Security Architect in Andover

MERITUS are recruiting for a Security Architect to join our client supporting critical Central Government and Defence programmes, delivering secure, resilient, and high-quality architecture solutions across complex enterprise and cloud environments. Security Architect – 10 month contract – £900 per day (Outside IR35) – Andover – SC Clearance required.

Key Responsibilities

• Lead security architecture activities across complex projects and programmes within Central Government and Defence environments.
• Design and assure secure enterprise, cloud, hybrid, and on‑premises architectures aligned to business and technical requirements.
• Collaborate with multidisciplinary teams to ensure security considerations are embedded across the entire delivery lifecycle.
• Conduct security threat modelling, risk assessments, and security architecture reviews for critical systems and services.
• Develop and maintain security reference architectures, standards, principles, and best practices.
• Support IT Health Checks (ITHC), penetration testing exercises, and remediation activities.
• Provide technical security leadership and governance across development, integration, and delivery teams.
• Work with customers, stakeholders, and accreditors to define security requirements and advise on risk mitigation strategies.
• Ensure adherence to security frameworks, regulatory requirements, and industry standards including GDPR, OWASP, and NCSC principles.
• Support the design and implementation of DevSecOps pipelines, secure CI/CD processes, and automated security tooling.
• Contribute to enterprise security strategy, architecture governance, and continuous improvement initiatives.
• Support business development activities including bids, proposals, pre‑sales engagements, and client demonstrations.
• Identify emerging cyber security trends, technologies, vulnerabilities, and assess their relevance to customer solutions.
• Provide mentoring, leadership, and guidance to junior architects and engineering teams.
• Communicate complex security concepts effectively to both technical and non‑technical stakeholders.

Skills & Experience

• Proven experience working as a Security Architect within Central Government, Defence, or highly regulated environments.
• Strong understanding of enterprise security architecture principles, methodologies, and frameworks.
• Hands‑on experience performing threat modelling, security risk assessments, and secure solution assurance.
• Experience designing secure cloud and hybrid architectures using Microsoft Azure and/or AWS.
• Strong understanding of DevSecOps, CI/CD security, and secure software development lifecycle (SSDLC) practices.
• Knowledge of secure architecture patterns, secure web application development, and API security.
• Experience implementing and governing security controls aligned to OWASP, NCSC Cloud Security Principles, and GDPR.
• Strong understanding of authentication and authorisation technologies including SAML, OAuth2, OpenID Connect, Active Directory, ADFS, and LDAP.
• Experience supporting penetration testing, vulnerability remediation, and IT Health Check activities.
• Experience working with multidisciplinary Agile delivery teams across complex technical programmes.
• Ability to engage with senior stakeholders and communicate security risks and architectural decisions clearly.
• Strong understanding of enterprise integration, infrastructure, and data security principles.