Security Architect –Platform Design Team

Location: Hybrid / Remote

The Role

The Security Architect plays a critical role within the Platform Design squad, ensuring that all cloud and infrastructure solutions are designed, built, and operated with security at their core.

Working closely with the design squad of Architects, the Director of Cloud, and the Platform Engineering and Operations leads, you will define and embed security-by-design principles, ensuring the organisation’s cloud platforms are resilient, compliant, and trusted by design.

This is a hands-on, delivery-focused architecture role — combining strategic oversight with practical engineering knowledge. You will translate security and compliance requirements into automated, reusable patterns that enable secure cloud adoption across engineering and delivery teams.

The Security Architect is an integral part of the organisation’s cloud transformation journey, balancing innovation and agility with risk management and regulatory compliance.

Key Responsibilities

Security Architecture & Design

• Define and own the security architecture strategy for cloud and infrastructure platforms.

• Develop security reference architectures, design patterns, and reusable controls that can be implemented through Infrastructure as Code (IaC).

• Collaborate with your fellow design squad members to ensure all platform solutions adhere to cloud security standards and risk frameworks.

• Translate business and regulatory requirements into practical, automated security solutions across cloud environments (AWS/Azure).

• Design and guide the implementation of identity and access management (IAM), network security, encryption, and key management controls.

• Ensure security-by-design principles are embedded throughout CI/CD pipelines and platform engineering practices.

Governance, Risk & Compliance

• Partner with the Cloud Management Office and Heads of information and Cyber Security to align security controls with policy, audit, and compliance requirements (e.g. ISO 27001, CIS, NIST, SOC 2).

• Conduct architecture risk assessments, threat modelling, and design reviews for platform and application solutions.

• Support continuous improvement of security guardrails, policy-as-code, and automated compliance frameworks.

• Maintain visibility of security posture and platform metrics, supporting governance dashboards and risk reporting.

Collaboration & Delivery

• Work together with Platform Engineering, Platform Operations, and (as part of) the Platform Design squads to ensure secure delivery of cloud infrastructure.

• Provide architectural security input into the development of IaC modules, CI/CD pipelines, and platform services.

• Participate in agile ceremonies, contributing to sprint planning, backlog refinement, and platform roadmap activities.

• Act as a subject matter expert and design authority for engineers, architects, and delivery teams on all matters of cloud security.

• Lead security-related proof-of-concepts (POCs) and pilots to evaluate and validate new technologies and approaches.

Continuous Improvement & Enablement

• Promote a DevSecOps culture by integrating security practices early in the design and development lifecycle.

• Identify opportunities for automation, simplification, and improved resilience across the platform.

• Contribute to knowledge sharing through documentation, training, and internal workshops.

• Mentor and guide engineers and aspiring architects on security best practices and modern cloud defence strategies.

Experience / Skills Required

• 5+ years’ experience in security architecture or cloud security engineering roles.

• Proven expertise in securing AWS and/or Azure cloud environments (certified to Professional or Security Specialist level preferred).

• Strong background in Infrastructure as Code (IaC) security and DevSecOps practices.

• Demonstrated experience designing and implementing automated security controls and policy-as-code frameworks.

• Solid understanding of network security, IAM, encryption, logging, and incident response in cloud environments.

• Experience working within agile delivery frameworks (Scrum/Kanban) and collaborating with DevOps or platform teams.

• Familiarity with compliance standards (CIS Benchmarks, NIST, ISO 27001, SOC 2, GDPR).

Skills & Attributes

• Strategic mindset with strong analytical and problem-solving skills.

• Excellent communicator — able to explain complex security concepts to technical and non-technical stakeholders.

• Pragmatic and collaborative — balances security, agility, and business outcomes effectively.

• Hands-on technical competence — capable of reviewing IaC and cloud configurations for security posture.

• Passionate about automation, secure design, and continuous improvement.

• Self-motivated, delivery-focused, and comfortable operating in a fast-paced, cloud-first environment.