Cybersecurity Architect (SC cleared)

Cybersecurity Architect

6 months

London - hybrid

Active SC clearance required

Inside ir35

We are seeking a Cybersecurity Architect to join our Data and Application Security team. Our Data Security services cover a wide range of areas, including Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), Data Access Governance (DAG), data-at-rest encryption, PKI (Public Key Infrastructure) key management, and Q-Safe services. On the Application Security side, we provide comprehensive coverage across white-box and Gray-box testing, as well as consulting services for DevSecOps engineering.

Key areas of expertise include:

DevSecOps: Strong focus on integrating security into the software development lifecycle, automating security practices into CI/CD pipelines, and ensuring seamless collaboration between security and development teams. Experience with automated SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) to identify vulnerabilities early and throughout development.
Application Security: Proficiency in application security testing, including white-box and gray-box testing methodologies. Strong experience in DevSecOps engineering, securing cloud-native and on-premises applications, and managing runtime protection.
Infrastructure as Code (IaC) Security: Expertise in securing IaC (Infrastructure as Code) configurations, ensuring secure provisioning, configuration management, and continuous monitoring of infrastructure.
Cloud-Native Application Protection Platform (CNAPP): Securing cloud-native applications, microservices, containers, and Kubernetes environments by identifying and mitigating vulnerabilities and misconfigurations across the application lifecycle.
Cloud Security Posture Management (CSPM): Utilizing CSPM tools to ensure proper configuration and compliance with security policies across cloud environments (AWS, Azure, GCP).
Workload Protection: Ensuring runtime security for applications, containers, and infrastructure, focusing on protecting workloads from vulnerabilities, threats, and attacks in both cloud and on-prem environments.
Data Security (DLP, CASB, DAG, PKI): Knowledge of Data Loss Prevention (DLP) solutions to prevent unauthorized data access or leakage, CASB for securing cloud applications, and Data Access Governance (DAG) for managing access to sensitive data. Proficiency in PKI architecture and key management, including the management of cryptographic keys, key ceremonies, and other related key management processes.
Data-at-Rest Encryption & Key Management: Expertise in implementing data-at-rest encryption strategies, ensuring the protection of stored data, and managing key management solutions for encryption keys throughout their lifecycle. Knowledge of Q-Safe for securing sensitive data and cryptographic key management.The ideal candidate will have:

Hands-on experience with DevSecOps tools and frameworks, integrating security into CI/CD pipelines and automated workflows.
Proficiency in cloud-native security tools and services (e.g., Prisma Cloud, Palo Alto, CNAPP, CSPM, IaC security).
Strong application security skills, including static and dynamic application testing, as well as real-time protection for cloud-based applications.
Master key ceremony experience, along with a deep understanding of PKI architecture, cryptographic key management, and best practices for secure key generation and lifecycle management.
Deep knowledge of data protection, encryption standards, Q-Safe, and PKI systems, ensuring compliance and governance across both application and data security