Lead Security Architect

A UK Government Security Check (SC) clearance is required for this role. If you don’t hold SC clearance, we will support you to apply assuming you have lived and worked in the UK for a minimum of 5 years. Due to the nature of the project it is also required you hold a British Citizenship or Dual Citizenship.

As an Aker Lead Security Architect, you will be a recognised subject matter expert in security, risk management and compliance with demonstratable experience in highly regulated industries, specifically UK Government and/or Defence.

You will build effective working relationships with delivery team members and Aker customers and operate without supervision as a security lead across multiple projects and platforms, with extensive latitude for independent judgment to drive the required outcomes for Aker and its customers.

You will:

• Lead client-specific security and assurance of highly complex, cloud-centric data and digital services across entire lifecycle (strategy, design, implementation and operations)
• Provide specialist advice and knowledge of HMG government security architecture and assurance to OFFICIAL and above classifications.
• Provide specialist advice and knowledge of Public Cloud (Azure, AWS, GCP) cloud-based security architectures.
• Define and lead external security testing (e.g ITHC) of solutions on the public cloud (Azure, AWS, GCP), cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions.
• Formulate HMG Information Assurance Risk Assessment and Risk Treatment Plans
• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series, NIST, CSF, and CSA
• Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threats.
• Provide oversight and guidance on government security procedures and processes.
• Continually evaluate new threats in the cloud, to identify the impact on IT and the business to develop and implement security controls.
• Provide direction, analysis and design facilitation to develop, maintain and govern a customer security architecture.
• Ensure that architecture principles, designs, technologies, methods and practices are properly executed.

Core Competencies

You will have a bachelor's or master's degree (or international equivalent) and 10+ years of relevant experience, and you can clearly demonstrate the following competencies.

• Domain expertise:
• Significant public cloud (AWS/Azure/GCP) and hybrid cloud security architecture experience across multiple domains: Cloud, Network, Infrastructure, Application, Data, IAM
• Cloud security concepts, technologies and best practices for delivering security across IaaS, PaaS, SaaS and Serverless architectures
• Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27k, NIST800-53, CIS, GDPR)
• Leading security working groups and external security testing (ITHC, Penetration Testing, etc) of cloud solutions at high HMG classification levels (OFFICIAL required, SECRET desirable) or equivalent in other industries

• Designing & delivering secure systems & tooling:
• Working directly with engineering teams to design and review system/data architectures through the development of patterns and principles
• Working within environments utilising DevOps, DevSecOps, SRE, CI/CD, Infrastructure & Security as Code (Docker, Git, Terraform)
• Managing technical assessments of security related technologies, vulnerability assessments and penetration tools and techniques
• Enabling & informing risk-based decisions:
• Working with higher impact or more complex risks, advising on the impact and whether this is within risk tolerance
• Understanding and articulate the impact of vulnerabilities and required controls and mitigations on existing and future designs and systems
• Communication with different stakeholders:
• Demonstrate a deep understanding of security concepts and can apply them to a technical level to guide engineering teams
• Effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders
• Manage delivery manager and stakeholder expectations and be flexible, adapting to stakeholder reactions to reach consensus