Architect – TSA Cyber Security
Indexed description
The TSA Cyber Security Architect is responsible for ensuring that telecommunications platforms, networks, applications and cloud solutions comply with the UK Telecommunications Security Act (TSA) and Secure by Design principles. The role provides security architecture leadership throughout the project lifecycle, ensuring regulatory compliance while reducing cyber risk across enterprise and telecom environments.
Key Responsibilities
- Review solution architectures for compliance with the UK Telecommunications Security Act (TSA).
- Provide security architecture guidance across Network, IT and Digital programmes.
- Conduct Secure by Design architecture assessments and security design reviews.
- Perform cyber risk assessments and recommend mitigation strategies.
- Ensure security requirements are embedded into Agile, DevSecOps and CI/CD delivery.
- Review end-to-end connectivity across telecom infrastructure.
- Define security requirements for cloud, on-premise and hybrid environments.
- Produce Security Architecture Documents (SAD), High Level Designs (HLD) and Low Level Designs (LLD).
- Review API, microservices and application security architecture.
- Work with Engineering, Architecture and Delivery teams to ensure compliance throughout project delivery.
- Support security testing, penetration testing and vulnerability remediation.
- Lead threat modelling workshops and architectural risk reviews.
- Support regulatory audits and compliance activities.
Technical Skills
- Strong understanding of UK Telecommunications Security Act (TCA/TSA) requirements.
- Secure by Design methodology.
- Enterprise Security Architecture.
- Network Security Architecture.
- Zero Trust Architecture.
- Cloud Security (AWS, Azure, GCP).
- Identity & Access Management (IAM).
- PKI, TLS, VPN and encryption technologies.
- Firewalls, IDS/IPS and SIEM platforms.
- API Security (OAuth2, OpenID Connect, JWT).
- DevSecOps and CI/CD security.
- Container Security (Docker, Kubernetes).
- Threat Modelling (STRIDE, ATT&CK).
- Vulnerability Management.
- Security Monitoring and Incident Response.
Experience Required
- 8–12+ years in Cyber Security or Security Architecture.
- Experience within Telecommunications or Critical National Infrastructure.
- Demonstrable experience performing Security Design Reviews.
- Experience with cloud transformation programmes.
- Strong stakeholder management and technical leadership skills.
- Experience working within regulated environments.
Certifications (Preferred)
- CISSP
- SABSA
- TOGAF
- CCSK or CCSP
- Azure Security Engineer
- AWS Security Specialty
- Certified Information Security Manager (CISM)
- NCSC Certified Professional (desirable)
Knowledge of Standards
- UK Telecommunications Security Act (TSA)
- NCSC Cyber Assessment Framework (CAF)
- ISO 27001
- NIST Cybersecurity Framework
- NIST 800-53
- CIS Controls
- IEC 62443 (advantageous)
- OWASP Top 10
- GDPR
Key Deliverables
- Security Architecture Review Reports
- Threat Models
- Security Risk Assessments
- Secure by Design Assessments
- Architecture Approval Documents
- Security Control Specifications
- Compliance Evidence for TSA audits
- Security Exception and Risk Register updates
Desirable Experience
- Telecom Core Networks (4G/5G)
- OSS/BSS platforms
- Network Virtualisation (NFV/SDN)
- API Gateways
- Kubernetes/OpenShift
- Infrastructure as Code (Terraform, Ansible)
Soft Skills
- Excellent communication and presentation skills.
- Ability to influence senior stakeholders.
- Strong analytical and problem-solving capability.
- Experience leading cross-functional technical workshops.
- Ability to balance security, business and operational requirements.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search