Security Architect
Cabinet Office
Apply before 11:55 pm on Monday 28th October 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.
We are the Cabinet Office’s cyber security team, and our mission is to secure the department (including its arms length bodies) against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services.
Find out more about the work Cabinet Office gets involved in at the and Technology in Government blog.
Job description
We are seeking an experienced security architect to join the department’s Cyber and Information Security function. As a key member of the security architecture team you will be responsible for designing security controls and identifying security solutions that supports the Department’s business objectives. You will be providing specialist advice to assist the department’s IT and digital services to be secure by design. This role reports to the Head of Security Architecture.
Our security architects are trusted advisors for security, responsible for delivering both hands-on solutions and providing information and cyber security advice.
You will work within the central cyber security function and across the Cabinet Office in this fast-paced and diverse role. You’ll be instrumental in implementing appropriately secure systems, security tooling and other solutions to solve cyber security problems.
The security architect role is part of the Digital, Data and Technology (DDaT) Profession in the Civil Service.
As a security architect, you will:
- Provide specialist security architecture advice, and recommend technology or business processes to enable project teams to deliver business objectives.
- Communicate widely with other business and technical stakeholders.
- Advise on important security-related technologies and assess the risk associated with proposed changes.
- Inspire and influence others to execute security principles.
- Help review the work of other digital and security specialists.
- Reach and influence a wide range of people across larger teams and communities, including senior stakeholders.
- Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate design decisions.
- Continuously improve the security of our platforms and services by cooperating with various stakeholders to identify, communicate and remediate cyber security issues.
- Advise on the selection and implementation of security controls by assessing current threats and vulnerabilities associated with a service or technology.
- Understand common and emerging vulnerabilities and threats.
- Help teams identify and promote security best practices to deliver robust, resilient, secure and scalable solutions.
Person specification
We’re interested in people who have:
- Practical and real-word information and cyber security knowledge, covering protective security domains, with demonstrable experience securing business critical technology services.
- Have used both verbal and written communication to articulate security risks, issues and mitigation approaches.
- Have performed extensive threat modelling, technical security architecture design reviews against new and existing services.
- Have experience securing software development, including designing and implicit security as part of software planning, design, development, build, testing, deployment and operation.
- Have practical experience securing technology deployed in cloud-native platforms, at a individual project and at an enterprise level.
- Have software development experience to be able to build prototypes, review code and showcase cyber security solutions.
- Practical experience securing software development processes, including infrastructure as code.
It’s also desirable that you have:
- Experience defining, leading or delivering threat modelling activities.
- Experience using the NCSC’s Cyber Assessment Framework.
- Experience securely using GitHub and Terraform to manage a software development pipeline.
- Relevant certifications such as SABSA, CISSP, or CISM.
- Vendor neutral management level security certifications such as CRISC, CISSP, or CISM.
- Vendor specific security certifications at a ‘specialist’ level, such as Microsoft Certified: Cybersecurity Architect Expert, AWS Certified Security - Specialty.
Additional information:
A minimum 60% of your working time should be spent at your principal workplace. Although requirements to attend other locations for official business will also count towards this level of attendance.
Behaviours
We'll assess you against these behaviours during the selection process:
- Changing and Improving
- Making Effective Decisions
- Delivering at Pace
Benefits
- Learning and development tailored to your role.
- An environment with flexible working options.
- A culture encouraging inclusion and diversity.
- A Civil Service Pension which provides an attractive pension, benefits for dependants and employer contributions of 28.97%.
- A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.
Things you need to know
Selection process details
Application process
Should you wish to be considered for this vacancy, please submit an application by 23:55 on Monday 28th October 2024.
As part of the application process you will be asked to complete a CV. Further details around what this will entail are listed on the application form.
Selection process
Should you be successful at sift, you will then be invited to an interview. There will be 1 round of interview, and you will be assessed against Experience and Behaviour criteria.
If candidates progress to the final stage interview, they will be asked to deliver a 10-minute presentation on a topic relevant to the job responsibilities or person specification. Further details of this will be provided to candidates who are successful at sift.
Expected timeline (subject to change)
Expected sift date – w/c Monday 28th October 2024
Expected interview date/s – w/c Monday 11th November 2024
Interview location - Your interview will either be conducted face to face or by video. You will be notified of the location if you are selected for interview.
Reasonable Adjustment
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
Contact Government Recruitment Service via menurecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.
Complete the ‘Assistance required’ section in the ‘Additional requirements’ page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
Further information
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.
Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.
A reserve list will be held for a period of 12 months, from which further appointments can be made.
Any move to Cabinet Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at: https://www.childcarechoices.gov.uk.
If successful and transferring from another Government Department a criminal record check may be carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf.
However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.
For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk
Please note that this role requires SC clearance, which would normally need 3 years UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting
New entrants are expected to join on the minimum of the pay band.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Vraja Tailor
- Email : vraja.tailor@digital.cabinet-office.gov.uk
Recruitment team
- Email : menurecruitment.grs@cabinetoffice.gov.uk
Further information
If you are not satisfied with the response you receive, then you can contact the Civil Service Commission at info@csc.gov.uk. For further information on the Recruitment Principles. and bringing a complaint to the Civil Service Commission, please visit their website at: https://civilservicecommission.independent.gov.uk.