Network/Security Architect

This is a senior role responsible for the end-to-end architecture, design, implementation, and ongoing governance of high-security, covert, and hidden network infrastructures.

The role demands deep expertise across offensive and defensive network design principles, signals intelligence (SIGINT) awareness, and a demonstrable track record delivering secure communications infrastructure in sensitive or classified environments.

The ideal candidate will have:

• Extensive hands-on experience designing and implementing high-security or classified network architectures, including air-gapped and isolated environments.
• Deep expertise in routing and switching protocols (BGP, OSPF, MPLS), advanced VLAN segmentation, and SD-WAN in secure contexts.
• Strong knowledge of network encryption standards including IPSec, MACsec, TLS/mTLS, and government-grade encryption appliances.
• Proven experience with zero-trust architecture frameworks (NIST SP 800-207 or equivalent) and their practical implementation.
• Proficiency with network monitoring, SIEM platforms (Splunk, QRadar, or equivalent), and traffic analysis tools (Wireshark, Zeek, Suricata).
• Demonstrable experience with covert channel design, traffic obfuscation, or signals intelligence countermeasures.
• Knowledge of TEMPEST standards (NATO SDIP-27, AMSG 720B) and physical emanation security.

The role is hybrid with a requirement for 2 days per week in the Bristol office and candidates must be SC cleared as a minimum.

The role is inside IR35 at £700/day.