Security Architect

We want to maximise the potential of everyone who chooses to work for us. We offer a great work life balance. You have the opportunity to work at any of our brand-new Regional Centres and to also work remotely. Contracts vary in length dependent upon the project with the possibility to extend.

Your time spent with us short or long term will be invaluable - your skills and expertise are needed to deliver the largest digital and transformation projects in Government. There really couldn’t be a better time to join HMRC for your new contract opportunity!

Hybrid Working from one of our Regional Centres

SC Clearance required

In addition to the below, we are specifically looking for someone that fits the following:

The Security Architect will provide technical expertise to HMG departments in the secure design, implementation, and optimisation of Microsoft Security solutions. This role requires knowledge of Microsoft Security domains, including Sentinel, Defender, Purview, and Entra ID.

Responsibilities:

• Advise on best practices for the design and implementation of Microsoft Security solutions.
• Assist HMG departments in maximising their Microsoft Security investments by reviewing proposed solution designs and existing deployments to identify and recommend improvements.
• Act as a Subject Matter Expert (SME) for the Microsoft Security stack, offering technical guidance to client organisations on adopting and managing Microsoft Security solutions.

Skills:

• Microsoft Defender XDR, Defender for Endpoint, Defender for Cloud Apps, Defender for Office 365, Defender for Identity, Defender for Cloud.
• Microsoft Sentinel SIEM.
• Microsoft Purview, including Information Protection, Data Loss Prevention, Data Lifecycle Management, Records Management, and Insider Risk Management.
• Entra ID, including Conditional Access, Identity Protection, and Privileged Identity Governance.

Preferred Certifications: SC-100, SC-200, SC-300, SC-400

If you haven't got this experience please do not apply.

The Team

The Government Security Centre for Cyber (Cyber GSeC) is hosted by HMRC and provides consultancy and advice services across government to improve cyber security posture across HMG. We work directly in support of the Government Cyber Security Strategy (GCSS).

The Cyber GSeC sits within HMRC Security, which is part of the Chief Digital and Information Officer (CDIO) area of HMRC. Though the GSeC sits within these functions, it is a distinct entity that is separate from the day-to-day HMRC security function.

The Cyber GSeC is split into two teams: Operations and Enabling Capabilities. The Operations team provides support and expertise to organisations to enhance their Cyber Security capabilities improving their ability to meet the evolving cyber security threats facing HMG. The Enabling Capabilities team provides support to the Operations team; as well as undertaking the governance, communications, and business management requirements.

The Role

As a Cyber Security Professional/Security Architect leading service delivery within Cyber GSeC, you will play a key role in improving the cyber security posture of His Majesty’s Government. Championing the outcomes of the Government Cyber Security Strategy you will oversee the design, implementation, uptake, and continued improvement of Cyber Security best practice and Cyber GSeC services that provide tangible improvement to the cyber security of Lead Government Departments and their underlying ALBs. You may also be required to contribute to other outcomes of HMRC’s Cyber Security Technical Services function.

You will be assigned to one of our technical services, delivering against dedicated milestones. You will be confident in your ability to engage at senior levels across the UK security community and will be expected to be involved in our engagement with a wide range of key stakeholders that may include the Government Security Group (GSG), National Cyber Security Centre (NCSC) and the Central Digital and Data Office (CDDO).

The core element of the Cyber Security Professional/Security Architect role will be to provide targeted, expert and risk-based technical security advice and guidance across the breadth of HM Government. The successful candidate will be able to evidence their technical skills and experience in cyber security fields relevant to the services we deliver.

Responsibilities can include:

• Delivering outcomes against one of our service lines in support of the Government Cyber Security Strategy (GCSS).
• The development, implementation, delivery, and continuous improvement of Cyber GSeC advice and guidance services across circa 400 government organisations, ensuring alignment to relevant cyber security standards and architectural requirements.
• Selecting suitable security techniques, tools, and test strategies to confirm compliance with relevant HMG security standards, providing suggested remediation actions.
• Leading the development of Security Principles, Policies and Technical Standards aligned to business context and risk appetites and curating communication campaigns for a wide range of stakeholders to encourage an improved cyber security stance and the uptake of Cyber GSeC services.
• Supporting the delivery of balanced and efficient cyber security risk management decisions, identifying vulnerabilities and resolutions in sophisticated technical environments.
• Recognising when security measures impact on users or business needs, providing targeted and expert advice to inform business decision making, and handle partner concerns.
• Identifying, raising, and advancing cyber risks in keeping with HMG risk appetite and delivering effective cyber services from our catalogue, while supporting Secure by Design and the security lifecycle.
• Research, identify, validate, and lead the adoption of new technologies and methodologies and engage with and contribute to a wider security technology and tooling strategy providing direction to the organisation and HMG.

Essential Criteria

At application and interview, you must demonstrate intensive experience of:

• Minimum 3-5 years’ experience working as a Cyber Security Professional or Security Architect

• Demonstrate intensive senior stakeholder management across partner organisations, clients, and suppliers, using strong communication skills to communicate effectively at all levels to technical and non-technical audiences.
• Security and privacy risks and associated threats with a solid understanding of key considerations such as confidentiality, integrity, availability, non-repudiation, and privacy.
• Successful delivery of security aspects of major projects, demonstrating professional credibility and authority.
• Crafting and conveying information security and risk management guidance aligned to corporate risk appetite across several enterprises.
• Working with leading standards such as NIST, ISO, CIS, and Cyber Essentials
• Intensive experience consulting on security assurance and conducting audits

Please ensure your CV clearly demonstrates how you meet this essential criteria

Desirable Qualifications

It is desirable that candidates hold some relevant qualifications.

Relevant IT Security qualifications include (but are not limited to):

• NCSC Certified Cyber Professional (CCP)
• Certified Information System Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Security Manager (CISM)

Please note that SC Clearance is required for this position.

Our Values

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact your designated recruiter to request accommodation.