94 Security Architect jobs in the United Kingdom

• Develop and maintain enterprise-wide security architectural standards, design patterns, and technical documentation.
• Continuously assess and recommend improvements to the global security architecture to enhance protection, manage risks, and optimise cost-effectiveness.
• Provide architectural oversight and consultation to project teams to ensure compliance with security standards and best practices.
• Design solutions that align security requirements with business objectives.
• Proactively identify architectural risks and recommend mitigation strategies.
• Lead evaluations of new security technologies, participate in proof-of-concept testing, and provide detailed assessments of proposed solutions.
• Foster collaboration with cross-functional teams to ensure security integration and architectural alignment.
• Partner with infrastructure, application, network, and business architects/engineers to ensure compliance with GCIS security standards and policies.
• Support security governance activities and contribute to risk mitigation initiatives.
• Occasionally assist with hands-on security configurations for commercial and internally developed systems.

• Bachelor’s or Master’s degree in Computer Science or related field.
• Industry certifications such as CISSP, CISA, or GIAC preferred.
• Certification in architecture frameworks (e.g., TOGAF) is advantageous.
• Minimum of 3 years of experience with at least one major cloud provider (Azure, AWS, or GCP).
• Over 5 years of experience in networking, firewalls, endpoint security, identity and access management, and data protection.
• In-depth understanding of cloud service models (IaaS, PaaS, SaaS).
• Hands-on experience with industry-leading security tools across network, data, application, and cloud domains.
• Solid understanding and practical experience with compliance and security frameworks such as NIST CSF, ISO 27001, CSA CCM, PCI-DSS, GDPR.
• Familiarity with enterprise architecture frameworks such as TOGAF.

• 5 to 10+ years of experience in cybersecurity.
• Demonstrated experience creating reference architectures, standards, and position papers.
• Proven track record of working within global, regulated environments.

• Self-starter with a strong customer service orientation.
• Quick to understand and interpret complex technical information.
• Excellent verbal and written communication skills; able to present to both technical and non-technical audiences.
• Resilient, flexible, and capable of managing multiple demands—both planned and
• Effective multitasker with strong project and time management abilities.
• Practical problem-solver with a focus on actionable, realistic solutions.

• Client Excellence - Understands client needs, manages conflict
• Innovation & Resourcefulness - Innovates, drives for results
• Teamwork & Interpersonal Skills - Communication, team collaboration
• Expertise - Business acumen, technical proficiency
• Integrity - Acts with integrity and builds trust
• Leadership - Vision, strategic thinking, change management, talent development

Job Title: IT Security Architect
Contract: Contract role
Location: Hybrid - Based in Plymouth or Exeter
Sector: Energy & Utilities

About the Role

We're working with a leading organisation at the heart of the UK's energy transition-powering the move toward a cleaner, greener future. They're currently seeking an experienced IT Security Architect to support a portfolio of critical digital and cloud transformation projects.

This is a hybrid contract role with on-site presence expected in Plymouth or Exeter . You'll play a key part in ensuring security is embedded across IT platforms, helping to safeguard systems that are essential to the UK's energy infrastructure.

What You'll Be Doing

• Define and own security architecture for key IT projects across cloud and on-premises environments.
• Provide security expertise and direction to delivery and engineering teams.
• Drive secure-by-design principles and ensure compliance with internal and industry security standards.
• Conduct 1st-line cyber risk assessments and supply chain assurance for third-party vendors.
• Review supplier contracts to ensure appropriate security clauses are embedded.
• Maintain clear documentation and reporting around risks, residual risk ownership, and audit readiness.
• Stay up to date with the evolving cyber threat landscape and implement appropriate security controls.

What We're Looking For

• Strong background in cyber security, with 7+ years of relevant experience.
• In-depth knowledge of cloud platforms such as AWS and Microsoft Azure, as well as Microsoft Entra ID and M365.
• Familiarity with frameworks such as NIST CSF, Cyber Assessment Framework (CAF), and NCSC Cloud Security Principles.
• Proven ability to influence stakeholders and support secure delivery in large, complex environments.
• Excellent communication skills and ability to collaborate with globally distributed teams.
• A degree in a relevant field, or equivalent practical experience.

