Lead Security Architect

As a Lead Security Architect, you will directly secure architecture across a portfolio worth hundreds of millions of pounds. Working with product owners, delivery managers and enterprise architects, you will ensure every new or changed service conforms to Home Office and NCSC standards while enabling rapid, user-centred delivery.

• Analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring.
• Model risks with frameworks such as ISO27005, NIST, or STRIDE, rationalising design choices to technical and non-technical audiences and documenting them for reuse.
• Champion “secure by default” in agile pipelines by embedding IaC scanning, SAST/DAST, SBOM and cloud native guardrails so security becomes a quality attribute owned by delivery teams.
• Through communities of practice and one-to-one coaching, nurture architects and engineers and act as an escalation point for complex design decisions.
• Cultivate relationships with external suppliers, government peers and industry forums to import good practice and influence future standards, ensuring Home Office services remain resilient, cost-effective and compliant.

• Experience securing architecture across a portfolio worth hundreds of millions of pounds.
• Familiarity with Home Office and NCSC standards and guidance.
• Knowledge of threat modelling and risk frameworks (e.g., ISO27005, NIST, STRIDE).
• Experience embedding security into agile pipelines, including IaC scanning, SAST/DAST, SBOM, and cloud-native guardrails.
• Ability to communicate design decisions to both technical and non-technical audiences and produce reusable reference materials.
• Strong collaboration and coaching skills, with experience building communities of practice.