Join to apply for the Lead Security Architect role at UK Home Office.
Join the Home Office as a Lead Security Architect and shape secure‑by‑design delivery for mission‑critical services that protect the UK. You’ll lead security architecture across a major portfolio, working with senior stakeholders to translate business goals and threat intelligence into practical, proportionate controls.
You’ll define and govern security patterns for cloud, DevSecOps, IoT and zero‑trust, ensuring services meet Home Office and NCSC standards while enabling fast, user‑centred delivery. You’ll model risks, guide design decisions, and turn complex challenges into clear, actionable solutions.
As a technical leader, you’ll mentor Architects, support delivery teams in embedding secure‑by‑default practices, and influence suppliers and cross‑government communities to drive best practice. If you combine deep technical expertise with impactful communication and want to make a tangible difference to services used by millions, this role offers a unique opportunity.
What you will do
* Set portfolio‑level vision & patterns in line with Principal Security Architect strategy, translating them into reusable templates and guardrails.
* Lead architecture reviews for high‑risk projects, providing actionable recommendations and tracking remediation through to closure.
* Perform and interpret threat modelling / pentest results, converting findings into road‑mapped improvements and measurable risk reductions.
* Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless), balancing usability, cost and compliance.
* Mentor and quality‑assure security architects’ work, fostering a culture of continuous learning and knowledge sharing.
* Engage senior stakeholders across technology, policy and operations, presenting security trade‑offs in business terms and gaining consensus.
* Scan the horizon for emerging threats, tooling and regulatory change, recommending timely adoption or mitigation strategies.
* Oversee vendor and SaaS evaluations, ensuring contracts include appropriate security clauses and ongoing assurance.
What you will bring
* Secure system design leadership; demonstrable track record creating or validating architectures for large‑scale, high‑risk services using recognised frameworks (SABSA, TOGAF, NCSC).
* Risk‑based decision making; expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost‑effective controls.
* Technical depth; hands‑on knowledge of cloud security, IAM, container & API security, network segmentation, encryption and DevSecOps toolchains; capable of explaining exploitability of complex vulnerabilities.
* Pentesting & threat modelling; scoping, overseeing and translating results into enforceable patterns and backlog items.
* Influential communication; demonstrate ability to engage C‑suite and delivery squads alike, adapting style to gain agreement and drive secure‑by‑design culture.
* Mentoring & governance; experience line‑managing or coaching security architects/engineers and running architecture assurance or design review boards.
Additional Information
Your CV and Personal Statement will both be assessed. Your Personal Statement should clearly evidence your experience against the essential skills, using the STAR method (Situation, Task, Action, Result). Make full use of the word count to create a comprehensive and compelling application. STAR.
Please note: 3+ years UK residency is required to be eligible for SC Clearance and unfortunately we cannot offer sponsorship.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology, Strategy/Planning, and Engineering
Industries
Government Administration
#J-18808-Ljbffr