Cyber Security Architect at BAE Systems, England, 12 Months, £50-£90 per hour

Contract Description

Senior and Principal Security Architects

£50-£90 per hour (Dependent on experience and level) - Inside IR35

12 month contracts

Hybrid - 2/3 days a week on site - Warton (PR4)

 

**Applicants must have the right to work in the UK**

**Successful applicants must be eligible for SC/DV clearance**

 

 

Role Purpose / Overview

 

Highly experienced security architects with strong technical credentials across enterprise, cloud, network and classified environments. Responsible for designing end-to-end secure architectures (HLD/LLD), leading Design Authorities and Technical Design Authorities, and providing architectural assurance across multi-supplier programmes up to TOP SECRET / Above Secret classifications. Ensures Secure-by-Design principles are embedded from the outset across all programmes.

 

Key Outcomes

 

  • Security is consistently embedded into system design across all programmes
  • Architectural decisions align with Secure-by-Design principles from the outset
  • Complex, multi-partner and classified environments are designed securely and coherently
  • Identity, cross-domain and data protection controls are defined at the architecture level
  • Design Authority interactions are informed, structured and technically robust

 

Key Responsibilities

 

  • Design end-to-end secure architectures (HLD/LLD)
  • Lead Design Authorities and Technical Design Authorities
  • Ensure security is consistently embedded into system design across all programmes
  • Align architectural decisions with Secure-by-Design principles from the outset
  • Define identity, cross-domain and data protection controls at the architecture level
  • Enable structured, technically robust Design Authority interactions
  • Provide architectural assurance across complex, multi-partner and classified environments

 

Technical Skills & Experience, a good mix of some or all of the following:

 

  • Secure-by-Design (MOD SbD / NIST 800-53r5 / NIST CSF / CIS CSC v8.1) — design, maturity tracking and assurance across full programme lifecycles
  • Enterprise & Cloud Security Architecture — AWS, Azure, GCP, Oracle Cloud (multi-cloud landing zones, hybrid identity, secure migration patterns)
  • Classified Platform Design — OFFICIAL, OFFICIAL-SENSITIVE, SECRET and ABOVE SECRET environments, ROSA, Garrison, Citadel, VCF, Cross-Domain Solutions
  • Zero Trust, IDAM & PKI — conditional access, hybrid identity, cryptography, HSMs, IAM, RBAC, OIDC, federation
  • Threat Modelling — STRIDE / STRIDE-LM, attack-surface analysis, trust boundary modelling, design reviews
  • Network & Boundary Security — Checkpoint, Palo Alto, Fortinet, Cisco, Juniper, F5, Zscaler, NSX-T, SD-WAN, encrypted WAN, DMZ, NAC
  • ServiceNow & M365 Architecture — ITSM, ITOM, CSM, EAM, SharePoint Online, Purview, Entra, Sentinel, Defender, Power Platform, CoPilot
  • Container & DevSecOps — Kubernetes (EKS, Tanzu), Terraform, Ansible, CI/CD security, image scanning, container hardening
  • Architecture Frameworks — TOGAF, ArchiMate, SABSA, Zachman, MODAF, JSP standards, NCSC architectural patterns
  • HLD / LLD authoring, Security Patterns, Reference Architectures, Bill of Materials, Crypto Plans and JSP-compliant documentation
  • Design Authority leadership, Technical Security Boards, Gateway Reviews, multi-supplier governance

 

Qualifications & Certifications

 

  • CISSP (multiple holders), CISM, CCSP, OSCP, CEH
  • TOGAF 9 / TOGAF 9.2, SABSA Foundation, Zachman, ITIL v3/v4
  • AWS Security Specialty, AWS Solutions Architect, AWS DevOps Pro, AWS Advanced Networking
  • Azure Security Specialist (AZ-500), Azure Solutions Architect (AZ-303/304), Microsoft MCSE
  • CCIE (#38006), CCNP, CCDP, VCP, VCAP-NV, VCP-NV, Check Point CCSE/CCSA, PCNSE
  • ISO 27001 Lead Auditor, ISO 27005
  • Prince2 Practitioner, MSP, Chartered Engineer (IET), MBCS CITP
  • Government Clearances: SC, DV (active and historic), Five Eyes engagement