Security Architect in Andover

MERITUS are recruiting for a Security Architect to join our client supporting critical Central Government and Defence programmes, delivering secure, resilient, and high-quality architecture solutions across complex enterprise and cloud environments.

As a Security Architect, you will play a key role in designing and assuring secure technology solutions across large-scale programmes within highly regulated environments. You will work closely with engineering, architecture, delivery, and client teams to ensure security is embedded throughout the full solution lifecycle, applying secure-by-design principles and modern cyber security best practice.

This is an excellent opportunity for an experienced Security Architect with expertise across enterprise security architecture, cloud security, DevSecOps, secure software development, and risk management within government or defence sectors.

• Lead security architecture activities across complex projects and programmes within Central Government and Defence environments.
• Design and assure secure enterprise, cloud, hybrid, and on-premises architectures aligned to business and technical requirements.
• Collaborate with multidisciplinary teams to ensure security considerations are embedded across the entire delivery lifecycle.
• Conduct security threat modelling, risk assessments, and security architecture reviews for critical systems and services.
• Develop and maintain security reference architectures, standards, principles, and best practices.
• Support IT Health Checks (ITHC), penetration testing exercises, and remediation activities.
• Provide technical security leadership and governance across development, integration, and delivery teams.
• Work with customers, stakeholders, and accreditors to define security requirements and advise on risk mitigation strategies.
• Ensure adherence to security frameworks, regulatory requirements, and industry standards including GDPR, OWASP, and NCSC principles.
• Support the design and implementation of DevSecOps pipelines, secure CI/CD processes, and automated security tooling.
• Contribute to enterprise security strategy, architecture governance, and continuous improvement initiatives.
• Support business development activities including bids, proposals, pre-sales engagements, and client demonstrations.
• Identify emerging cyber security trends, technologies, vulnerabilities, and assess their relevance to customer solutions.
• Provide mentoring, leadership, and guidance to junior architects and engineering teams.
• Communicate complex security concepts effectively to both technical and non-technical stakeholders.

• Proven experience working as a Security Architect within Central Government, Defence, or highly regulated environments.
• Strong understanding of enterprise security architecture principles, methodologies, and frameworks.
• Hands-on experience performing threat modelling, security risk assessments, and secure solution assurance.
• Experience designing secure cloud and hybrid architectures using Microsoft Azure and/or AWS.
• Strong understanding of DevSecOps, CI/CD security, and secure software development lifecycle (SSDLC) practices.
• Knowledge of secure architecture patterns, secure web application development, and API security.
• Experience implementing and governing security controls aligned to OWASP, NCSC Cloud Security Principles, and GDPR.
• Strong understanding of authentication and authorisation technologies including SAML, OAuth2, OpenID Connect, Active Directory, ADFS, and LDAP.
• Experience supporting penetration testing, vulnerability remediation, and IT Health Check activities.
• Experience working with multidisciplinary Agile delivery teams across complex technical programmes.
• Ability to engage with senior stakeholders and communicate security risks and architectural decisions clearly.
• Strong understanding of enterprise integration, infrastructure, and data security principles.