Security Architect

Security Architect
2-3 days Bristol then rest remote
6 months likely extension
£600pd outside IR35
Active DV or SC clearance required

Key Responsibilities

Architecture & Design

• Develop secure architecture designs for container platforms (e.g., Kubernetes, OpenShift, Docker).
• Architect and strengthen security controls across virtualisation technologies, including VMware, Hyper V, and cloud-native virtualisation frameworks.
• Produce high-quality HLDs/LLDs, security patterns, and architectural governance artefacts.
• Ensure designs align with NCSC guidance, industry best practices (e.g., CIS Benchmarks), and organisational policy.

Security Assurance

• Conduct security assessments and threat modelling against containerised and virtualised workloads.
• Validate platform configurations against security baselines, compliance frameworks, and risk appetite.
• Provide expert guidance during project delivery to ensure security by design principles are followed.
• Support accreditation activities and ensure all architectural documentation meets government standards.

DevSecOps & Platform Security

• Embed security controls within CI/CD pipelines.
• Advise on secure container image lifecycle management (build, scan, deploy, retire).
• Evaluate and implement tools for:
  • Container security scanning (e.g., Trivy, Aqua, Twistlock)
  • Runtime protection and workload isolation
  • Secrets and identity management (Vault, KMS, etc.)
• Define security controls for ingress/egress, service mesh, and inter container communications.

Stakeholder Engagement

• Work closely with engineering, infrastructure, and security operations teams.
• Act as SME for containerisation and virtualisation security.
• Communicate complex technical concepts to both technical and non technical stakeholders.
• Influence and guide senior leadership on architectural decisions and risk.

Essential Skills & Experience

• Active SC Clearance (minimum).
• Proven track record as a Security Architect in large-scale or secure environments.
• Deep technical knowledge of:
  • Kubernetes, Docker, and container orchestration platforms.
  • Virtualisation platforms such as VMware vSphere/ESXi, Hyper V, or KVM.
  • Cloud platforms (AWS, Azure, GCP) and container services (AKS/EKS/GKE).
• Strong understanding of:
  • Network and infrastructure security
  • Zero Trust principles
  • Identity and Access Management (IAM)
  • Secrets management
  • Workload isolation and micro segmentation
• Knowledge of security standards and frameworks:
  • NIST, ISO 27001, CIS Benchmarks
  • NCSC Cloud Security Principles
  • Government Security Classifications Policy

Desirable Skills

• Experience with OpenShift or enterprise Kubernetes distributions.
• Hands on security tooling (Falco, Istio, Calico, etc.).
• Experience with SAST/DAST, SBOMs, and software supply chain security.
• Familiarity with automation tooling (Terraform, Ansible, Helm).
• Certifications such as:
  • CCSK / CCSP
  • CISSP
  • CISM
  • Kubernetes Security Specialist (CKS)
  • VMware security-related certifications

If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.