Security Architect (Technology & Digital Change) - 12 month FTC
The NNL are an innovative nuclear organisation, with an ambitious roadmap for using technology to help our business deliver better outcomes. This Security Architect exists within the Technology & Digital Change (T&DC) team who are responsible for all Technology, Digital Change, Cyber Security and Information Assurance.
The NNL operate a hybrid infrastructure and continue to lead the way in maximising the use of cloud technology in the nuclear industry. As a member of the Technology and Digital Change Team, the Security Architect has a critical role to ensure the security of all NNL assets and infrastructure.
- Maintain an overall perspective on technology and security issues, events and activities, with an understanding of their wider implications and long-term impact. This could include determining patterns, standards, policies, roadmaps and vision statements focusing on outcomes, solutions and activities.
- Document or derive business, security and or technical requirements.
- Design innovative solutions in accordance with our architecture principles.
- Apply Secure by Design principles.
- Be proactive and continually improve the performance and security of our technology estate.
- Create proof of concepts and undertake solution assessments / fit gap analysis.
- Produce HLD’s, LLD’s, Target State Architectures, Roadmaps, Blueprints, Build Books, Test Plans.
- Build and implement small to medium scale solutions and or take the lead for large-scale solutions.
- Ensure deployed solutions are aligned to functional and non-functional requirements and provide technical sign-off for service transition.
- Analyse buy over build position considering financial and operational considerations.
- Work with 3rd party suppliers to resolve issues (i.e. SOC or NOC).
- Be accountable for the technical security of the NNL technology estate.
- Analyse the current environment to detect security deficiencies and ensuring fixes are implemented in line with policies.
- Maintain awareness of developments in the security and technology industry to ensure that the technology landscape is kept secure in line with industry standards.
- Develop architecture patterns and security approaches to new technologies.
- Author Risk Balance Cases and providing technical input into RMADS or other official security related documentation.
- Inspire and influence others to execute security standards, policies and principles.
The Ideal Candidate
- Highly competent in designing secure system architectures through the application of patterns and principles, to meet user needs whilst managing risks.
- Experienced in turning business problems into technical designs by designing systems characterised by managed levels of risk, business, and technical complexity and meaningful impact.
- Demonstrable knowledge and understanding how governance works, what governance is required and taking responsibility for the assurance of parts of a service knowing what risks need to be managed.
- Practical understanding of architecture methodology e.g. TOGAF.
- Be eligible for security clearance to SC and be a UK national.
- Maintain knowledge of current and future digital trends and be able to demonstrate successful application to solve real world business problems.
- A demonstrable track record working in a similar role.
- Have a strong conceptual and practical understanding of the Microsoft Cloud, Office 365 platform and business productivity tools including for example Power Platform.
- Applying security concepts to a technical level, working with security tools, network security infrastructure technologies, and Information Security Management frameworks (e.g. ISO 21001, CoBIT and SOX).
- Understanding and applying industry standards including for example NCSC information security guidance and architecture patterns.
- Interpreting information and guidance from our SOC and converting these into actionable instructions to our infrastructure and operations teams.
- Proficient in evaluating the security of applications and architectures using both manual and automated techniques (e.g. code security scanners, web vulnerability scanners and assessment support tools) to identify security issues.
- Experienced in scoping and working with third party penetration testers for an accredited or regulated environment.
- Understanding security architecture methodology e.g. SABSA.
- To have a CISA, CISSP, CISM or CIA certification.
- To have CRTSA (Crest Registered Technical Security Architect).
About The Company
Grounded in robust science and decades of experience, National Nuclear Laboratory (NNL) is the authoritative voice in the UK and beyond for technological development within the nuclear power sector.
Our unparalleled understanding of the science, challenges and opportunities makes us an unrivalled authority and partner in the field, providing experts, technologies, and access to cutting-edge facilities to organisations around the world.
Harnessing potential technologies and translating them into to industry-ready solutions means our pioneering approach spearheads international improvement and technological progress.
We work on projects as small as drilling a hole to analyse underground wastes with our integrated micro drilling technology, or as large as developing state-of-the-art power systems for spacecraft, based on radioactive materials
NNL has a vision for Equality, Diversity and Inclusivity (ED&I) where NNL aims to be an inclusive workplace that attracts diverse talent through transparent and equal policies and procedures. We want you and the diverse mix of people that we employ, customers that we service and stakeholders that we influence to feel valued. We encourage a workplace culture where everyone can thrive with a sense of belonging.