Enterprise Security Architect - HMRC - G6

Discover a career in your hands at HMRC. Whether you're seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC. 

Visit our YouTube channel to watch the full series and come and discover your potential.

Are you passionate about Cyber Security and Enterprise Architecture?

Do you have senior-level experience as a Cyber Security Professional?

Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector.  Enjoy a healthy work/life balance while making a significant impact.  

HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five years modernising our IT Landscape across Multi-Hybrid Cloud Platform.  Working in one of the most complex infrastructures across Europe with significant investment and over 1000 changes monthly impacting over 600 services. Security Modernisation is critical to this initiative and our collective success.   Now is a great time to join us as we establish a team of outstanding people in the fields of Security Architecture, Risk Assessment and Testing who will create and run these new and improved technology services.   

This is a chance to work on services that matter and affect the lives of millions of citizens as well as delivering Government Security services directly across circa 400 Government Departments and Arms-Length Bodies (ALBs). 

Job description

HMRC Security are part of HMRC’s Chief Digital Information Office (CDIO) and support the department in assessing business and reputational risks in one of the largest IT estates in Europe.    

Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSeC) are an integral part of HMRC Security. We are responsible for ensuring everyone has capability to fulfil their security responsibilities and develop individual capability to detect, prevent and respond to security risks and threats.     

Our vision is to be recognised as a centre of expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services.  This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. 

It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG.  

As an Enterprise Security Architect and Principal Cyber Security Professional, you will work in a multidisciplined team in Cyber Security Technical Services (CSTS).  You will be part of our active and encouraging Cyber Security and Architecture communities, within HMRC and across government.   

You will collaborate and play a leading role with senior business and technical partners, to deliver appropriate risk based technical security advice and guidance. This enables the secure delivery of His Majesty’s Government solutions and services. You will engage at a strategic level, influencing policy and setting direction for technical and business change developing the capability through coaching, mentoring and training.  

You will have the opportunity to promote consistent security architecture across a multi-billion-pound portfolio of business transformation projects including cross-government work within HMRC. This will include creation, maintenance, communication and evolution of security technology and tooling roadmaps, design patterns and reference architectures that will drive adoption of modern technology meeting HMRC’s business driven need towards rationalised strategic platforms.  

In addition, you may be encouraged to undertake line management responsibilities developing and managing a team.    

You may be expected to own and develop CSTS capabilities and/or services. 

Person specification

Ideal candidate:   

• A business and technology leader in the strategic selection, development and delivery of technical security controls and services.  
• Focused expertise to develop and lead within one or many security technology domains aligning capability to security tooling. 
• Key stakeholder management experience across senior business and technical environments including vendors, partners and other government departments.
• Able to demonstrate a proven history of delivering high value outcomes in challenging and complex environments. 
• You will be confident in your ability to engage within the UK security and architecture community and hold the technical credibility to represent our business at a range of engagements sharing a point of view and direction. 
• Always clear and honest when communicating, sharing knowledge and skills to build consistency and excellence in our work, aiming to achieve great results.
• Willing to champion consistency across our business in support of our “one team” ethos, you will be happy to provide technical reviews, develop individuals and contribute to the development of protective security practices.   
• Constant and never-ending individual improvement adding value in all engagements.  

Responsibilities:    

