Principal Security Architect - Engineering

Location: Warwick, GB, CV34 6DA

Division: IT Security Cyber Product

Job Purpose

The Principal Architect-Security will provide strategic leadership and technical expertise in designing, implementing, and maintaining National Grid's network security infrastructure. This role ensures the highest security standards across hybrid environments, including on-premises, cloud, and remote access networks. As a key technical leader, you will oversee advanced security platforms (firewalls, load balancers, WAFs, Zscaler, etc.), drive innovation, and align security solutions with National Grid’s business objectives. You will manage critical incidents, ensure compliance with industry regulations, and collaborate with cross-functional teams to enhance security architecture in an evolving threat landscape.

We are seeking an experienced Network Security Engineer with strong cybersecurity knowledge and impactful leadership skills to help build a high-performing team in the critical infrastructure industry.

Key Accountabilities

• Collaborate with business, product teams, and users to define needs, identify problems, and implement improvements.
• Lead the design, implementation, and optimization of network security solutions aligned with business objectives.
• Architect and manage Zscaler solutions (ZIA and ZPA) to secure cloud and remote environments.
• Oversee planning and execution of network security projects, ensuring timely delivery and adherence to best practices.
• Manage security policies and configurations across firewalls (Check Point, Palo Alto, Cisco, Fortinet) for high availability and threat mitigation.
• Implement WAF solutions to protect web applications from evolving threats.
• Drive automation and efficiency in security processes to reduce operational overhead.
• Handle fault management and escalation, liaising with third-party suppliers to resolve issues.
• Serve as an escalation point for complex issues, collaborating with Network and Security teams to find solutions.
• Maintain knowledge of technology trends and ensure technical documentation is up to date.
• Manage system performance, capacity, and service quality.
• Lead initiatives to optimize and restructure network security architecture.

About you

• Bachelor’s degree or equivalent experience in enterprise email security support and large-scale network security operations.
• Expertise with enterprise-grade firewalls, including Check Point, Palo Alto Networks, Cisco Firepower, and Fortinet, with proficiency in advanced features such as SSL decryption, Threat Prevention, and URL Filtering.
• Proficient in configuring and managing Zscaler policies, SSL inspection, and traffic redirection (Zscaler Internet Access (ZIA) and Private Access (ZPA)).
• Advanced knowledge of F5 LTM and DNS load balancing technologies to ensure service availability and performance.
• Strong understanding of WAF solutions (Cloudflare, F5 AWAF, Imperva) to protect web applications against OWASP Top 10 vulnerabilities and other advanced threats.
• Self-motivated with strong analytical skills, capable of collating and interpreting data from various sources.
• Ability to assess and prioritize faults, responding or escalating as necessary.
• Skilled in analysing complex situations and utilizing troubleshooting skills, systems, and creative problem-solving abilities under pressure.
• Excellent written and verbal communication skills, with the ability to convey technical problems and solutions to both technical and non-technical audiences.
• Proficient in creating and maintaining documentation, standards, operating procedures, and protocols.
• Ability to coordinate with vendors and IT personnel for problem resolution.
• Hands-on experience with OSPF and BGP for secure and efficient routing across complex, multi-vendor environments.
• Knowledge of securing cloud platforms (e.g., Azure, AWS) and hybrid environments, focusing on identity protection and network access controls.
• Understanding of Microsoft server platforms, Group Policy, PowerShell, and storage technologies.
• Familiarity with access and authentication protocols, including Kerberos, SAML, and OAuth.
• Experience in configuring SIEM/SOAR integration.

What you'll get

A competitive salary– £70,000 - £90,000 DOE. As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.

More Information

The closing date for this vacancy is 10th March. However, we encourage candidates to submit their applications as early as possible and not to wait until the published closing date. National Grid’s recruitment periods can and may vary. We reserve the right to remove this advert or close it to further applications at any point during the recruitment process.

DE & I statement

At National Grid, we work towards the highest standards in everything we do, including how we support, value and develop our people. Our aim is to encourage and support employees to thrive and be the best they can be. We celebrate the difference people can bring into our organisation, and welcome and encourage applicants with diverse experiences and backgrounds, and offer flexible and tailored support, at home and in the office. Our goal is to drive, develop and operate our business in a way that results in a more inclusive culture. All employment is decided on the basis of qualifications, the innovation from diverse teams & perspectives and business need. We are committed to building a workforce so we can represent the communities we serve and have a working environment in which each individual feels valued, respected, fairly treated, and able to reach their full potential.