Overview

Join HMRC Security, part of the Chief Digital Information Office (CDIO), supporting one of Europe’s largest IT estates. Within Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSeC), we build capability across HMRC to detect, prevent, and respond to evolving cyber threats.

Our vision is to be a recognised centre of excellence, delivering customer-centric cyber services and consultancy that adapt to emerging technologies and risks.

Role

Enterprise Security Architect (Principal Cyber Security Professional)

This campaign attracts Higher Starting Pay.

Location
Bristol, Cardiff, East Kilbride, Edinburgh, Glasgow, Manchester, Stratford, Telford, Worthing

Location detail

Join HMRC Security and contribute as part of CSTS and Cyber GSeC to lead and shape security architecture across HMRC’s multi-billion-pound transformation portfolio.

Responsibilities

Key Responsibilities

• Strategic Leadership: Define and lead enterprise security strategies aligned with Zero Trust and architectural standards.
• Technology Direction: Develop and implement security principles, tooling strategies, and architectural guidance to address business risks and support policy applied to products, platforms and services.
• Capability Development: Build technical expertise across CSTS and Cyber GSeC, driving learning and development. Support the Head of Capability in driving and delivering Enterprise-wide security technology change, engaging at a strategic level and governing the technical implementation of security services and solutions.
• Effective Communication: Translate technical impacts into clear, actionable advice for stakeholders.
• Framework & Methodology: Enhance enterprise security architecture using TOGAF, SABSA, and NIST 2.0 frameworks.
• Tooling Roadmaps: Create and communicate security tooling roadmaps, incorporating vendor insights and threat landscape analysis.
• Design Patterns & Baselines: Establish technology baselines and design patterns to guide secure solution development.
• Strategic Engagement: Support the Head of Capability in delivering enterprise-wide security change, from strategy to implementation.
• Cross-Government Collaboration: Provide subject matter expertise and lead cyber service delivery across HMG.
• Innovation & Adoption: Research and integrate emerging technologies and methodologies into HMRC’s security strategy.
• Governance, Mentorship, and Stakeholder Management: Represent at governance boards, conduct peer reviews, and mentor. Build strong relationships with stakeholders across the civil service, departments, suppliers, vendors, and programmes.

Person specification

We’re looking for a strategic leader in technical security - someone who can shape, deliver, and evolve security controls and services across complex environments.

You will bring:

• Proven leadership in selecting, developing, and delivering security technologies and controls.
• Deep expertise in one or more security domains, with the ability to align tooling to capability needs.
• Strong stakeholder management across senior technical, business, vendor, and government landscapes.
• A track record of delivering high-value outcomes in complex, high-pressure environments.
• Confidence and credibility to represent HMRC in UK-wide security and architecture communities.
• Clear, honest communication, transparently sharing knowledge to build consistency and excellence.
• A collaborative mindset, championing our “one team” ethos through technical reviews, mentoring, and practice development.
• A commitment to continuous personal growth and adding value in every engagement.

Core Skills & Knowledge

• Communication Skills: Proficient in managing stakeholder relationships across business and technical domains through active engagement and clear communication.
• Team Engagement and Leadership: Effective in engaging teams, sharing knowledge, guiding, and training colleagues, and managing change.
• Security Fundamentals: Deep understanding of confidentiality, integrity, availability, non-repudiation, resilience and privacy risks.
• Architectural Methodologies: Practical experience with TOGAF and SABSA.
• Security Frameworks: Familiarity with industry-standard frameworks (e.g., NIST, ISO) 27001, 27002, 27005, 27017, 27018, 22301 and NIST CSF 2.0.
• Technical Output Creation: Proven ability to develop reference architectures, roadmaps, design patterns, principles, standards, policies, and guidance.
• Security Control Design: Experience designing controls from non-functional requirements and associated guidance.
• Knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Knowledge and Experience of Modernised Security Operations including Attack Surface Management.

Technical Proficiency

• Expertise across at least two of the following security domains, with real-world experience applying technical security in complex environments and major projects.

Domains

• Identity and Access Management: PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models, AzureAD, MIM, FIM, and modern authentication protocols (SAML, OIDC).
• Network Security: Segmentation, WLAN/LAN/WAN, SD-WAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust.
• Application Security: SAST, DAST, RAST, IAST tools, SDLC integration, OWASP, API security, threat modelling, and containerization security.
• Data Security: Information protection tools, key and secrets management, data loss prevention, and protective marking/classification.
• Cyber Security Operations: Incident response, vulnerability management, SIEM, SOAR, threat modelling, threat hunting, intelligence, data analytics, anti-phishing.
• Infrastructure and Endpoint Security: EDR/EPP, UEBA, baseline configurations; Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, DAAS.
• Cloud Security: Cross-hybrid cloud architectures (AWS, Azure), CASB, CSPM, CWPP, containerization security.

Certifications and memberships

Certifications and memberships that would strengthen your application:

• Professional Certifications: CCSP, CISSP, CRISC, NCSP Practitioner, ISO27001 Lead Implementer/Auditor
• Vendor-Specific Qualifications: Microsoft Cybersecurity Expert, AWS Security
• Professional Memberships: Chartered status in recognised security bodies

Notes

The Desirable Criteria will not be included in the routine sifting/assessment of your application but could be used in the event of a tie break.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology

Industries: IT Services and IT Consulting

For more information about applying or to express interest, follow the official HMRC vacancy process. This description is limited to roles, responsibilities, and qualifications and does not include any external advert content.