Job Description:
We are seeking an experienced Cyber Security Architect with a proven track record of implementing Secure by Design across complex portfolios, programmes, and digital transformation environments. This role is critical in shaping secure architectures, embedding effective security controls, driving compliance, and safeguarding systems across UK Public Sector and MOD‑aligned engagements.
You will lead the design and governance of security architecture solutions, working closely with customer architecture teams, engineering functions, and project delivery teams to ensure adherence to security policies, regulatory requirements, and frameworks including NIST 800‑53, NCSC principles, and ISO 27001
Please note that this role will be based from our Newcastle site with some travel to client sites required.
Key Responsibilities
Secure by Design Leadership
* Lead the design and implementation of Secure by Design across a wide portfolio within a wide account structure.
* Ensure security is embedded from planning and architectural phases through design, build, testing, and implementation.
* Define, validate, and maintain technical security controls to support secure delivery across IT & Digital systems.
* Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed.
Security Architecture & Design
* Architect end‑to‑end security solutions that protect confidentiality, integrity, and availability of systems.
* Review and approve solution designs, network connectivity, cloud services, and application architectures.
* Produce security artefacts including Solution Blueprints, HLDs, LLDs, threat models and system security plans. Support risk assessments.
* Collaborate with wider architecture teams to influence shared security architectures and support UK compliance needs.
Assessments, Assurance & Compliance
* Lead gap analyses against NIST 800‑53 and develop mappings from existing controls to compliance requirements.
* Ensure project designs conform to relevant standards (e.g., NCSC CAF, ISO 27001, NIST, JSP 440, TSA).
* Support regulatory, accreditation, and assurance processes for MOD and Public Sector clients.
Technical Leadership & Consultancy
* Provide security consultancy to cross‑functional teams, senior stakeholders, and external clients.
* Support incident investigation and post‑event analysis, documenting findings and recommending mitigations.
* Guide engineering teams in implementing secure controls, secure coding, and DevSecOps practices.
Collaboration & Stakeholder Engagement
* Work closely with MOD, public sector, and defence stakeholders to deliver tailored security solutions aligned to their risk posture.
* Represent Cyber Security in design authorities, steering meetings, and governance forums.
* Maintain trusted relationships through expert advice, transparency, and proactive risk management.
Leadership, Coaching & Knowledge Sharing
* Mentor junior consultants, technical specialists, stakeholders and program across multiple business units.
* Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice.
* Promote a culture of continuous security improvement.
Skills, Experience & Qualifications
Essential
* Must be eligible to achieve UK security clearance
* Extensive experience as a Security Architect in UK Public Sector, MOD, or Defence environments.
* Proven delivery of Secure by Design across complex, multi‑disciplinary portfolios.
* Strong working knowledge of security frameworks including NIST 800‑53, ISO 27001, NCSC CAF, SABSA, TOGAF.
* Deep understanding of secure cloud, network, application, and data architecture.
* Expertise in risk assessment, security control design, threat modelling, and architectural governance.
* Ability to review, challenge, and approve designs in line with internal and external security policies.
* Strong collaboration skills with technical and non-technical stakeholders.
* Highly skilled in producing clear, concise, decision‑focused reporting for senior stakeholders.
* Experience working with Agile, DevOps, and multi‑disciplinary delivery teams.
* Excellent stakeholder management and communication skills.
* Experience in digital services, cloud-native platforms, and enterprise-scale architecture.
* Experience in Secure by Design frameworks used within Defence and Government.
* Knowledge of MOD security governance, assurance, and accreditation processes.
* Familiarity with defence industry requirements such as DCPP, DEFCONs, and MOD accreditation processes.
* Professional certifications such as CISSP, CISM, SABSA, TOGAF, CCSP.
What You Will Deliver
* Secure by Design Discovery Reports
* Security Architecture Artefacts, including:
o Solution Blueprints
o High‑Level Designs (HLDs)
o Low‑Level Designs (LLDs)
o Security Patterns & Control Sets
* Threat Modelling Outputs, such as STRIDE models and Attack Trees
* Security Control Mappings, including NIST 800‑53 gap analysis results
* System Security Plans (SSPs)
* Governance & Design Authority Documentation
* Stakeholder Briefings & Decision‑Support Packs
Support with delivery of (in conjunction with a Cyber Risk Advisor)
* Cybersecurity Risk Assessments (NIST 800‑30/37, ISO 27005)
* Risk Treatment & Remediation Plans with actions, ownership, and timelines
* Assurance & Compliance Evidence Packs
* Residual Risk Statements
* Security Assessment Reports (vulnerabilities, impacts, recommendations)
* Security Incident Analysis & Post‑Event Reports
* Secure by Design Compliance Documentation, including evidence of testing and mitigation closure
At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We're committed to fostering an inclusive environment where everyone can thrive.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.