Senior Security Architect

The Security Architect will provide guidance and advice ranging from scoping IT Health Checks, providing guidance in risk assessment, providing security guidance, checking the cloud posture management platform for vulnerabilities. Projects may involve online identity and verification, telephone based identity and verification.

DWP is looking to provide a strategic platform within the identity and trust team that will allow secure and safe communication for its users with its services.

The team is made up of a number of architects, so relationships will need to be built with other teams, the security community and the design authority. Key responsibilities include:

• Leading the design and delivery of secure architectures, ensuring security controls are embedded from the outset of product development.
• Developing and recommending secure solution options during discovery and inception to inform design decisions.
• Collaborating with Solution Architects and agile teams to produce secure, value-for-money designs aligned to user needs.
• Creating clear security architecture artefacts and documentation to support governance and enable secure engineering practices.
• Ensuring all designs comply with the Digital Blueprint, Enterprise Architecture standards, and agreed product roadmaps.
• Providing expert security guidance across the full product lifecycle, including assurance activities such as control self-assessments.
• Owning and evolving security product roadmaps, contributing to Digital Blueprint improvements and reusable security patterns.
• Build organisational security capability through mentoring, sharing best practice, and supporting the growth of the Architecture community., We'll assess you against these behaviours during the selection process:
• Communicating and Influencing
• Leadership
• Working Together, We'll assess you against these technical skills during the selection process:
• Communication [Security Architect] (Practitioner)
• Analysis (Practitioner)
• Designing secure systems (Practitioner)
• Enabling and informing risk-based decisions (Practitioner)
• Security technology (Expert)
• Understanding security implications of transformation (Practitioner), * You will be asked to complete your employment history. Any information that you would customarily share on a CV should therefore be entered onto the application form.
• Personal details that could be used to identify you including your name, contact details and address must be removed for your application to be considered.
• If your employment history/personal statement contains any personal details your application will be withdrawn.

Stage 2: Interview 1

If you're successful at sift stage you will be invited to a video interview via Microsoft Teams.

You will be asked to do a 10-minute presentation to further assess your experience and to assess the technical skill of Communication (Security Architect). There will be a further 10 minutes for questions.

"Architecture Communication (Expert)". Your presentation should focus on the following:

• Present an example of a security architecture design that you’ve worked with external suppliers to define and deliver, explaining how you translated business requirements into secure technical solutions including your key decisions, applied architectural standards, patterns and modelling techniques, and worked with delivery teams through the full lifecycle.

The use of visual aids such as PowerPoint is allowed.

Stage 3: Interview 2

If you are successful at Stage 2 (interview 1) you will be invited to a video interview via Microsoft Teams. There, you will be assessed against the following Behaviours and Technical Skills:

Behaviours:

• Communicating and Influencing
• Leadership
• Working Together, * UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Do you have experience in VPN?, Do you have a Master's degree?, * Has proven experience as a Security Architect within complex, large-scale digital or government environments.

• Has a strong understanding of secure-by-design principles, enterprise architecture and cloud-native security.
• Has experience working in agile, multidisciplinary teams delivering user-centric services.
• Has the ability to influence senior stakeholders and communicate complex security concepts clearly.
• Can demonstrate experience of shaping architecture standards, roadmaps and governance frameworks.
• Has a passion for mentoring others and developing organisational capability.

As our Security Architect, you will use your technical knowledge, architecture design knowledge and development skills to help secure services used by millions of people against cyber threats.

DWP is a huge and complex organisation. We have unique architectural and security challenges that you won't find in other roles. The reason for this vacancy is provide a security architect to provide advice and guidance to this team. This role will involve our Corporate Centre Services function.

We also welcome applications from candidates from a range of backgrounds including those with academic, consultancy and military experience, who hold a Certified Information Systems Security Professional (CISSP) certification (or willing to work towards obtaining the qualification), or a Master’s degree in Information Security., * Expert Security Architecture Design & Modelling: Proven ability to lead the design of secure, scalable architectures using recognised modelling techniques, tools and standards. You consistently embed security controls from the outset and produce clear, high-quality architecture artefacts that support governance and delivery.

