Security Architect - Cloud & Platform Security (AWS)
Public Sector | Inside IR35 | £525/day

Overview

We are seeking an experienced Security Architect to support the design and assurance of secure cloud platforms and applications within a UK public sector environment. The role focuses on AWS-hosted, multi-account platforms, embedding secure-by-design and zero trust principles, and ensuring alignment with UK government security frameworks.

You will work closely with cloud platform teams, DevOps engineers, solution architects, and governance stakeholders to ensure security controls are proportionate, effective, and Embedded throughout the delivery life cycle.

Key Responsibilities

Cloud & Platform Security

• Define and maintain security architecture patterns for AWS services in UK-hosted, multi-account environments

• Establish and maintain AWS Control Tower/Landing Zone security baselines

• Support secure platform and application onboarding to AWS

• Ensure secure integration with Legacy systems and external partner environments

Identity & Access Management

• Design and assure AWS IAM architectures, including cross-account roles

• Implement least privilege and strong authentication/authorisation patterns

• Support role-based access models for platform, application, and operational users

Network Security

• Design secure VPC architectures, including segmentation strategies

• Define controls using security groups, NACLs, and private connectivity

• Support secure connectivity patterns (eg private endpoints, hybrid connectivity)

Data & Application Security

• Define encryption strategies using AWS KMS, TLS, and key rotation

• Support secrets management and secure configuration of sensitive data

• Define application security patterns, including API security and access controls

• Support container and workload security across ECS, EKS, and Lambda

Monitoring, Detection & Assurance

• Define logging and monitoring strategies using CloudTrail and CloudWatch Logs

• Support threat detection using GuardDuty and Security Hub

• Define and oversee vulnerability management, including static/dynamic scanning and dependency analysis

• Support audit, assurance, and compliance activities aligned to public-sector standards

Governance, Risk & Compliance

• Produce threat models, risk assessments, and control mappings

• Define security non-functional requirements and acceptance criteria

• Identify, assess, and track security risks and mitigations

• Support security governance forums and formal design reviews

DevSecOps Enablement

• Ensure security controls are Embedded into CI/CD pipelines

• Support Infrastructure as Code (IaC) security assurance

• Work collaboratively with DevOps and engineering teams to resolve complex security issues

Standards & Compliance

• Alignment with UK government security frameworks (eg OFFICIAL/OFFICIAL-SENSITIVE)

• Strong understanding of secure-by-design and zero trust principles

• Experience working in regulated or high-assurance public sector environments

Required Skills & Experience

• Proven experience as a Security Architect in cloud-first environments

• Strong hands-on knowledge of AWS security services and architecture

• Experience working within UK public sector or similarly regulated environments

• Ability to provide risk-based, pragmatic security guidance

• Strong stakeholder engagement and documentation skills

Desirable

• Experience supporting cloud migration programmes

• Familiarity with public-sector audit and assurance processes

• Experience embedding security into agile and DevOps delivery models