Why This Role?

• Join a programme of work central to the UK's energy future.
• Shape cyber strategy and architecture across high-impact digital and cloud initiatives.
• Flexible hybrid working arrangements - based on either Plymouth or Exeter.
• A chance to work in a values-led, forward-thinking organisation focused on real-world impact.

Pontoon is an employment consultancy. We put expertise, energy, and enthusiasm into improving everyone's chance of being part of the workplace. We respect and appreciate people of all ethnicities, generations, religious beliefs, sexual orientations, gender identities, and more. We do this by showcasing their talents, skills, and unique experience in an inclusive environment that helps them thrive. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.

Security Architect

+6 months +

+Fully remote working

+Inside IR35

+650- 725 a day

+DV cleared role

Requirement

Contribute to the delivery of compelling technical cyber security consultancy including designing and delivering secure technical solutions for complex systems for varied clients including Government, CNI and commercial sectors.

Partnering with our clients at senior levels to conduct analysis of and deliver consultancy on the security posture of complex systems. This includes development of conceptual security solutions, logical architectures, security plans, policies & processes and providing advice on technology selection. To include security-related project delivery elements, from the detailed technical level to high-level enterprise views.

Work with other security experts (including IA consultants, accreditors, penetration testers, and threat intelligence/hunting & SOC analysts) to inform secure design that meets both relevant governance requirements and customer business & security outcomes.

Apply detailed knowledge of the current cyber threat landscape, technical vulnerabilities and attack methodologies to the design of complex systems and inform risk.

Key competencies

- Strong technical background in varied environments and platforms.

- Understanding of the advantages and disadvantages of different system designs, including operating systems and network topologies.

- Excellent understanding of the current cyber threat landscape, technical vulnerabilities and attack methodologies and how these affect the design of complex systems.

- Motivated by working in a collaborative environment, both within the delivery team and within clients technical, security and project teams.

Desirable

- Experience of working Information Assurance Frameworks, both Government and commercial (e.g. NCSC CAF, IS 1&2, 27001, NIST, CIS).

- Understanding of how cyber security affects business and operational outcomes.

- A current understanding of security architecture principles and good practice for cyber defence in government, defence, CNI and commercial markets.

++ DV clearance is essential for this role ++

If you'd like to discuss this role in more detail, please send your updated CV to (url removed) and I will get in touch.

Security Architect

+6 months +

+Fully remote working

+Inside IR35

+650- 725 a day

+SC cleared role

Requirement

Contribute to the delivery of compelling technical cyber security consultancy including designing and delivering secure technical solutions for complex systems for varied clients including Government, CNI and commercial sectors.

Partnering with our clients at senior levels to conduct analysis of and deliver consultancy on the security posture of complex systems. This includes development of conceptual security solutions, logical architectures, security plans, policies & processes and providing advice on technology selection. To include security-related project delivery elements, from the detailed technical level to high-level enterprise views.

Work with other security experts (including IA consultants, accreditors, penetration testers, and threat intelligence/hunting & SOC analysts) to inform secure design that meets both relevant governance requirements and customer business & security outcomes.

Apply detailed knowledge of the current cyber threat landscape, technical vulnerabilities and attack methodologies to the design of complex systems and inform risk.

Key competencies

- Strong technical background in varied environments and platforms.

- Understanding of the advantages and disadvantages of different system designs, including operating systems and network topologies.

- Excellent understanding of the current cyber threat landscape, technical vulnerabilities and attack methodologies and how these affect the design of complex systems.

- Motivated by working in a collaborative environment, both within the delivery team and within clients technical, security and project teams.

Desirable

- Experience of working Information Assurance Frameworks, both Government and commercial (e.g. NCSC CAF, IS 1&2, 27001, NIST, CIS).

- Understanding of how cyber security affects business and operational outcomes.

- A current understanding of security architecture principles and good practice for cyber defence in government, defence, CNI and commercial markets.

