Overview

Enterprise Security Architect (Principal Cyber Security Professional) – Bristol

About the job

Job summary

Discover a career in your hands at HMRC. Whether you’re seeking purpose, growth, or a workplace that gives you a true sense of belonging, hear from some of our employees as they share their story about what it’s really like to work at HMRC.

Visit our YouTube channel to watch the full series and come and discover your potential.

Are you passionate about Cyber Security and Enterprise Architecture?

Do you have senior-level experience as a Cyber Security Professional?

Join us to shape the security technology and tooling strategy for HMRC and influence the UK Public Sector. Enjoy a healthy work/life balance while making a significant impact.

HMRC are now one of the most digitally advanced tax authorities in the world and are continuing to spend the next five years modernising our IT Landscape across Multi-Hybrid Cloud Platform. Working in one of the most complex infrastructures across Europe with significant investment and over 1000 changes monthly impacting over 600 services. Security Modernisation is critical to this initiative and our collective success. Now is a great time to join us as we establish a team of outstanding people in the fields of Security Architecture, Risk Assessment and Testing who will create and run these new and improved technology services.

This is a chance to work on services that matter and affect the lives of millions of citizens as well as delivering Government Security services directly across circa 400 Government Departments and Arms-Length Bodies (ALBs).

Job description

Join HMRC Security, part of the Chief Digital Information Office (CDIO), supporting one of Europe’s largest IT estates. Within Cyber Security Technical Services (CSTS) and the Government Security Centre for Cyber (Cyber GSeC), we build capability across HMRC to detect, prevent, and respond to evolving cyber threats.

Our vision is to be a recognised centre of excellence, delivering customer-centric cyber services and consultancy that adapt to emerging technologies and risks.

As an Enterprise Security and Principal Cyber Security Professional, you will work in a multidisciplined team in Cyber Security Technical Services (CSTS). You’ll be part of vibrant Cyber Security and Architecture communities across HMRC and wider government.

In this strategic role, you’ll lead engagement with senior business and technical stakeholders, providing risk-based security advice to enable secure delivery of government services. You’ll influence policy, setting direction for technical and business change, and develop capability through coaching and mentoring.

You’ll shape consistent security architecture across HMRC’s multi-billion-pound transformation portfolio, creating and evolving roadmaps, design patterns, and reference architectures that support modern, strategic platforms.

You may also take online management responsibilities and lead the development of CSTS capabilities and services.

Person specification

We’re looking for a strategic leader in technical security – someone who can shape, deliver, and evolve security controls and services across complex environments.

You will bring:

  • Proven leadership in selecting, developing, and delivering security technologies and controls.
  • Deep expertise in one or more security domains, with the ability to align tooling to capability needs.
  • Strong stakeholder management across senior technical, business, vendor, and government landscapes.
  • A track record of delivering high-value outcomes in complex, high-pressure environments.
  • Confidence and credibility to represent HMRC in UK-wide security and architecture communities.
  • Clear, honest communication, transparently sharing knowledge to build consistency and excellence.
  • A collaborative mindset, championing our “one team” ethos through technical reviews, mentoring, and practice development.
  • A commitment to continuous personal growth and adding value in every engagement.

Key Responsibilities

As an Enterprise Security Architect, your visionary leadership will drive the strategic development of HMRC’s security technology landscape, influencing best practice across government and driving innovation.

Your role will include:

  • Strategic Leadership: Define and lead enterprise security strategies aligned with Zero Trust and architectural standards.
  • Technology Direction: Develop and implement security principles, tooling strategies, and architectural guidance to address business risks and support policy applied to products, platforms and services.
  • Capability Development: Build technical expertise across CSTS and Cyber GSeC, driving learning and development. You will support the Head of Capability in driving and delivering Enterprise-wide security technology change, engaging at a strategic level and working through the lifecycle to governing the technical implementation of security services and solutions.
  • Effective Communication: Translate technical impacts into clear, actionable advice for stakeholders.
  • Framework & Methodology: Enhance enterprise security architecture using TOGAF, SABSA, and NIST 2.0 frameworks.
  • Tooling Roadmaps: Create and communicate security tooling roadmaps, incorporating vendor insights and threat landscape analysis.
  • Design Patterns & Baselines: Establish technology baselines and design patterns to guide secure solution development.
  • Strategic Engagement: Support the Head of Capability in delivering enterprise-wide security change, from strategy to implementation.
  • Cross-Government Collaboration: Provide subject matter expertise and lead cyber service delivery across HMG.
  • Innovation & Adoption: Research and integrate emerging technologies and methodologies into HMRC’s security strategy.
  • Governance, Mentorship, and Stakeholder Management: Provide representation at governance boards, along with peer reviews and including mentoring. Build strong relationships with stakeholders across the civil service, departments, suppliers, vendors, and programmes.

