Enterprise Security Architect
Indexed description
HMRC is recruiting two Principal Cybersecurity Professionals (Enterprise Security Architects) to shape and govern the security architecture, technology strategy and tooling that underpin one of the most complex digital estates in Europe.
Salary
£71,725 - £87,612
You will operate at enterprise scale, influencing security strategy and technical direction across HMRC and wider government, supporting a multi‑billion‑pound transformation spanning hybrid cloud platforms.
This role sits within Security Consultancy Services (SCS) — a centre of excellence providing risk‑based security architecture, assurance, and technical leadership across HMRC and HMG including participation in diverse groups such as women in tech.
We are committed to building a diverse and inclusive security architecture capability.
We actively encourage applications from women and underrepresented groups in cyber security and architecture.
We value different perspectives — they make our designs stronger, our decisions better and our organisation more resilient.
Job description
As an Enterprise Security Architect, you will provide strategic security architecture leadership across HMRC’s technology landscape.
You will define enterprise‑wide security principles, reference architectures, roadmaps, patterns and tooling strategies; guide secure design and delivery across products and platforms; and provide authoritative, risk‑based advice to senior business and technical stakeholders.
You will work closely with stakeholders from business, architecture, engineering and delivery teams to ensure security is embedded through the full lifecycle — from strategy and design through to implementation and operation. You will also represent HMRC across cross‑government security and architecture communities and contribute to developing capability across the profession.
Line management and mentoring responsibilities may form part of the role.
Please note: Security Check (SC) clearance level, either already held or willing to obtain, is a requirement of this role. Please see Additional Security Information and Security sections below.
Candidate Information Session
We’re hosting a webinar for interested candidates on Tuesday, 30 June 2026 at 2pm. This is your chance to learn more about the role and ask any questions you may have.
Register your interest here and Teams link will be sent to you on the day:
Candidate Information Session -Enterprise Security Architect- Tuesday 30th June 2026 @ 2pm – Fill in form
Key Responsibilities
- Enterprise Security Technology Strategy: Define and govern enterprise security architecture aligned to Zero Trust principles, HMRC standards and cross‑government policy. Your visionary leadership will not only shape the security landscape within HMRC but also set a benchmark for best practice across the UK Government landscape.
- Architecture & Design Authority: Produce and maintain security reference architectures, principles, design patterns, baselines, roadmaps, and technical standards. Provide a leadership and influencing role at technical governance boards.
- Technology Direction & Tooling: Shape security technology strategy and tooling roadmaps, informed by threat intelligence, vendor capability and business risk.
- Risk‑Based Security Leadership: Provide authoritative security advice enabling secure delivery of products, platforms, and services across complex environments.
- Lifecycle Governance: Govern security architecture and control implementation across the full delivery lifecycle, ensuring consistency and compliance.
- Stakeholder & Cross‑Government Engagement: Engage senior business, technical, vendor, and government stakeholders; represent HMRC at governance forums and communities of practice.
- Capability Development: Coach, mentor, and develop security architecture capability across SCS and the wider organisation.
- Innovation & Continuous Improvement: Evaluate emerging technologies, patterns, and methodologies to evolve HMRC’s security architecture and operating model.
Essential Criteria:
We’re looking for a principal security architect with significant experience operating at enterprise scale, demonstrating:
Security Architecture & Strategy
- Proven experience defining and governing enterprise security architecture, including principles, reference architectures, technical standards, security patterns and roadmaps.
- Strong grounding in risk‑based security design, including confidentiality, integrity, availability, resilience, privacy, and non‑functional requirements.
Frameworks & Methodologies
- Practical experience applying TOGAF and SABSA in complex organisations.
- Strong knowledge of industry security frameworks, including NIST CSF 2.0 and the ISO 27000 series.
Technical Security Expertise
- Deep, expertise and strategy setting across at least two of the following security domains: (We recognise that no candidate will meet every requirement, If you bring strong experience in some of these areas and the ability to learn and adapt, we encourage you to apply)
- (Expertise in PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models and modern authentication protocols)
- Proficient in designing segmentation, securing WLAN, LAN, WAN, SDWAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust
- Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security
- Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities
- Expertise in incident response, vulnerability management, SIEM, SOAR, threat modelling, threat hunting, intelligence, data analytics, and anti-phishing methodologies including use of AI Security tooling
- Experience with endpoint security control technologies (EDR, EPP, UEBA, baseline configurations) including the Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, and DAAS
- Expertise in developing reference architectures for cross-hybrid cloud platforms (AWS, Azure – IaaS, PaaS, SaaS, FaaS) and new platform tools like CASB, CSPM, CWPP, and containerization security.
Enterprise Delivery & Influence
- Experience providing authoritative security leadership across large programmes, products, or platforms and leading security effectively through agile governance
- Proven ability to engage, influence, and advise senior technical and business stakeholders, translating technical risk into clear, actionable decisions
- Experience shaping and governing security controls and outcomes across multi‑supplier and multi‑team environments
- Effective engagement across diverse stakeholder groups, sharing knowledge, guidance and mentoring colleagues whilst managing complex change
Desirable Criteria
- Recognised professional certifications (e.g. CISSP, CCSP, CRISC, NIST, ISO 27001)
- Vendor certifications (e.g. Microsoft Security, AWS Security)
- Chartered membership of a recognised cyber security professional body
For further information and to apply via Civil Service Jobs, please follow the link:
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search