++ SC clearance is essential for this role ++

If you'd like to discuss this role in more detail, please send your updated CV to (url removed) and I will get in touch.

Security Architect

+6 months +

+Hybrid working in Corsham

+Inside IR35

+SC cleared role

Skills:

+MOD

+HLD / LLD

+ VMware Horizon, ESXi, vCentre, vSAN

+PKI

We are seeking an experienced Security Architect to support the design and assurance of secure, enterprise-grade solutions for a major MOD NSOIT programme. Working at the heart of the OpNET Solution Design Authority, you'll play a vital role in developing secure, interoperable, and compliant architectures for a complex, high-security environment.

• Provide expert security input into OpNET's technical roadmap and High-Level Designs (HLDs) for the NSOIT solution.

• Design Intermediate Level Designs (ILDs) that align to MOD policies and industry best practices.

• Review and assure Low-Level Designs (LLDs) and Detailed-Level Designs (DLDs).

• Identify system vulnerabilities and advise on mitigation strategies.

• Assess and review third-party services for security compliance.

• Define and document security elements within the architectural runway, guiding platform and cyber teams (e.g., logging, antivirus, cyber defence, firewall configuration).

• Proven experience delivering secure architecture within complex, large-scale government or defence programmes.

• Deep knowledge of:

  • Secure infrastructure and software solution design

  • MOD security standards and NCSC design patterns

  • Public and private cloud solutions using Software Defined Datacentre (SDDC)

  • Secure cryptographic provisioning, PKI, ADFS, proxy services

  • Defence Lines of Development and MOD Capability Integration

• Technical expertise across:

  • VMware Horizon, ESXi, vCentre, vSAN

  • Microsoft Server (Apply online only)), Windows 10, Exchange, SQL, Skype, Group Policy

  • Linux-based VDI solutions

• Experience with MOD service management tooling and ITIL

• Strong communication and analytical skills, with the ability to engage diverse technical and non-technical audiences.

• Security certifications and experience with accredited secure solutions in the UK Public Sector.

• Current SC clearance

If you'd like to discuss this Security Architect role in more detail, please send your updated CV to (url removed) and I will get in touch.

Security Architect

+6 months +

+Hybrid working in Corsham

+Inside IR35

+SC cleared role

Skills:

+MOD

+HLD / LLD

+ VMware Horizon, ESXi, vCentre, vSAN

+PKI

We are seeking an experienced Security Architect to support the design and assurance of secure, enterprise-grade solutions for a major MOD NSOIT programme. Working at the heart of the OpNET Solution Design Authority, you'll play a vital role in developing secure, interoperable, and compliant architectures for a complex, high-security environment.

• Provide expert security input into OpNET's technical roadmap and High-Level Designs (HLDs) for the NSOIT solution.

• Design Intermediate Level Designs (ILDs) that align to MOD policies and industry best practices.

• Review and assure Low-Level Designs (LLDs) and Detailed-Level Designs (DLDs).

• Identify system vulnerabilities and advise on mitigation strategies.

• Assess and review third-party services for security compliance.

• Define and document security elements within the architectural runway, guiding platform and cyber teams (e.g., logging, antivirus, cyber defence, firewall configuration).

• Proven experience delivering secure architecture within complex, large-scale government or defence programmes.

• Deep knowledge of:

  • Secure infrastructure and software solution design

  • MOD security standards and NCSC design patterns

  • Public and private cloud solutions using Software Defined Datacentre (SDDC)

  • Secure cryptographic provisioning, PKI, ADFS, proxy services

  • Defence Lines of Development and MOD Capability Integration

• Technical expertise across:

  • VMware Horizon, ESXi, vCentre, vSAN

  • Microsoft Server (Apply online only)), Windows 10, Exchange, SQL, Skype, Group Policy

  • Linux-based VDI solutions

• Experience with MOD service management tooling and ITIL

• Strong communication and analytical skills, with the ability to engage diverse technical and non-technical audiences.

• Security certifications and experience with accredited secure solutions in the UK Public Sector.

• Current SC clearance

If you'd like to discuss this Security Architect role in more detail, please send your updated CV to (url removed) and I will get in touch.