Essential Criteria

We’re looking for a candidate with significant experience and expertise across the following areas:

Core Skills & Knowledge

  • Communication Skills: Proficient in managing stakeholder relationships across business and technical domains through active engagement and clear communication.
  • Team Engagement and Leadership: Effective in engaging teams, sharing knowledge, guiding, and training colleagues, and managing change.
  • Security Fundamentals: Deep understanding of confidentiality, integrity, availability, non-repudiation, resilience and privacy risks.
  • Architectural Methodologies: Practical experience with TOGAF and SABSA.
  • Security Frameworks: Familiarity with industry-standard frameworks (e.g., NIST, ISO) 27001, 27002, 27005, 270017, 27018, 22301 and NIST CSF 2.0.
  • Technical Output Creation: Proven ability to develop reference architectures, roadmaps, design patterns, principles, standards, policies, and guidance.
  • Security Control Design: Experience designing controls from non-functional requirements and associated guidance.
  • Knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses and mitigations.
  • Knowledge and Experience of Modernised Security Operations including Attack Surface Management.

Technical Proficiency

  • Expertise across at least two of the following security domains, with real-world experience applying technical security in complex environments and major projects.

Domains

  • Identity and Access Management: Expertise in PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance, Hybrid Cloud Models, AzureAD, MIM, FIM, and modern authentication protocols (SAML, OIDC).
  • Network Security: Proficient in designing segmentation, securing WLAN, LAN, WAN, SDWAN, SaaS proxies, VPNs, firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust.
  • Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security.
  • Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities.
  • Cyber Security Operations: Proficient in incident response, vulnerability management, SIEM, SOAR, threat modelling, threat hunting, intelligence, data analytics, and anti-phishing methodologies.
  • Infrastructure and Endpoint Security: Experience with endpoint security control technologies (EDR, EPP, UEBA, baseline configurations) including the Microsoft stack for workstations, servers, IoT, mobiles, VDI, DCAAS, and DAAS.
  • Cloud Security: Expertise in developing reference architectures for cross-hybrid cloud platforms (AWS, Azure – IaaS, PaaS, SaaS, FaaS) and new platform tools like CASB, CSPM, CWPP, and containerization security.

Desirable Criteria

Certifications and memberships that would strengthen your application:

Professional Certifications:

  • CCSP (Certified Cloud Security Professional)
  • CISSP (Certified Information Systems Security Professional)
  • CRISC (Certified in Risk and Information Systems Control)
  • NCSP Practitioner (NIST Cybersecurity Professional)
  • ISO27001 Lead Implementer or Auditor

Vendor-Specific Qualifications:

  • Microsoft Cybersecurity Expert (M365, Azure Security, IAM, SecOps)
  • AWS Security
  • Cisco, VMware, Fortinet, Checkpoint

Professional Memberships:

  • Chartered status in recognised security bodies

The Desirable Criteria will not be included in the routine sifting/assessment of your application but could be used in the event of a tie break.

Additional Security Information

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

Transitional Sites

For more information on where you might be working, review this information on our locations.

If your location preference is the one below, it’s important to note that this is not a long-term site for HMRC and we will require you to move to a new building in the future, subject to our location strategy and the applicable employee policies at that time.

This site is:

  • Telford Plaza, Telford – moving to Parkside Court, Telford

You will be given more information about what this means at the job offer stage.

Technical skills

We’ll assess you against these technical skills during the selection process:

  • Scenario – technical security knowledge

Benefits

Alongside your salary of £71,725, HM Revenue and Customs contributes £20,778 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

HMRC operates both Flexible and Hybrid Working policies, allowing you to balance your work and personal commitments. We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible, considering our operational and customer service needs.

