Rodeo
ResourcesPartnersSign in

HM Revenue & Customs

Enterprise Security Architect (Principal Cyber Security Professional)

Glasgow
£71.7k/yr
Posted 15 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

About The Role

Discover a meaningful career at the HM Revenue and Customs (HMRC). Our employees share their experiences—hearing their voices can highlight the unique sense of purpose, growth, and belonging we offer.

HMRC is seeking Enterprise Security Architects (Principal Cybersecurity Professionals) to shape and govern the security architecture, technology strategy, and tooling underpinning one of Europe’s largest and most complex digital estates.

You will operate at an enterprise scale, influencing security strategy and technical direction across HMRC and the wider government, and supporting multi-billion-pound hybrid cloud transformations.

This role sits within Security Consultancy Services (SCS), a centre of excellence delivering risk-based security architecture, assurance, and technical leadership across HMRC and HM Government, including participation in initiatives such as Women in Tech.

We are committed to fostering a diverse and inclusive security architecture capability and actively encourage applications from women and underrepresented groups in cybersecurity and architecture. We value different perspectives—they enhance our designs, decisions, and overall organisational resilience.


Job Description

As an Enterprise Security Architect, you will provide strategic leadership in security architecture across HMRC’s technological landscape.

Responsibilities

You will:

  • Define and govern enterprise-wide security principles, reference architectures, roadmaps, security design patterns, and tooling strategies.
  • Guide secure design and delivery methods across products, platforms, and services, ensuring seamless integration across their full lifecycle, from strategy to operations.
  • Provide authoritative, risk-based security advice to senior business and technical stakeholders.
  • Collaborate with multiple teams, including business, architecture, engineering, and delivery, to embed security into every stage of the project lifecycle.
  • Engage with stakeholders inside and outside HMRC, including senior business executers, technical teams, vendors, and cross-government security communities—offering guidance, mentoring, and representing HMRC’s viewpoints.
  • Engage in coaching, mentoring, and capability-development initiatives to enhance cybersecurity expertise across Security Consultancy Services and the wider organisation.

Note: Line-management and mentoring responsibilities may also be part of this role.

This position requires a Security Check (SC) clearance. Please refer to the Additional Security Information and Security sections below for details.


Candidate Information Session

An open webinar targeted at interested candidates will take place on: Tuesday, 30 June 2026 at 2:00 PM

This session offers insight into the role and a platform to ask your questions.

Register your interest here—you will receive a Teams link beforehand.


Person Specification

Key Responsibilities

  • Enterprise Security Technology Strategy: Lead security initiatives aligned with Zero Trust principles, HMRC standards, and cross-government policies to shape the security landscape and set best-practice benchmarks across UK Government teams.
  • Architecture & Design Authority: Develop and maintain reference architectures, security principles, design patterns, baselines, roadmaps, and technical standards. Actively participate in technical governance boards for leadership and influence.
  • Technology Direction & Tooling: Guide security technology strategies and tooling roadmaps, informed by threat intelligence, vendor capabilities, and business risks.
  • Risk-Based Security Leadership: Provide actionable security advice to enable secure delivery across complex environments.
  • Lifecycle Governance: Ensure governance and consistency of security architecture and controls across the delivery cycle.
  • Stakeholder & Cross-Government Engagement: Engage senior business, technical, vendor, and government stakeholders, and represent HMRC at governance forums and communities of practice.
  • Capability Development: Mentor, coach, and develop security architecture skills within SCS and across the wider organisation.
  • Innovation & Continuous Improvement: Evaluate emerging technologies, patterns, and methodologies to refine HMRC's security architecture and operating model.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Essential Criteria

We are seeking a principal security architect with significant experience operating at enterprise scale, demonstrating:

Security Architecture & Strategy

  • Demonstrated experience defining enterprise security architecture to include principles, reference architectures, technical standards, security patterns, and roadmaps.
  • Proven ability to think in terms of risk-based security design, focusing on confidentiality, integrity, availability, resilience, privacy, and non-functional requirements.

Frameworks & Methodologies

  • Experienced application of TOGAF and SABSA in complex environments.
  • Strong knowledge of industry security frameworks including NIST Cybersecurity Framework (CSF) 2.0 and the ISO 27000 series.

Technical Security Expertise

  • Deep expertise and strategy in at least two of the following security domains:
    • (Priviledge Access Management (PAM), Single Sign-on (SSO), Key & Secrets Management, Just-in-Time Landscape, Attestation, Role-Based Access Control (RBAC), Identity Governance, Hybrid Cloud Models, advanced Identity Authentication Protocols)
    • **(Design segmentation, secure Wi-Fi, LAN, WAN, SD-WAN environments, SaaS proxies, VPNs, firewalls, IPS/IDS, DDoS, Web Application Firewalls (WAF), DLP, DNS, Network Access Control (NAC), National Security Protection Measures (NSPM), advanced technologies like SASE and Zero Trust)
    • **(Security Assessment/Security Testing - SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), RAST, IAST (Interactive Application Security Testing) tools, integration with Software Development Life Cycle (SDLC) and cybersecurity principles like OWASP and robust back-end security elaboration and practices) A API security design and threat modelling, container security practices.
    • (Implementation of information protection tools, Key & Secrets Management, DLP, Culturally appropriate data classification and marking.)
    • **(Incident response, vulnerability management, SOC management, SIEM, SOAR capabilities, strategic threat modelling, threat hunting, Intelligence, data-driven analytics, Phishing, Leveraging AI within Security Tooling.)
    • **(End-point Security: hazards control technologies, and Endpoint Detection and Response (EDR), Endpoint Protection Platforms (EPP), user behaviour analytics (UEBA)—baseline configuration workstation security for servers, mobile systems, Internet of Things (IoT), Virtual Desktop Infrastructure (VDI), Data Center-as-a-Service (DaaS), AND gut Development-as-a-Service (DAaS))
    • (Designing Hybrid Cloud reference architectures for platforms like AWS, Azure (e.g. IaaS,Paas,SaaS,FaaS) and review leading vendors for emerging technologies like Cloud Access Security Broker (CASB), Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and container-based security solutions).

