Security Architect

Security Arcitect
Location: Bristol, UK
Clearance Required: Must be eligible for SC Clearance

Are you passionate about safeguarding advanced products and systems from ever-evolving security threats? We are seeking a highly skilled Security Architect to join our cutting-edge team in Bristol. In this role, you'll be instrumental in securing the software development lifecycle for complex systems within the defence and national security domain.

This position is critical to ensuring our products meet the highest standards of security by design. The successful candidate will be expected to bring deep, hands-on experience with NIST cybersecurity standards-this is essential-as well as a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1. If you're an experienced professional with strong capabilities in threat modelling, risk assessment, and secure systems architecture, we want to hear from you.

Role Responsibilities:

Integrate security controls throughout the product development lifecycle

Conduct detailed threat modelling and risk assessments using recognised tools

Lead the implementation of risk management strategies based on industry best practices (NIST, ISO)

Work closely with development teams to ensure secure-by-design principles are followed

Identify and propose mitigations for security vulnerabilities in solution architectures

Maintain and evolve internal security policies, documentation, and awareness training

Support incident response efforts and coordinate remediation actions where needed

Serve as a subject matter expert on product and application security to internal stakeholders

Key Requirements:

Extensive experience applying NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable

Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential

Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees)

Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/09

Ability to identify, assess and mitigate risks across software and hardware product ecosystems

Strong written and verbal communication skills, including the ability to convey risk to non-technical audiences

Ideal Candidate Traits:

Analytical thinker with strong problem-solving skills

Detail-oriented with excellent planning and organisational abilities

Resilient, proactive, and capable of driving initiatives forward independently

A team player with the ability to influence at all levels of the organisation

Eligible for SC clearance and able to work in the UK without restrictions