Lead Security Architect
Permanent
Up to £108,000 per annum + a fantastic benefits package
Remote
Digital Skills are working with a data-focused tech company that builds and provides tools and services to a range of end clients. The company specializes in designing, building, and continuously improving data-enabling products. We are currently recruiting for a Lead Security Architect, a recognised subject matter expert in security, risk management, and compliance, with demonstrable experience in highly regulated industries, specifically UK Government and/or Defence.
Role Overview
As a Lead Security Architect, you will build effective working relationships with delivery team members and customers and operate independently as a security lead across multiple projects and platforms. You will provide security expertise and drive outcomes, ensuring the security and assurance of complex, cloud-centric data and digital services across the entire lifecycle (strategy, design, implementation, and operations).
Key Responsibilities
* Lead security and assurance efforts for highly complex, cloud-centric digital services, ensuring compliance with HMG security architecture and assurance standards.
* Provide specialist advice on security architecture for public cloud environments (AWS, Azure, GCP).
* Define and manage external security testing (ITHC, penetration testing) for cloud-native platforms (Docker, Kubernetes, etc.) and SaaS solutions.
* Formulate HMG Information Assurance Risk Assessments and Risk Treatment Plans.
* Establish security requirements for cloud-based solutions based on industry standards (ISO 27000 series, NIST, CSF, CSA).
* Identify and implement appropriate security controls aligned with industry standards (e.g., CCM) to mitigate cloud-native threats.
* Provide oversight and guidance on government security policies and procedures.
* Continuously evaluate new cloud security threats and their impact on business and IT environments.
* Ensure architecture principles, technologies, and security best practices are correctly implemented across all platforms.
Core Competencies & Skills
Domain Expertise:
* Extensive experience in public cloud security architecture (AWS/Azure/GCP) and hybrid cloud environments.
* Deep understanding of cloud security concepts, technologies, and best practices for IaaS, PaaS, SaaS, and serverless architectures.
* Expertise in Information Security and Privacy Standards (ISO 27000 series, NIST 800-53, CIS, GDPR).
* Experience leading security working groups and managing external security testing (ITHC, penetration testing) at high HMG classification levels (OFFICIAL required, SECRET desirable).
Secure Systems & Tooling Design:
* Experience working directly with engineering teams to design and review secure architectures.
* Proficiency in DevOps, DevSecOps, Infrastructure as Code, and Security as Code (Docker, Git, Terraform).
* Managing technical security assessments, vulnerability analysis, and penetration testing.
Risk Management & Compliance:
* Ability to assess, advise on, and manage high-impact security risks.
* Strong knowledge of risk assessment methodologies (ISO 27005, NIST).
* Understanding of security implications across different platforms and ability to implement risk-based security controls.
Communication & Stakeholder Management:
* Ability to translate complex security risks and technical concepts into clear guidance for both technical and non-technical stakeholders.
* Experience working with C-level executives, delivery teams, and external customers to drive security best practices.
* Ability to influence and gain consensus on security decisions within multi-stakeholder environments.
If this role seems like the right fit for you, please don't hesitate to apply.