Enterprise Security Architect (Principal Cyber Security Professional)

HM Revenue & Customs
Newcastle upon Tyne, United Kingdom
19 days ago

Role details

Contract type
Permanent contract
Employment type
Part-time / full-time
Working hours
Shift work
Languages
English, Welsh
Compensation
£ 88K

Job location

Remote
Newcastle upon Tyne, United Kingdom

Tech stack

Wireless LAN
Amazon Web Services (AWS)
Proxy Servers
Authentication Protocols
Azure
Software as a Service
Computer Security
Databases
Data as a Services
Information Leak Prevention
Software Design Patterns
DNS
Infrastructure as a Service (IaaS)
Identity and Access Management
Virtual Private Networks (VPN)
Key Management
Microsoft Security Essentials
Microsoft Software
Online Service Provider
Open Web Application Security
Platform as a Service (PAAS)
Systems Development Life Cycle
Role-Based Access Control
Phishing
Zero Trust Network Access
Sherwood Applied Business Security Architecture
Security Information and Event Management
Software Vulnerability Management
Wide Area Networks
In-Plane Switching (IPS)
Software Security
HybridCloud
Firewalls (Computer Science)
Togaf
Cybercrime
Data Analytics
Ddos
Network Server
Security Orchestration, Automation & Response
Static Application Security Testing
Dynamic Application Security Testing

Job description

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

HMRC is recruiting Enterprise Security Architects (Principal Cybersecurity Professional) to shape and govern the security architecture, technology strategy and tooling that underpin one of the most complex digital estates in Europe.

You will operate at enterprise scale, influencing security strategy and technical direction across HMRC and wider government, supporting a multi-billion-pound transformation spanning hybrid cloud platforms.

This role sits within Security Consultancy Services (SCS) — a centre of excellence providing risk-based security architecture, assurance, and technical leadership across HMRC and HMG including participation in diverse groups such as women in tech.

We are committed to building a diverse and inclusive security architecture capability.

We actively encourage applications from women and underrepresented groups in cyber security and architecture.

We value different perspectives — they make our designs stronger, our decisions better and our organisation more resilient., As an Enterprise Security Architect, you will provide strategic security architecture leadership across HMRC’s technology landscape.

You will define enterprise-wide security principles, reference architectures, roadmaps, patterns and tooling strategies; guide secure design and delivery across products and platforms; and provide authoritative, risk-based advice to senior business and technical stakeholders.

You will work closely with stakeholders from business, architecture, engineering and delivery teams to ensure security is embedded through the full lifecycle — from strategy and design through to implementation and operation. You will also represent HMRC across cross-government security and architecture communities and contribute to developing capability across the profession., * Enterprise Security Technology Strategy: Define and govern enterprise security architecture aligned to Zero Trust principles, HMRC standards and cross-government policy. Your visionary leadership will not only shape the security landscape within HMRC but also set a benchmark for best practice across the UK Government landscape.

  • Architecture & Design Authority: Produce and maintain security reference architectures, principles, design patterns, baselines, roadmaps, and technical standards. Provide a leadership and influencing role at technical governance boards.
  • Technology Direction & Tooling: Shape security technology strategy and tooling roadmaps, informed by threat intelligence, vendor capability and business risk.
  • Risk-Based Security Leadership: Provide authoritative security advice enabling secure delivery of products, platforms, and services across complex environments.
  • Lifecycle Governance: Govern security architecture and control implementation across the full delivery lifecycle, ensuring consistency and compliance.
  • Stakeholder & Cross-Government Engagement: Engage senior business, technical, vendor, and government stakeholders; represent HMRC at governance forums and communities of practice.
  • Capability Development: Coach, mentor, and develop security architecture capability across SCS and the wider organisation.
  • Innovation & Continuous Improvement: Evaluate emerging technologies, patterns, and methodologies to evolve HMRC’s security architecture and operating model., If you have an HMRC online account already, sign straight in using your ID and password. If not, you can prove your identity by answering some questions or providing your photo ID.

