Senior and Principal Security Architects
£50-£90 per hour (Dependent on experience and level) - Inside IR35
12 month contracts
Hybrid - 2/3 days a week on site - Warton (PR4)
**Applicants must have the right to work in the UK**
**Successful applicants must be eligible for SC/DV clearance**
Role Purpose / Overview
Highly experienced security architects with strong technical credentials across enterprise, cloud, network and classified environments. Responsible for designing end-to-end secure architectures (HLD/LLD), leading Design Authorities and Technical Design Authorities, and providing architectural assurance across multi-supplier programmes up to TOP SECRET / Above Secret classifications. Ensures Secure-by-Design principles are embedded from the outset across all programmes.
Key Outcomes
Security is consistently embedded into system design across all programmes
Architectural decisions align with Secure-by-Design principles from the outset
Complex, multi-partner and classified environments are designed securely and coherently
Identity, cross-domain and data protection controls are defined at the architecture level
Design Authority interactions are informed, structured and technically robust
Key Responsibilities
Design end-to-end secure architectures (HLD/LLD)
Lead Design Authorities and Technical Design Authorities
Ensure security is consistently embedded into system design across all programmes
Align architectural decisions with Secure-by-Design principles from the outset
Define identity, cross-domain and data protection controls at the architecture level
Enable structured, technically robust Design Authority interactions
Provide architectural assurance across complex, multi-partner and classified environments
Technical Skills & Experience, a good mix of some or all of the following:
Secure-by-Design (MOD SbD / NIST 800-53r5 / NIST CSF / CIS CSC v8.1) - design, maturity tracking and assurance across full programme lifecycles
Enterprise & Cloud Security Architecture - AWS, Azure, GCP, Oracle Cloud (multi-cloud landing zones, hybrid identity, secure migration patterns)
Classified Platform Design - OFFICIAL, OFFICIAL-SENSITIVE, SECRET and ABOVE SECRET environments, ROSA, Garrison, Citadel, VCF, Cross-Domain Solutions
Zero Trust, IDAM & PKI - conditional access, hybrid identity, cryptography, HSMs, IAM, RBAC, OIDC, federation
Threat Modelling - STRIDE / STRIDE-LM, attack-surface analysis, trust boundary modelling, design reviews
Network & Boundary Security - Checkpoint, Palo Alto, Fortinet, Cisco, Juniper, F5, Zscaler, NSX-T, SD-WAN, encrypted WAN, DMZ, NAC
ServiceNow & M365 Architecture - ITSM, ITOM, CSM, EAM, SharePoint Online, Purview, Entra, Sentinel, Defender, Power Platform, CoPilot
Container & DevSecOps - Kubernetes (EKS, Tanzu), Terraform, Ansible, CI/CD security, image scanning, container hardening
Architecture Frameworks - TOGAF, ArchiMate, SABSA, Zachman, MODAF, JSP standards, NCSC architectural patterns
HLD / LLD authoring, Security Patterns, Reference Architectures, Bill of Materials, Crypto Plans and JSP-compliant documentation
Design Authority leadership, Technical Security Boards, Gateway Reviews, multi-supplier governance
Qualifications & Certifications
CISSP (multiple holders), CISM, CCSP, OSCP, CEH
TOGAF 9 / TOGAF 9.2, SABSA Foundation, Zachman, ITIL v3/v4
AWS Security Specialty, AWS Solutions Architect, AWS DevOps Pro, AWS Advanced Networking
Azure Security Specialist (AZ-500), Azure Solutions Architect (AZ-303/304), Microsoft MCSE
CCIE (#38006), CCNP, CCDP, VCP, VCAP-NV, VCP-NV, Check Point CCSE/CCSA, PCNSE
ISO 27001 Lead Auditor, ISO 27005
Prince2 Practitioner, MSP, Chartered Engineer (IET), MBCS CITP
Government Clearances: SC, DV (active and historic), Five Eyes engagement