Negotiable
Outside
Hybrid
England, UK
Summary: The role of Network Security Architect involves leading the design, assurance, and governance of secure network architecture within a UK Defence environment. The position requires an experienced professional with active UK MoD DV clearance to set architectural direction and support delivery teams across various environments. The architect will produce key documentation and provide technical governance while collaborating with various stakeholders. This role is classified as outside IR35 and offers a hybrid working arrangement.
Key Responsibilities:
- Lead secure network architecture design across data-centre/on-prem and hybrid environments.
- Produce and own architecture deliverables, including:
- HLD/LLD
- Standards, patterns, and reference architectures
- As-built documentation
- Provide technical governance and assurance, including:
- Design reviews and technical approval
- Risk and exception management
- Architectural decision-making and stakeholder sign-off support
- Define and assure solutions covering:
- Secure boundaries/perimeter controls
- Segmentation and zoning (including secure enclaves)
- Controlled data flows and restricted connectivity models
- Secure remote access aligned to Defence constraints
- Collaborate closely with engineers, security teams/SOC, service owners, and suppliers to drive designs from concept through to implementation.
Key Skills:
- Proven experience in Network Security Architecture within Defence/Government/high-assurance environments.
- Strong understanding of secure network design principles, including:
- Defence-in-depth
- Least privilege
- Secure boundary patterns
- Zero Trust concepts
- Hands-on architectural capability across:
- Enterprise routing and switching
- Firewall architecture (HA design, policy design, rulebase strategy)
- Segmentation approaches (zones, VLAN/VRF patterns, restricted service exposure)
- Security controls such as Proxy, IDS/IPS, NAC (as applicable)
- Strong documentation and stakeholder skills (able to brief both senior technical and non-technical audiences).
Salary (Rate): undetermined
City: undetermined
Country: UK
Working Arrangements: hybrid
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: IT
Network Security Architect (Outside IR35)
- Job Title: MoD-DV Network Security Architect
- Contract: Outside IR35
- Duration: 12 months (rolling extensions)
- Location: UK (hybrid) - split between home working and onsite UK data centres/secure sites (onsite frequency to be confirmed)
- Clearance: Active, transferable UK MoD DV is mandatory
Role Overview
We're looking for an experienced DV-cleared Network Security Architect to lead the design, assurance, and governance of secure network architecture within a UK Defence environment. You'll set architectural direction, define secure standards and patterns, and support delivery teams across on-prem/data-centre and hybrid estates.
Key Responsibilities
- Lead secure network architecture design across data-centre/on-prem and hybrid environments.
- Produce and own architecture deliverables, including:
- HLD/LLD
- Standards, patterns, and reference architectures
- As-built documentation
- Provide technical governance and assurance, including:
- Design reviews and technical approval
- Risk and exception management
- Architectural decision-making and stakeholder sign-off support
- Define and assure solutions covering:
- Secure boundaries/perimeter controls
- Segmentation and zoning (including secure enclaves)
- Controlled data flows and restricted connectivity models
- Secure remote access aligned to Defence constraints
- Collaborate closely with engineers, security teams/SOC, service owners, and suppliers to drive designs from concept through to implementation.
Essential Skills & Experience
- Proven experience in Network Security Architecture within Defence/Government/high-assurance environments.
- Strong understanding of secure network design principles, including:
- Defence-in-depth
- Least privilege
- Secure boundary patterns
- Zero Trust concepts
- Hands-on architectural capability across:
- Enterprise routing and switching
- Firewall architecture (HA design, policy design, rulebase strategy)
- Segmentation approaches (zones, VLAN/VRF patterns, restricted service exposure)
- Security controls such as Proxy, IDS/IPS, NAC (as applicable)
- Strong documentation and stakeholder skills (able to brief both senior technical and non-technical audiences).
Desirable
- Experience with one or more of: Fortinet, Palo Alto, Check Point, Cisco, Juniper
- Exposure to SASE/SD-WAN within constrained/secure environments
- Experience supporting assurance/accreditation evidence and security design sign-off
Next Steps
If you hold active MoD DV clearance and this aligns with your experience, please send your most recent CV and best contact details so we can arrange a confidential discussion.