Security Architect

Summary: The Security Architect role involves designing secure architecture for container platforms and strengthening security controls across virtualization technologies. The position requires active DV or SC clearance and entails a mix of on-site work in Bristol and remote work. The contract is for 6 months with a likely extension, offering a competitive daily rate.

Key Responsibilities:

• Develop secure architecture designs for container platforms (e.g., Kubernetes, OpenShift, Docker).
• Architect and strengthen security controls across virtualization technologies, including VMware, Hyper-V, and cloud-native virtualization frameworks.
• Produce high-quality HLDs/LLDs, security patterns, and architectural governance artifacts.
• Ensure designs align with NCSC guidance, industry best practices (e.g., CIS Benchmarks), and organizational policy.
• Conduct security assessments and threat modeling against containerized and virtualized workloads.
• Validate platform configurations against security baselines, compliance frameworks, and risk appetite.
• Provide expert guidance during project delivery to ensure security by design principles are followed.
• Support accreditation activities and ensure all architectural documentation meets government standards.
• Embed security controls within CI/CD pipelines.
• Advise on secure container image lifecycle management (build, scan, deploy, retire).
• Evaluate and implement tools for container security scanning, runtime protection, and workload isolation.
• Define security controls for ingress/egress, service mesh, and inter-container communications.
• Work closely with engineering, infrastructure, and security operations teams.
• Act as SME for containerization and virtualization security.
• Communicate complex technical concepts to both technical and non-technical stakeholders.
• Influence and guide senior leadership on architectural decisions and risk.

Key Skills:

• Active SC Clearance (minimum).
• Proven track record as a Security Architect in large-scale or secure environments.
• Deep technical knowledge of Kubernetes, Docker, and container orchestration platforms.
• Virtualization platforms such as VMware vSphere/ESXi, Hyper-V, or KVM.
• Cloud platforms (AWS, Azure, GCP) and container services (AKS/EKS/GKE).
• Strong understanding of network and infrastructure security, Zero Trust principles, IAM, and secrets management.
• Knowledge of security standards and frameworks: NIST, ISO 27001, CIS Benchmarks, NCSC Cloud Security Principles, Government Security Classifications Policy.
• Experience with OpenShift or enterprise Kubernetes distributions.
• Hands-on security tooling (Falco, Istio, Calico, etc.).
• Experience with SAST/DAST, SBOMs, and software supply chain security.
• Familiarity with automation tooling (Terraform, Ansible, Helm).
• Certifications such as CCSK / CCSP, CISSP, CISM, Kubernetes Security Specialist (CKS), VMware security-related certifications.

Salary (Rate): £600/day

City: Bristol

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: outside IR35

Seniority Level: Senior

Industry: IT