About the job

Summary

The Cabinet Office are recruiting to two Security Architect vacancies on a permanent basis.

The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.

We are the Cabinet Office’s cyber security team, and our mission is to secure the department (including its arms length bodies such as the Government Digital Service) against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK, Notify, and Register to Vote.

Job description

Our Security Architects are trusted advisors for security, responsible for delivering both hands-on solutions and providing information and cyber security advice.

You will work within the CDIO cyber security team and across the Cabinet Office and GDS in this fast-paced and diverse role. You’ll be instrumental in implementing appropriately secure systems, security tooling and other solutions to solve cyber security problems.

Responsibilities

As a Security Architect, you will:

• continuously improve the security of our platforms and services by cooperating with various stakeholders to identify, communicate and remediate cyber security issues.

• advise on the selection and implementation of security controls by assessing current threats and vulnerabilities associated with a service or technology.

• understand common and emerging vulnerabilities and threats.

• know how to stay up-to-date through sources such as OWASP and MITRE ATT&CK.

• support digital and service teams to implement security controls and be considerate of organisational objectives.

• communicate security issues and advice widely through various internal channels, including technical documentation, intranets and published guidance (like GDS Way).

• help teams identify and promote security best practices to deliver robust, resilient, secure and scalable solutions.

• act as an ambassador for the cyber security team and promote the team’s tools and services.

We’re interested in people who:

• understand security isn’t just a technology problem, that people and processes are essential to consider.

• can demonstrate extensive information and cyber security knowledge, particularly secure development and engineering practices, identity and access management and cryptography principles.

• appreciate security aspects end-to-end, from designing security controls before a system is developed to managing processes once a service is live, such as regularly iterating incident management and response plans.

• have performed threat modelling and design reviews against new and existing services.

• have experience with cloud-native technologies, particularly those in Amazon Web Services (AWS) such as AWS Lambda, CloudTrail and Kinesis.

• have software development experience to be able to build prototypes, review code and showcase cyber security solutions.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Delivering at Pace
• Changing and Improving

Benefits

• Learning and development tailored to your role.

• An environment with flexible working options.

• A culture encouraging inclusion and diversity.

• A Civil Service Pension which provides an attractive pension, benefits for dependants and average employer contributions of 27%.

• A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.