Lead Security Architect

As a Lead Security Architect, you will directly secure architecture across a portfolio worth hundreds of millions of pounds. Working with product owners, delivery managers and enterprise architects, you will ensure every new or changed service conforms to Home Office and NCSC standards while enabling rapid, user-centred delivery.

• Directly secure architecture across a portfolio worth hundreds of millions of pounds, ensuring alignment with Home Office and NCSC standards while enabling rapid, user-centred delivery.
• Analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring.
• Model risks with frameworks such as ISO27005, NIST, or STRIDE, and rationalise design choices to technical and non-technical audiences and document them for reuse.
• Champion “secure by default” in agile pipelines embedding IaC scanning, SAST/DAST, SBOM and cloud native guardrails so security becomes a quality attribute owned by delivery teams.
• Through communities of practice and one-to-one coaching, nurture architects and engineers, acting as escalation point for complex design decisions.
• Cultivate relationships with external suppliers, government peers and industry forums to import good practice and influence future standards, ensuring Home Office services remain resilient, cost-effective and compliant.

• Experience leading security architecture across large portfolios and ensuring compliance with government standards (Home Office, NCSC).
• Knowledge of threat modelling and risk management techniques, including frameworks such as ISO27005, NIST, and STRIDE.
• Experience integrating security into agile delivery, including IaC scanning, SAST/DAST, SBOM creation/composition, and cloud-native guardrails.
• Ability to communicate complex security concepts to technical and non-technical audiences and document patterns for reuse.
• Experience mentoring and coaching architects and engineers, and building relationships with external suppliers, government peers and industry forums.