Security Architect - Outside IR35 - SC Cleared

We are seeking a Security Architect/Senior Security Engineer to support the design and implementation of security controls for the rollout of Cloud Adoption Framework (CAF) compliance activities within an AWS-based software delivery programme.

The role will work closely with senior architects, engineers, and security stakeholders to help ensure solutions align with GDS Service Manual principles, supporting secure and resilient delivery across Privileged Access Workstations (PAWs), SOC integration, and device security.

This is a hands-on role suited to someone with solid cloud security experience who is looking to step further into architecture and assurance responsibilities within a UK public-sector environment.

• Contribute to the definition and maintenance of security architecture for PAWs and AWS workloads in line with CAF and GDS standards.
• Support the development of secure patterns for application and infrastructure components, including IAM, encryption, and network segmentation.
• Review designs and implementations to ensure security controls are applied consistently.

• Support CAF compliance activities and alignment with UK Government security policies.
• Contribute to risk assessments, security documentation, and assurance artefacts.
• Assist with responding to security and assurance queries during delivery phases.

• Experience working in a cloud security role (AWS preferred).
• Working knowledge of UK Government CAF, GDS Service Manual, or similar assurance frameworks.
• Hands-on experience with AWS security services such as IAM, KMS, GuardDuty, Security Hub (or equivalents).
• Exposure to PAWs, SOC tooling, or endpoint security controls.
• Understanding of secure software development lifecycle (SSDLC) and DevSecOps practices.
• Familiarity with ISO 27001, NCSC guidance, and protective monitoring concepts.
• Experience contributing to security designs or architecture decisions (with or without formal architect title).

• AWS security certification (or working towards one).
• Experience working in public sector or regulated environments.
• Exposure to container platforms (ECS/EKS) and CI/CD security controls.
• Awareness of security architecture frameworks such as SABSA or TOGAF.