We offer a generous leave allowance, starting at 25 days and increasing by a day for every year of qualifying service up to a maximum of 30 days.

  • Pension – We make contributions to our colleagues’ Alpha pension equal to at least 28.97% of their salary.
  • Family friendly policies.
  • Personal support.
  • Coaching and development.

To find out more about HMRC benefits and find out what it’s really like to work for HMRC hear from our insiders or visit Thinking of joining the Civil Service

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Experience and Technical skills.

How to Apply

As part of the application process, you will be asked to provide the following:

  • A name-blind CV including your job history to demonstrate your last 3 roles, previous skills and experiences relating to your technical security, key responsibilities and achievements.
  • A 500-word Personal Statement. Your Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the Essential Criteria and Person Specification outlined in the advert.

Please complete a separate statement (Max 250 words) for the Desirable Criteria where applicable. This is not essential for the role but may be considered by the vacancy-holder where candidates have the same scores at sift or interview.

Further details around what this will entail are listed on the application form.

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Sift

In the event of a large number of applications being received, an initial sift may be held on your CV.

At full sift your CV and your Personal Statement will be assessed, with the successful candidates being invited to interview.

We may also raise the score required at any stage of the process if we receive a high number of applications.

Interview

During the panel interview, you will be assessed on experience-based and technical skill-based questions. Both will be scenario based to test your aptitude on technical security knowledge held. Details of this technical skill scenario will be given prior to the Interview.

Interviews will take place via video link. Sift and interview dates to be confirmed.

Eligibility

Please take extra care to tick the correct boxes in the eligibility sections of your application form. We understand mistakes sometimes happen but if you contact us later than two working days(Monday-Friday) before the vacancy closes, we will not be able to reopen your application for you. If you do make a mistake with your eligibility form, please contact us via: unitybusinessservicesrecruitmentresults@hmrc.gov.uk – Use the subject line to insert appropriate wording for example – ‘Please re-open my application – [insert vacancy ref] & vacancy closing date [insert date]’.

To check that you are eligible to apply for this role, please review the eligibility information before submitting your application.

Reserve List
A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Merit List

After interview, a single merit list will be created, and you will only be considered for posts in locations you have expressed a preference for. Appointments will be made in strict merit order in line with the set number of roles in each location.

Criminal Record Check
Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

Reasonable Adjustments

We want to make sure no one is put at a disadvantage during our recruitment process. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate.

If you need a change to be made so that you can make your application, you should:

  • Contact the UBS Recruitment team via unitybusinessservicesrecruitmentresults@hmrc.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Additional Security Information

Please note: in addition to the standard pre-employment checks for appointment into the Civil Service, all candidates must also obtain National Security Vetting at Security Check (SC) clearance level for this vacancy. You will normally need to meet the minimum UK residency period as determined by the level of vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you have any questions about this residency requirement, please speak to the vacancy holder for this post.

Important information for existing HMRC contractual homeworkers

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need. Please consider the advertised office locations for this role when applying and only select locations from the ‘location preferences’ section that you can travel to.

Terms and Conditions

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process.

HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application(s) will be withdrawn from the process.

Recording of interviews is prohibited unless explicit agreement is sought in line with the UK General Data Protection Regulations.

Questions relating to an individual application must be emailed as detailed later in this advert.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants will join on the minimum of the pay band.

Please note that, if you are applying for roles on a part-time basis, the salary agreed will be pro-rata, reflective of the working hours agreed within your contract.

If you experience accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section.

For more Information for people applying for, or thinking of applying for, roles at HM Revenue and Customs, please see link: Working for HMRC: information for applicants – GOV.UK.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Before you apply -
Register now and turn on alerts for jobs like this!

  • To apply for this position, receive job notifications and manage your applications, click "Register with Diversity Jobs Group".
  • To apply for this position without registering, click "Apply with Customer".

By registering you agree to our terms and conditions.

Apply with Customer

IMPORTANT: Before applying for this role, please make sure you have the right to work in the country where the role is based. Unless it clearly stipulates within in the job advert above that the hiring company is looking to or able to sponsor applicants it is deemed that the hiring employer will only consider applications from those able to comply with and work in the country where the role is based.