Enterprise Delivery & Influence

  • Experience providing authoritative security leadership for large-scale programmes, products, or platforms utilising agile governance methods.
  • Demonstrated ability to influence senior business and technical stakeholders—translating complex technical risks into clear, actionable decision-making frameworks.
  • Experienced in designing and governing security controls across multi-supplier, multi-team environments.
  • Effective stakeholder engagement across diverse groups (e.g., technical, business, and vendor communities), including mentor-ship, knowledge sharing, and driving change management.

Desirable Criteria

  • Recognised professional certifications (e.g. CISSP, CCSP, CRISC, NIST certifications, ISO 27001 certifications).
  • Vendor certifications (e.g. Microsoft Security, AWS Security).
  • Chartered membership in a recognised cybersecurity professional body.

Transitional Sites

HMRC’s office sites may transition in the future. You’ll be informed during the offer process if your selected location needs relocation.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Transitional locations (subject to works and HMRC’s location strategy):

  • Benton Park View, Newcastle → Moving to Pilgrims Quarter, Newcastle.
  • Telford Plaza, Telford → Moving to Parkside Court, Telford.

Benefits

HMRC offers a comprehensive benefits package:

  • Salary: £71,725.
  • HM Revenue and Customs supplements the Civil Service Defined Benefit Pension Scheme up to £20,778 (see employer pension contributions for more).
  • Flexible/Hybrid Working: Offers up to 2 days per week working from home (averaged monthly). Flexible arrangements can be considered based on business needs and individual requirements.
  • Annual Leave: Starts at 25 days per year, with an increase of one day per year of service up to a maximum of 30 days.
  • Alpha Pension Scheme: Employer pension contributions match at least 28.97% of your salary.
  • Family-Friendly Policies.
  • Support and Learning Opportunities:
    • Personal coaching programs
    • Development opportunities in line with career advancement.
  • Additional benefits: Access to thinking of joining the Civil Service(link-to-web) and insider insights.

Additional Information

Terms and Conditions

  • Language: Conversational spoken English and/or Welsh may be tested during interview for roles requiring customer-facing interaction.
  • You’ll be from across the UK, but specific locations will be determined at interview.

Selection Process

Application Requirements:

  • CV (Job History and Skills)—include descriptions of past roles, duties, and key achievements.
  • Personal Statement (500 words maximum)—gift your skills and experience aligning with the person specification’s Essential Criteria.
  • (Optional) A short (max 250 words) self-addressed statement for the Desirable Criteria that clarifies any secondary requirements for your application.

Notes:

  • AI tools are encouraged as a support tool but any plagiarism or false declarations will immediately disqualify your application and may escalate to disciplinary proceedings.
  • Applications are name-blind; apply following the application instructions.

Interview Candidates: Attend video-based Microsoft Teams interview. The panel will assess:

  • Success Skills & Profiling Assessment and
  • Technical Security Competencies (scenario-based).

Reserve List & Criminal Record Check

  • Applications with criminal records are considered fairly per the Disclosure and Barring Service (DBS) Code of Practice and internal recruitment policies for ex-offenders.
  • A merit-based interviewed list will rank directly aligned with location preferences.

Hybrid Working Policy

  • HMRC is office-based, with 60% working time in office expected. Hybrid flexibility is limited to 2 office days per week (average over a month) when roles allow and with approved home-working setups.

Additional Support

  • If you need reasonable adjustments for seamless application, please contact UBS Recruitment Team at unitybusinessservicesrecruitmentresults@hmrc.gov.uk.

Candidate Vetting

  • Fingerprint and background checks are mandatory.
  • Be prepared to provide a Disclosure & Barring Service (DBS) check before starting.
  • All new candidates will require security checks at or above provisions for the outlined Security Check (SC) clearance.

For recruiting, the deadline to submit review questions or corrections is within 2 working days before vacancy closure. These queries are officially handled only via unitybusinessservicesrecruitmentresults@hmrc.gov.uk.

Resume Prep - HMRC’s Digital CV

There is an HMRC mobile application available to expand your candidacy, offered free from App Store or Play Store. It helps you populate your CV efficiently using digital forms, providing convenience for past employment data handling. Add your NI number once you’re offered the job.

Additional Contact

Clive D'Souza for role-specific questions: clive.dsouza@hmrc.gov.uk


Visit gov.uk or previously mentioned intelligence on applicants.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Security Architecture
Risk-Based Security Design
TOGAF
SABSA
NIST CSF 2.0
ISO 27000
Identity Governance
Hybrid Cloud Models
Incident Response
Vulnerability Management
Data Loss Prevention
Threat Modelling
Cloud Security
Technical Leadership
Stakeholder Engagement
Mentoring

Location

Glasgow, Scotland, United Kingdom

Sign up to applySee more jobs like this