Security Architect

As a Security Architect (DSA), you’ll help design and maintain secure systems across the Home Office. Working alongside Lead and Principal Security Architects, you’ll apply best-practice frameworks and risk-based controls to ensure our services are resilient and compliant. You’ll collaborate with engineers, DevOps teams, and stakeholders to embed security into every stage of development.

Your role will involve assessing vulnerabilities, advising on secure design, and translating complex threats into clear, actionable guidance. Whether recommending new tools, leading penetration tests, or shaping policy, your work will help protect sensitive data and support the delivery of secure, user-focused services.

Data Services and Analytics (DSA) is the Home Office’s centre of data expertise, bringing together professionals from diverse backgrounds to deliver impactful insights and secure digital services. We’re committed to continuous learning, inclusion, and the wellbeing of our people, all while supporting the department’s vital public mission.

What will you do?

• Design secure architectures and review existing systems, ensuring alignment with industry frameworks (e.g., ISO 27001, NCSC).
• Collaborate with Lead/Principal Security Architects to implement cohesive security solutions, bridging technical teams and senior stakeholders.
• Advise multidisciplinary groups (Engineering, DevOps, Architecture) on risk assessments, recommending proportionate controls for cloud, on-premise, and hybrid environments.
• Oversee or assist in penetration testing and security assessments, verifying vulnerabilities are identified and tracked to resolution.
• Communicate complex security concepts clearly, helping both technical and non-technical colleagues to understand risks and adopt best practices.
• Maintain awareness of evolving threats, tooling, and methodologies, adapting security strategies to protect critical systems and data.
• Enforce consistent security standards, documenting designs, updating policies, and applying recognized architecture approaches (e.g., SABSA, TOGAF).

What will you bring?

• Secure system design – applying best-practice patterns (e.g., zero trust, defense in depth) to manage risk while meeting user requirements.
• Threat and risk assessment – using frameworks like ISO 27001, COBIT, or NIST to identify vulnerabilities, prioritize fixes, and justify decisions.
• Technical expertise – applying security concepts at a technical level, working with security tools, network security infrastructure technologies, and Information Security Management frameworks (e.g. ISO 27000, CoBIT, NIST).
• Penetration testing & remediation – planning or scoping tests, interpreting findings, and guiding improvements to maintain system integrity.
• Effective communication – translating security concepts for diverse audiences, influencing decisions, and promoting secure practices.
• Collaboration – partnering with architects and DevOps teams to ensure alignment between security goals and business objectives.

Why Join Us?

• Exceptional pension: Employer contribution of 28.97%.
• Generous leave: 25 days annual leave (rising to 30 with service), 8 public holidays, and 1 day for the King’s Birthday.
• Flexible working: Options include full-time, part-time, compressed hours, job sharing, and a hybrid model (minimum 60% on-site).
• Learning and development: Access to training, technical accreditations, and funded qualifications (subject to approval).
• Recognition and inclusion: A culture that champions diversity, enhanced parental leave schemes, annual bonuses, and recognition awards.

Learn more about our benefits: Benefits - Home Office Careers

Additional Information

This role requires SC clearance. To meet national security vetting requirements, you typically need to have been resident in the UK for at least three years. Unfortunately we cannot offer sponsorship.

Click "Apply" to view the full job details and help deliver secure, innovative services at the heart of government.