• You will be responsible for leading, influencing and developing domains within the Security Technology and Tooling Strategy for the organisation.  Your visionary leadership will not only shape the security landscape within HMRC but also set a benchmark for best practices across the UK Government landscape.    
• You will drive transformative change, leveraging cutting-edge technologies and innovative tools to fortify our defences. Your influence will extend beyond our walls, inspiring a culture of excellence and resilience in cybersecurity throughout the public sector.  
• Strategic Direction Setting: Define and steer enterprise security strategies, ensuring alignment with Zero Trust principles and architectural standards.  
• Technology Leadership: Lead the creation and implementation of security and architectural principles, technology strategies, and tooling plans, addressing business risks and supporting policy development.  
• Technical Expertise Building: Cultivate the technical security and enterprise architecture capabilities of the CSTS and Cyber GSeC teams, driving a robust learning and development strategy.  
• Effective Communication: Recognize and articulate the impact of security measures on users and business needs, providing clear, actionable advice to inform decision-making and address partner concerns.  
• Methodology and Framework Enhancement: Contribute to the development and refinement of enterprise security architecture methodologies, such as TOGAF and SABSA and Framework adoption such as those in NIST 2.0.
• Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. 
• Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective security controls.  
• You will support the Head of Capability in driving and delivering Enterprise-wide security technology change, engaging at a strategic level and working through the lifecycle to governing the technical implementation of security services and solutions. 
• Collaborative Expertise and Cyber Service Delivery: Work collaboratively with HMG security teams to offer subject matter expertise on security and risk requirements and lead the delivery of cyber services from the service catalogue and withing the Secure by Design Lifecycle.  
• Innovation and Adoption: Research, validate, and adopt new technologies and methodologies, contributing to the organization's broader security technology strategy. 
• Governance, Mentorship, and Stakeholder Management: Represent the organization at governance boards, provide peer reviews and mentoring, and build strong relationships with stakeholders across the civil service, departments, suppliers, vendors, and programs.   

Essential Criteria:   

You will have significant experience or knowledge as follows: 

• Communication Skills: Proficient in managing stakeholder relationships across business and technical domains through active engagement and clear communication. 
• Security Knowledge: Deep understanding of security and privacy risks, including confidentiality, availability, integrity, non-repudiation, and privacy. 
• Architectural Methodologies: Experienced with TOGAF and SABSA. 
• Security Frameworks: Knowledgeable in standard security frameworks. 
• Output Development: Skilled in creating reference architectures, roadmaps, design patterns, technical standards, policies, principles, guidance, and procedures. 
• Security Controls Design: Experienced in designing security controls from non-functional requirement catalogues and associated design patterns, procedures, and technical guidance. 
• Technical Security Strategy: Capable of developing technical security strategies based on business and technical risks. 
• Technical Proficiency: Proficient in technologies and security processes across at least two architectural domains. 
• Real-World Application: Experienced in applying technical security in real-life environments and delivering security aspects of major projects.
• Team Engagement and Leadership: Effective in engaging teams, sharing knowledge, guiding, and training colleagues, and managing change. 
• Proficiency in at least one or many of the following cross-section of technologies and supporting security processes towards the application of technical security in real life environments:  
• Identity and Access Management Capabilities and Solutions. 
• Infrastructure Security including Endpoints, Operating Systems, Network Security architectures, technologies and the OSI Model.
• Knowledge of Application and Data Security Solutions and modern practices of deployment.
  Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
• Knowledge and Experience of Modernised Security Operations Centre including Attack Surface Management.
• Cloud Security & Risk applied to all service and deployment ISO standards including 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0.  

Technical Security within one or many of the following domains:   

• Identity and Access Management: Expertise in PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models, AzureAD, MIM, FIM, and modern authentication protocols (SAML, OIDC). 
• Network Security: Proficient in designing segmentation, securing WLAN, LAN, WAN, SDWAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. 
• Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security.
• Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. 
• Cyber Security Operations: Proficient in incident response, vulnerability management, SIEM, SOAR, threat modeling, threat hunting, intelligence, data analytics, and anti-phishing methodologies. 
• Infrastructure and Endpoint Security: Experience with endpoint security control technologies (EDR, EPP, UEBA, baseline configurations) including the Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, and DAAS.
• Cloud Security: Expertise in developing reference architectures for cross-hybrid cloud platforms (AWS, Azure – IaaS, PaaS, SaaS, FaaS) and new platform tools like CASB, CSPM, CWPP, and containerization security. 

Desirable Criteria

• CCSP (Certified Cloud Security Professional). 
• CISSP (Certified Information Systems Security Professional). 
• CRISC (Certified in Risk and Information Systems Control). 
• Microsoft Cybersecurity Expert incl. M365 Security, Azure Security, Identity & Access Management and Security Operations. 
• AWS Security. 
• NIST Cybersecurity Professional (NCSP) Practitioner. 
• ISO27001. 
• Vendor Qualifications – Cisco, VMware, Fortinet, Checkpoint etc. 
• Chartered membership in professional security bodies. 

Additional Information

Candidates must hold or be willing to obtain a minimum of Security Check (SC) Clearance, as this is a requirement of the role.