Cyber Security Architect

We are seeking an experienced Cyber Security Architect with a proven track record of implementing Secure by Design across complex portfolios, programmes, and digital transformation environments. This role is critical in shaping secure architectures, embedding effective security controls, driving compliance, and safeguarding systems across UK Public Sector and MOD‑aligned engagements.

You will lead the design and governance of security architecture solutions, working closely with customer architecture teams, engineering functions, and project delivery teams to ensure adherence to security policies, regulatory requirements, and frameworks including NIST 800‑53, NCSC principles, and ISO 27001

Please note that this role will be based from our Newcastle site with some travel to client sites required.

Key Responsibilities

Secure by Design Leadership

Lead the design and implementation of Secure by Design across a wide portfolio within a wide account structure.

Ensure security is embedded from planning and architectural phases through design, build, testing, and implementation.

Define, validate, and maintain technical security controls to support secure delivery across IT & Digital systems.

Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed.

Security Architecture & Design

Architect end‑to‑end security solutions that protect confidentiality, integrity, and availability of systems.

Review and approve solution designs, network connectivity, cloud services, and application architectures.

Produce security artefacts including Solution Blueprints, HLDs, LLDs, threat models and system security plans. Support risk assessments.

Collaborate with wider architecture teams to influence shared security architectures and support UK compliance needs.

Assessments, Assurance & Compliance

Lead gap analyses against NIST 800‑53 and develop mappings from existing controls to compliance requirements.

Ensure project designs conform to relevant standards (e.g., NCSC CAF, ISO 27001, NIST, JSP 440, TSA).

Support regulatory, accreditation, and assurance processes for MOD and Public Sector clients.

Technical Leadership & Consultancy

Provide security consultancy to cross‑functional teams, senior stakeholders, and external clients.

Support incident investigation and post‑event analysis, documenting findings and recommending mitigations.

Guide engineering teams in implementing secure controls, secure coding, and DevSecOps practices.

Collaboration & Stakeholder Engagement

Work closely with MOD, public sector, and defence stakeholders to deliver tailored security solutions aligned to their risk posture.

Represent Cyber Security in design authorities, steering meetings, and governance forums.

Maintain trusted relationships through expert advice, transparency, and proactive risk management.

Leadership, Coaching & Knowledge Sharing

Mentor junior consultants, technical specialists, stakeholders and program across multiple business units.

Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice.

Promote a culture of continuous security improvement.

Essential

Skills, Experience & Qualifications

Must be eligible to achieve UK security clearance

Extensive experience as a Security Architect in UK Public Sector, MOD, or Defence environments.

Proven delivery of Secure by Design across complex, multi‑disciplinary portfolios.

Strong working knowledge of security frameworks including NIST 800‑53, ISO 27001, NCSC CAF, SABSA, TOGAF.

Deep understanding of secure cloud, network, application, and data architecture.

Expertise in risk assessment, security control design, threat modelling, and architectural governance.

Ability to review, challenge, and approve designs in line with internal and external security policies.

Strong collaboration skills with technical and non-technical stakeholders.

Highly skilled in producing clear, concise, decision‑focused reporting for senior stakeholders.

Experience working with Agile, DevOps, and multi‑disciplinary delivery teams.

Excellent stakeholder management and communication skills.

Experience in digital services, cloud-native platforms, and enterprise-scale architecture.

Experience in Secure by Design frameworks used within Defence and Government.

Knowledge of MOD security governance, assurance, and accreditation processes.

Familiarity with defence industry requirements such as DCPP, DEFCONs, and MOD accreditation processes.

Professional certifications such as CISSP, CISM, SABSA, TOGAF, CCSP.

What You Will Deliver

Secure by Design Discovery Reports

Security Architecture Artefacts, including:

Solution Blueprints

High‑Level Designs (HLDs)

Low‑Level Designs (LLDs)

Security Patterns & Control Sets

Threat Modelling Outputs, such as STRIDE models and Attack Trees

Security Control Mappings, including NIST 800‑53 gap analysis results

System Security Plans (SSPs)

Governance & Design Authority Documentation

Stakeholder Briefings & Decision‑Support Packs

Support with delivery of (in conjunction with a Cyber Risk Advisor)