SC cleared Security Architect

RESPONSIBILITIES

The Security Architect will create and design security for the Seraphim solution, covering the following:

• Working with the Solution Design Authority to provide security input into the development and refinement of OpNET’s technological roadmap and High Level Design (HLD) for the Seraphim solution.
• Determining the interoperability, dependencies, and interactions between the infrastructure, platform, and the software environment from a security perspective.
• Providing security input into developing, architecting, and documenting SERAPHIM Intermediate Level Design (ILD) infrastructure solutions for the Development team to implement, ensuring their coherence across the OpNET solution and compliance with applicable security standards and policies.
• Reviewing and approving Low and Detailed Level Design (LLD and DLD) solutions and supporting artefacts to ensure compliance with applicable security standards.
• Identifying vulnerabilities, and mitigation strategies for these.
• Reviewing any 3rd Party services for security compliance to MOD policy and industry best practices.
• Help to define and document security elements of the Architectural runway, setting the direction for Platform and cyber teams (to include logging, AV, Cyber Defence, FW config etc.) as required.

EXPERIENCE

In order to deliver this service, it is essential that individuals have:

• Detailed understanding of security architecture and experience in applying it to the following:
• Solution design of secure hardware and software solutions, demonstrating successful delivery on complex, large scale programmes utilising emerging technologies where possible.
• Delivering against high pressure timelines and in complex organisations.
• Writing security requirements and producing detailed security designs.
• Conducting rational product selections against complex security requirements.
• Demonstrable experience, expert knowledge, and understanding of applying security architectural expertise within the following technical environment:
• VMware's Virtualised Desktop Infrastructure (Horizon) product set.
• Virtualisation technologies such as VMware ESXi 6.5, vCentre 6.5, vSAN.
• Microsoft Windows Server 2008 R2, 2012 R2, 2016 and 2019 core operating systems.
• Additional Microsoft based technologies such as Exchange, Skype, SQL, and Group Policy.
• Microsoft Windows 10, various Linux implementations from thick client to zero client VDI solutions.
• Several years’ experience in providing security architecture expertise to the design and delivery of:
• Public and Private cloud architectures utilising Software Defined Datacentre (SDDC) techniques.
• Government Grade Cryptography Provisioning and Management.
• Military Information Services such as NATO FAS, UK Base Services and MOD Business management apps.
• Security implementations such as PKI and proxy services e.g. ADFS in line with MOD Security assurance processes.
• Past experience of working with accredited secure solutions within the UK Public Sector.
• Relevant Security / Cyber accreditations.
• Proven track record of working with NCSC design patterns.
• An understanding of Defence Lines of Development and MOD Capability Integration.
• A firm grasp of MOD Service management tooling and ITIL.
• A firm grasp of PKI integration and utilisation and preferably experience with Defence PKI.
• Excellent communication skills with diverse and adverse audiences.
• Strong critical thinking and analytical skills.
• Ability to identify risks associated with business processes, operations, information security programmes, and technology projects.
• Hold a current SC clearance and be prepared to undergo DV clearance.
• Competency in MS Office Suite.

Desirables

In order to deliver this service, it is desirable that individuals have:

• Experience of:
• Working within the public sector, preferably Defence, and ideally with Defence Digital (formerly ISS).
• The design and configuration of Two Factor Authentication Solutions.
• .NET Framework and Low-Level API calls.
• Using open source orchestration tools e.g. Ansible, Puppet, or Chef.
• The Atlassian Toolset – JIRA, Confluence and BitBucket for delivering Agile based projects.
• Delivering in Agile and Waterfall project management environments.
• Knowledge of Automation and Orchestration technologies.