Lead Security Architect
The Opportunity
Albany Beck is partnering with a global Investment Bank to deliver a critical Protocol Analysis & Remediation programme. We’re looking for a Lead Security Architect with deep technical expertise and a strategic mindset to drive the design and implementation of security controls focused on reducing the risk of attackers moving undetected between systems within the organisation’s network
This is a hands-on architecture role where you'll lead discovery, design, and implementation efforts, playing a vital role in reducing risk and progressing toward a Zero Trust framework.
Key Responsibilities
* Lead the development of robust security architectures to detect, prevent and contain lateral movement between endpoints and workloads.
* Drive the discovery phase by analysing logs (via Azure Log Analytics) and auditing configurations to identify vulnerabilities and insecure protocols.
* Define and present security architecture designs and risk reduction recommendations to Cyber Security Architecture and Engineering teams for sign-off.
* Collaborate with Linux and Windows SMEs to implement secure configurations and protocol controls.
* Architect and enforce network segmentation and access control models.
* Conduct security assessments, provide remediation strategies, and guide stakeholders in secure design principles.
* Stay current on threats, attack vectors, and mitigation techniques to future-proof the organisation’s security posture.
Experience & Knowledge:
* 8+ years in Information Security with a strong architecture focus.
* Expert in lateral movement risks, network segmentation, and endpoint security.
* Deep familiarity with security frameworks: NIST, ISO 27001, Zero Trust.
* Extensive experience with Windows and Linux hardening.
* Skilled in protocol analysis, network architecture, and infrastructure design.
Technical Toolkit:
* Strong command of Azure Log Analytics, KQL, and Azure-based security tools.
* Scripting: Python, PowerShell, Shell.
* Experience with IDS/IPS, firewalls, SIEMs, and vulnerability management tools.
* Strong grasp of Active Directory, Azure AD, and identity access governance.
* Familiarity with secure infrastructure platforms: SQL Server, Oracle, HA clustering.