You’ll then be able to access the app quickly and easily by signing in using a 6-digit PIN, your fingerprint or facial recognition.

You can find guidance for technical issues on GOV.UK: Technical support with HMRC online services.

Reserve List

A reserve list may be held for up to 6 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Criminal Record Check

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Hybrid working at HMRC

HMRC is an office-based organisation, and colleagues are expected to spend 60% of their working time in the office. Our offices provide opportunity for interaction, collaboration which aids learning and development and a sense of community. Where the role allows it, and where the home environment is suitable, colleagues can work from home for up to 2 days a week, averaged over a calendar month (or a proportionate amount of time for colleagues who work less than full time).

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate., HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

For more Information for people applying for, or thinking of applying for, roles at HM Revenue and Customs, please see link: Working for HMRC: information for applicants - GOV.UK. Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter . People working with government assets must complete baseline personnel security standard (opens in new window) checks., * UK nationals

  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Requirements

Do you have experience in VPN?, We’re looking for a principal security architect with significant experience operating at enterprise scale, demonstrating:

Security Architecture & Strategy

  • Proven experience defining and governing enterprise security architecture, including principles, reference architectures, technical standards, security patterns and roadmaps.
  • Strong grounding in risk-based security design, including confidentiality, integrity, availability, resilience, privacy, and non-functional requirements.

Frameworks & Methodologies

  • Practical experience applying TOGAF and SABSA in complex organisations.
  • Strong knowledge of industry security frameworks, including NIST CSF 2.0 and the ISO 27000 series.

Technical Security Expertise

  • Deep, expertise and strategy setting across at least two of the following security domains: (We recognise that no candidate will meet every requirement, If you bring strong experience in some of these areas and the ability to learn and adapt, we encourage you to apply)
  • (Expertise in PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models and modern authentication protocols)
  • Proficient in designing segmentation, securing WLAN, LAN, WAN, SDWAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust
  • Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security
  • Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities
  • Expertise in incident response, vulnerability management, SIEM, SOAR, threat modelling, threat hunting, intelligence, data analytics, and anti-phishing methodologies including use of AI Security tooling.
  • Experience with endpoint security control technologies (EDR, EPP, UEBA, baseline configurations) including the Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, and DAAS.
  • Expertise in developing reference architectures for cross-hybrid cloud platforms (AWS, Azure – IaaS, PaaS, SaaS, FaaS) and new platform tools like CASB, CSPM, CWPP, and containerization security.

Enterprise Delivery & Influence

  • Experience providing authoritative security leadership across large programmes, products, or platforms and leading security effectively through agile governance.
  • Proven ability to engage, influence, and advise senior technical and business stakeholders, translating technical risk into clear, actionable decisions.
  • Experience shaping and governing security controls and outcomes across multi-supplier and multi-team environments.
  • Effective engagement across diverse stakeholder groups, sharing knowledge, guidance and mentoring colleagues whilst managing complex change.

Desirable Criteria

  • Recognised professional certifications (e.g. CISSP, CCSP, CRISC, NIST, ISO 27001).
  • Vendor certifications (e.g. Microsoft Security, AWS Security).
  • Chartered membership of a recognised cyber security professional body., During the panel interview, you will be asked Experience-based questions to explore your skills, abilities and relevant experience for the role. A Technical scenario based on technical security knowledge and qualifications will be required, with follow-up questions from the panel. Details of this technical skill scenario will be given prior to the Interview and communicated via email if you reach this stage., Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

Benefits & conditions

Pulled from the full job description

  • Company pension
  • Work from home, Alongside your salary of £71,725, HM Revenue and Customs contributes £20,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides .

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

  • Pension - We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
  • Family friendly policies.
  • Personal support.
  • Coaching and development.

About the company

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of the Recruitment Principles. In the first instance, you should raise the matter directly via ubsrecruitmentcomplaints@hmrc.gov.uk. Please note that we do not accept complaints or appeals regarding scoring of outcomes of campaigns, unless candidates can provide clear evidence that the campaign did not follow the Recruitment Principles. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their website.

Apply for this position