• Strong Application & Cloud Security Expertise: Deep understanding of securing modern applications and cloud-native environments, including hands-on knowledge of platforms and tooling such as Docker, Kubernetes, Istio, and CI/CD pipelines (e.g. Jenkins, GitLab), alongside cloud posture management and vulnerability assessment.
• Enterprise-Scale Architecture Experience: Demonstrable experience operating as a Security Architect within a complex, large-scale, national or multinational organisation. You are confident working across enterprise architectures, aligning solutions with strategic roadmaps and Digital Blueprint standards.
• Advanced Network & Infrastructure Security Knowledge: Strong knowledge of network protocols (e.g. TCP/IP, BGP, OSPF) and their secure implementation, with experience securing infrastructure components including firewalls, load balancers, routers, and switches within highly available environments.
• Threat Analysis, Risk Management & Cryptography Expertise: Ability to identify, assess and mitigate sophisticated cyber threats using tools such as SIEM, IDS/IPS, and endpoint detection platforms. Strong understanding of risk assessment practices, encryption and cryptographic standards (e.g. TLS, IPsec, PKI, VPNs) to protect data in transit and at rest.
• Identity, Access Management & Security Leadership: Deep knowledge of authentication and authorisation protocols (e.g. OAuth2, OIDC, SAML, JWT) and their application in identity and trust platforms. Proven ability to communicate security solutions, influence stakeholders, and build capability through collaboration, mentoring and leadership within architecture communities., * Analysis (Practitioner)
• Designing secure systems (Practitioner)
• Enabling and informing risk-based decisions (Practitioner)
• Security technology (Expert)
• Understanding security implications of transformation (Practitioner), You must meet the security requirements before you can be appointed. The level of security needed is security check.

For further information on National Security Vetting please visit the Demystifying Vetting website.

You must have resided continuously in the UK for at least 3 of the last 5 years, 2 of which must have been the immediately preceding years from the point of applying for this job., Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

Pulled from the full job description

• Pay rise
• Annual leave
• Employee discount
• Employee assistance programme
• Company pension
• Cycle to work scheme, Alongside your salary of £57,946, Department for Work and Pensions contributes £16,786 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

We also have a broad benefits package built around your work-life balance which includes:

• Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours.
• Generous annual leave – at least 25 days on entry, increasing up to 30 days over time (pro–rata for part time employees), plus 9 days public and privilege leave.
• Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme.
• Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly).
• Family friendly policies including enhanced maternity and shared parental leave pay after 1 year’s continuous service.
• Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes.
• An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Women’s Network, National Race Network, National Disability Network (THRIVE) and many more.

Hybrid Working

This role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work.

If a hybrid working arrangement is suitable for the role and for you, you will normally be required to spend a minimum of 60% of your contracted working hours from your DWP office., Pay for this role is £57,946 to £68,205, subject to candidate type. In addition to this, the role can attract a Government Digital and Data allowance of up to £25,971. Please see additional info below regarding candidate type. The value of allowance awarded will be based on an assessment of your skills as demonstrated in the selection process. Government Digital and Data Allowance is a discretionary non-consolidated, non-pensionable allowance.

External applicants

Pay for this role is £57,946 plus a Government Digital and Data Allowance of up to £25,947, subject to our assessment of capability at interview.

Our offer to successful candidates will be based on our assessment of your capability based on the evidence you provide at interview against the listed Technical Skills for the role. There is no negotiation at offer stage.

Internal and OGD applicants

Pay for the role is from £57,946 to £68,205, you may also be eligible for a Government Digital and Data Allowance of up to £25,971, subject to our assessment of capability at interview.

Existing Civil Servants who secure a new role on lateral transfer should maintain their current base salary.

Existing Civil Servants who gain promotion should either move to the bottom of the grade pay scale or receive a 10% increase to their base salary; whichever would be the greater.

In addition to your base salary a Government Digital and Data Allowance may be payable based on our assessment of your capability. Our offer to successful candidates will be based on the evidence you provide at interview against the listed Technical Skills for the role. There is no negotiation at offer stage.