Advanced Threat Response (ATR) Architect

Are you looking to leverage your expertise in advanced threat detection, adversary simulation, and security architecture within a complex enterprise environment? We have an exciting opportunity for you!

As an Advanced Threat Response (ATR) Architect, you will join the Architecture team as part of a major cyber security transformation programme. You will be responsible for designing and maintaining the end‑to‑end architecture for advanced threat detection and response across cloud, network, and endpoint environments. You will work closely with cross‑functional teams to deliver scalable, secure, and cost‑effective security architecture solutions.

• Defining requirements, evaluation criteria, and success metrics for automated offensive security testing platforms and red and purple team tooling.
• Running vendor and product evaluations, proof‑of‑concepts, and comparative analyses.
• Architecting integration approaches, workflows, and security telemetry pipelines.
• Producing detailed implementation plans, runbooks, and operational handover artefacts, and coordinating rollouts with operational teams.
• Managing onboarding, configuration, tuning, and validation for selected tools.
• Collaborating with stakeholders to design scalable deployment patterns, including SaaS models, multi‑tenancy, credentials handling, and high‑availability architectures.
• Supporting purple‑team exercises and adversary emulation planning through appropriate tool selection and integration, and translating red‑team findings into engineering controls.
• Ensuring that security, risk, and compliance requirements are addressed throughout tool selection and operation.
• Maintaining vendor relationships and roadmap alignment, evaluating emerging tools, and managing lifecycle and replacement decisions.

• Very strong experience in security engineering, offensive security, or security architecture, with hands‑on involvement in evaluating and deploying security tools.
• Strong Linux administration skills, including system hardening, service management, troubleshooting, network tuning, secure baseline implementation, and service orchestration.
• Practical cloud management experience, including CI/CD pipeline design and implementation.
• Proven experience running vendor evaluations, proof‑of‑concepts, and selecting enterprise security platforms.
• Solid understanding of offensive techniques and their mapping to detection and tooling capabilities, aligned to frameworks such as MITRE ATT&CK.
• Strong understanding of cloud architectures and operational considerations for hosting security tooling.
• Excellent stakeholder management, cross‑functional coordination, and technical communication skills.
• Ability to translate technical trade‑offs into business‑focused decisions supported by clear pro‑and‑con analyses.
• Experience integrating security tool outputs into SIEM platforms, engineering workflows, and adjacent security tooling.
• Prior experience with tools such as SafeBreach, BloodHound, Microsoft EASM, or similar technologies.
• Experience working within the Banking and Financial Services industry.
• Relevant cloud certifications, particularly Google Cloud Platform.
• Exposure to ML, AI, and data tooling within GCP environments.
• Ability to work effectively across IT, DevOps, and Compliance teams to implement security controls.
• Experience working in agile or iterative delivery models.

TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop, phone, training resources, and discounts within the larger Tata network. We also offer health and wellness initiatives and sports events.

Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the UK Equality Act 2010 and the UK Human Rights Act 1998. We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, and sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role. As a Disability Confident Employer, we offer interview accommodations for applicants with disabilities or long‑term conditions who meet the minimum criteria for the role.