Security Architect – 12-Month Fixed-Term Contract
Location: Central Manchester (1 day a week on site)
Contract Type: Fixed-Term (12 months)
Start Date: ASAP

A leading organisation undergoing significant digital transformation is seeking a Security Architect to join on a 12-month fixed-term contract. This is a fantastic opportunity to play a pivotal role in shaping the future of the business’s cyber security strategy and strengthening its overall cyber resilience.

You’ll be at the heart of a multi-year Security & Risk transformation programme, designing and implementing robust, scalable security architectures that span both cloud and on-premise environments. This role is ideal for someone passionate about driving meaningful change and delivering secure, business-aligned solutions within a Microsoft-first environment.

What You’ll Be Doing:

• Leading the design and deployment of end-to-end security architectures using Microsoft Defender, Sentinel, and Identity solutions.
• Aligning security strategy with business goals and digital transformation objectives.
• Providing architectural oversight and mentorship to internal security and project teams.
• Collaborating with a wide range of stakeholders to translate complex business needs into practical and secure technical designs.
• Maintaining clear documentation, roadmaps, and security blueprints to support future scalability.

What We’re Looking For:

• Proven experience in security architecture design and delivery across large, complex environments.
• In-depth knowledge of Microsoft security technologies, including Defender and Sentinel.
• Strong cloud security experience (Azure preferred), with a track record of designing secure, integrated solutions.
• Excellent grasp of security principles including defence-in-depth, zero trust, and secure development lifecycles.
• Strong communication and stakeholder management skills – able to influence at all levels.
• Experience working within structured architectural frameworks and governance models.

Desirable Certifications:

• CISSP, CISM, TOGAF
• Microsoft certifications such as SC-200, AZ-500, SC-100

An expanding Defence client of ours is currently in the market for a Secutrity Architect to specialise within their Product Security division. As the Product Security Architect, you will be working alongside a team who are constantly growing and developing. You will be responsible for Identify security requirements and ensure the integration of security controls during the product development lifecycle

Some of what you will be involved in:

• Develop and implement risk management strategies
• Perform security threat modelling and risk assessments applying security controls to mitigate any threats identified
• Collaborate with the development teams to ensure the adoption of Secure by Design principles
• Identify security risks that arise from potential solution architectures, advising and assuring alternate solutions or counter-measures to mitigate identified information risks.
• Collaborate with the product development teams to integrate security best practices ensuring Secure by Design
• Identify and mitigate security vulnerabilities and risks in products
• Develop and maintain security guidelines, documentation, and training materials
• Participate in incident response and remediation efforts for security breaches affecting products

Your skillset may include:

• Knowledge of HMG standards (including MOD-specific JSP, Def Stan 05-138, Def Stan 05-139)
• An understanding of MOD ISN 23/09 Secure by Design
• Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP
• Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST 800-30, NIST 800-53)

Please reach out to Lewis Dunn @ ARM if you are interested or simply have some questions - E: or DD: (phone number removed)

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.

• Identify security requirements and integrate controls into product development.
• Conduct risk assessments, threat modeling, and vulnerability analysis.
• Develop and implement risk management strategies using security frameworks.
• Collaborate with development teams to ensure security best practices and secure-by-design principles.
• Identify and mitigate security risks in solution architectures.
• Create security documentation (e.g., RMADS, Security Assurance Documents).
• Support incident response and remediation efforts for security breaches.
• Provide security guidance and training to teams across the organization.

• Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) .
• Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139).
• Proficiency in security threat modeling and risk assessments.
• Knowledge of secure development practices, penetration testing, and vulnerability assessments.
• Ability to communicate security risks and strategies to technical and non-technical stakeholders.
• Experience in incident response and remediation.
• Strong analytical and problem-solving skills.

• Degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).
• Certifications such as CISSP, CISM, OSCP, GIAC (preferred but not mandatory).
• Must be eligible for SC security clearance.
• Experience working in defense, government, or high-security environments is a plus.
• Knowledge of cloud security architectures (AWS, Azure, GCP) is advantageous.