Senior Security Architect

We are seeking a highly skilled and forward-thinking Security Architect to join our rapidly expanding team. This critical role will lead the secure design and delivery of our customer's cloud-managed end-user computing environment, ensuring a secure, scalable, and seamless digital workspace experience. The ideal candidate will have deep expertise in device management (Physical and VDI), identity and access, security, and cloud SaaS environments, Privileged access workstation, Cloud based development environment. The Security Architect will be instrumental in advancing our Zero Trust security posture aligned with NCSC and NIST 800-207 guidelines. We are seeking someone with:

• Strong technical abilities and cross-functional collaboration skills.
• Proven skills at explaining the technical to the non-technical (clients and stakeholders).
• Deep passion for security, automation, and driving operational excellence.
• Ability to thrive in a fast-paced, evolving, and challenging environment.
• Excellent problem-solving, communication, and documentation skills.

They will lead the design, assessment, and assurance of secure solutions as part of a key project - the Machinery of Government (MoG) Phase 2 Developer Device Solution., * Lead threat modelling and risk assessments for developer environments and associated services.

• Ensure device and endpoint security, including hardening, policy enforcement, patching, and monitoring.
• Collaborate with Zero Plus and other engineering teams to design secure CI/CD pipeline integration on managed developer devices.
• Define security controls for device provisioning, identity/access management, and remote access, aligned with Zero Plus' Architectural Design principles and Standards; specifically, Zero trust.
• Develop and maintain architectural artefacts and security documentation to support accreditation, Security testing and future Incident Management.
• Work closely with Security Operations, Assurance, and GRC teams to align with compliance and policy needs.
• Act as the security SME in delivery teams and governance boards for MoG Phase 2, * Certifications: CISSP, CISM, SABSA, or relevant cloud security certifications (AWS/Azure).

• Proven experience in designing and delivering cyber security architecture, ideally within Central Government or regulated environments.
• Hands-on knowledge of securing developer endpoints, including Linux/MacOS/Windows environments.
• Experience in designing secure architectures for CI/CD and DevOps pipelines (e.g., GitHub, GitLab, Azure DevOps, Jenkins).
• Understanding of endpoint detection & response (EDR), SIEM, MDM, and policy enforcement tools.
• Familiarity with GDS, NCSC Cloud Security Principles, and Government Security Classifications.
• Ability to communicate complex security risks clearly to technical and non-technical stakeholders.
• Experience with Zero Trust models and secure identity architectures (e.g., device-based trust, MFA, certificate-based authentication).
• Active Security Clearance (SC) to be transferred to Zero Plus Ltd., * Experience in delivering secure services during organisational change or restructures (e.g., MoG events).
• Familiarity with Intune, Workspace One, Jamf, CrowdStrike, or other endpoint management and security tools.
• Experience in Agile and DevSecOps methodologies within a government or large enterprise context.

• 25 days paid leave plus public holidays (increasing to a maximum of 30 days).
• Company Pension scheme
• Medical insurance
• Discretionary company bonus
• Annual allowance of up to £3,000 for relevant professional training and certifications.