Job summary

Security Arcitect
Location: Bristol, UK
Must be eligible for SC Clearance

Key skills required for this role

Systems Architect

Important

Working knowledge of defense standards (DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1

Job description

Security Arcitect
Location: Bristol, UK
Clearance Required: Must be eligible for SC Clearance

Are you passionate about safeguarding advanced products and systems from ever-evolving security threats? We are seeking a highly skilled Security Architect to join our cutting-edge team in Bristol. In this role, you'll be instrumental in securing the software development lifecycle for complex systems within the defence and national security domain.

This position is critical to ensuring our products meet the highest standards of security by design. The successful candidate will be expected to bring deep, hands-on experience with NIST cybersecurity standards-this is essential-as well as a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1. If you're an experienced professional with strong capabilities in threat modelling, risk assessment, and secure systems architecture, we want to hear from you.

---

Role Responsibilities:

• Integrate security controls throughout the product development lifecycle

• Conduct detailed threat modelling and risk assessments using recognised tools

• Lead the implementation of risk management strategies based on industry best practices (NIST, ISO)

• Work closely with development teams to ensure secure-by-design principles are followed

• Identify and propose mitigations for security vulnerabilities in solution architectures

• Maintain and evolve internal security policies, documentation, and awareness training

• Support incident response efforts and coordinate remediation actions where needed

• Serve as a subject matter expert on product and application security to internal stakeholders

---

Key Requirements:

• Extensive experience applying NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable

• Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential

• Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees)

• Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/09

• Ability to identify, assess and mitigate risks across software and hardware product ecosystems

• Strong written and verbal communication skills, including the ability to convey risk to non-technical audiences

---

Ideal Candidate Traits:

• Analytical thinker with strong problem-solving skills

• Detail-oriented with excellent planning and organisational abilities

• Resilient, proactive, and capable of driving initiatives forward independently

• A team player with the ability to influence at all levels of the organisation

• Eligible for SC clearance and able to work in the UK without restrictions