- Conduct threat modelling independently across application and platform designs.
- Perform risk assessments to identify vulnerabilities and architectural weaknesses.
- Design appropriate security controls, including identifying where compensating controls may be required.
- Provide security architecture input into release planning and technical decision making.
Security Architecture Governance
- Ensure solutions align with organisational security policies, regulatory obligations, and industry best practice.
- Maintain clear and accessible security architecture documentation.
- Support security-related incident response activities where architectural insight is required.
Community of Practice Contribution
-
Contribute to the Security Architecture Community of Practice, supporting the maturity of the clients security architecture capability.
-
Help identify capability gaps and support the development of consistent approaches across teams, including:
-
Threat modelling frameworks
-
Secure development lifecycle practices
-
Security architecture standards
Provide ad-hoc security architecture support across other programmes where needed.
Requirements
- Active SC Clearance (recently lapsed clearance may be considered for exceptional candidates).
- Strong experience as an application or Software Security Architect.
- Demonstrable experience embedding security within agile development environments.
- Proven ability to conduct threat modelling independently.
- Strong experience in designing security controls (architectural level rather than hands-on implementation).
- Strong expertise in containerised services and container security.
- Experience working with DevSecOps practices and secure SDLC frameworks.
- Ability to communicate complex security concepts clearly to both technical and non-technical stakeholders.
- Experience supporting systems operating within regulated or high-assurance environments.
Desirable Experience
- Experience within the energy, utilities, or similar highly regulated sectors.
- Experience supporting systems related to critical infrastructure operations.
- Familiarity with large-scale enterprise transformation programmes., * Threat modelling
- Secure architecture design
- DevSecOps practices
- Security risk management
We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.
