SC Cleared Security Architect (Contract)
Start Date: ASAP
Duration: 12 Months
Day Rate: Competitive
IR35: Inside (PLEASE NOTE: Employer NI is paid for by the client)
Location: Remote (rare on-site visits to Luton)
Security Clearance: SC clearance is highly desirable
Summary: The ideal candidate will be an experienced and highly technical Security Architect with a hands on background and strong Information Assurance (IA) capability. The role spans a wide range of initiatives, including security for security based projects as well as security governance for business applications. A broad and deep technical knowledge base is essential, particularly in: Identity, Zero Trust, Azure, Network Security, and Application Security. The Security Architect must operate at pace and make risk informed decisions in complex delivery environments.
Key Responsibilities
* Security Architecture & Technical Leadership:
o Lead the design and assurance of security architectures supporting obsolescence remediation, including upgrades, platform replacements, migrations, and decommissioning.
o Provide hands on technical oversight for legacy on premise systems transitioning to cloud or hybrid architectures.
o Define secure target architectures aligned to enterprise standards, cloud best practices, and obsolescence strategies.
o Act as the senior security authority across multiple concurrent programmes.
o Produce reusable security design patterns, blueprints, and architectural artefacts.
* Information Assurance & Risk Management:
o Conduct risk assessments, threat modelling, and impact analysis for end of life or obsolete technologies.
o Identify residual risks and define pragmatic remediation or risk acceptance approaches aligned with organisational risk appetite.
o Ensure Information Assurance principles are embedded throughout design, implementation, and transition.
o Provide formal security sign off and assurance artefacts for governance forums.
* Cloud & Hybrid Security (Azure Focus):
o Define and validate security requirements for cloud platforms—particularly Microsoft Azure.
o Ensure secure-by-design principles across identity, networking, data, workloads, and platform services.
o Support migrations from traditional datacentre environments to Azure, ensuring continuity of security controls.
o Advise delivery teams on Azure-native security services and shared responsibility models.
* Security Controls & Tooling:
o Define and oversee implementation of controls across:
1. Identity & Access Management (IAM)
2. Network security & segmentation
3. Encryption & key management
4. Logging, monitoring & SIEM
5. Vulnerability and configuration management
o Lead tooling modernisation, prioritising Microsoft native tooling where appropriate.
o Ensure legacy controls are replaced, updated, or retired as part of remediation activity.
* Governance, Compliance & Collaboration:
o Ensure alignment with security standards and regulations (ISO 27001, NIST, GDPR) and internal policies.
o Work with infrastructure, cloud, application, and programme teams to embed secure-by-design principles.
o Support audits, compliance reviews, and regulatory assessments of transitioning systems.
o Produce high-quality documentation, architectural artefacts, and technical decision records.
o Experience in the UK Defence sector, including operation at OFFICIAL SENSITIVE classification levels.
o Strong understanding of UK GOV Secure by Design principles.
o Demonstrable ability to make timely, risk based decisions in complex delivery environments.
o Extensive experience as a Security Architect on large-scale modernisation or obsolescence programmes.
o Deep technical background across on-premise enterprise architectures: networks, servers, identity, legacy systems.
o Strong expertise transitioning organisations from on premise to public cloud (Azure).
Hands on Proficiency
* Cloud security architectures
* IAM
* Network and workload security
* Encryption & data protection
Additional Qualifications
* Strong Information Assurance experience in regulated and risk sensitive environments.
* Proven ability to work across multiple programmes simultaneously.
* Excellent communication, stakeholder engagement, and documentation skills.
Preferred Qualifications
* Certifications such as: CISSP, CCSP, SABSA, TOGAF, Azure Security certifications.
* Experience with Microsoft security tooling: Microsoft Defender, Sentinel, Entra ID, Azure Policy.
* Background in environments with significant legacy technical debt and time-critical remediation.
#J-18808-Ljbffr