Lead Security Architect

Lead Security Architect

The Opportunity

Albany Beck is partnering with a global Investment Bank to deliver a critical Protocol Analysis & Remediation programme. We’re looking for a Lead Security Architect with deep technical expertise and a strategic mindset to drive the design and implementation of security controls focused on reducing the risk of attackers moving undetected between systems within the organisation’s network

This is a hands-on architecture role where you'll lead discovery, design, and implementation efforts, playing a vital role in reducing risk and progressing toward a Zero Trust framework.

Key Responsibilities

• Lead the development of robust security architectures to detect, prevent and contain lateral movement between endpoints and workloads.
• Drive the discovery phase by analysing logs (via Azure Log Analytics) and auditing configurations to identify vulnerabilities and insecure protocols.
• Define and present security architecture designs and risk reduction recommendations to Cyber Security Architecture and Engineering teams for sign-off.
• Collaborate with Linux and Windows SMEs to implement secure configurations and protocol controls.
• Architect and enforce network segmentation and access control models.
• Conduct security assessments, provide remediation strategies, and guide stakeholders in secure design principles.
• Stay current on threats, attack vectors, and mitigation techniques to future-proof the organisation’s security posture.

Experience & Knowledge:

• 8+ years in Information Security with a strong architecture focus.
• Expert in lateral movement risks, network segmentation, and endpoint security.
• Deep familiarity with security frameworks: NIST, ISO 27001, Zero Trust.
• Extensive experience with Windows and Linux hardening.
• Skilled in protocol analysis, network architecture, and infrastructure design.

Technical Toolkit:

• Strong command of Azure Log Analytics, KQL, and Azure-based security tools.
• Scripting: Python, PowerShell, Shell.
• Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools.
• Strong grasp of Active Directory, Azure AD, and identity access governance.
• Familiarity with secure infrastructure platforms: SQL Server, Oracle, HA clustering.