HM Revenue & Customs
Enterprise Security Architect (Principal Cyber Security Professional)

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Enterprise Security Architect (Principal Cyber Security Professional)
About the Role
Job Summary
Join HMRC and discover a career defined by purpose, growth, and belonging. Learn what it’s really like to work at HMRC by watching our employee stories on our YouTube channel.
HMRC is recruiting Enterprise Security Architects (Principal Cybersecurity Professional) to shape the security architecture, technology strategy, and tooling that underpin one of the most complex digital estates in Europe.
You will operate at enterprise scale, influencing security strategy and technical direction across HMRC and wider government, supporting a multi-billion-pound transformation spanning hybrid cloud platforms. This role sits within Security Consultancy Services (SCS), a centre of excellence providing risk-based security architecture, assurance, and technical leadership.
HMRC is committed to building a diverse and inclusive security architecture capability, actively encouraging applications from women and underrepresented groups in cybersecurity and architecture. Diverse perspectives enhance design resilience and strengthen decision-making.
Key Responsibilities
- Enterprise Security Technology Strategy: Define and govern enterprise security architecture aligned to Zero Trust Principles, HMRC standards, and cross-government policy, setting a benchmark for best practice across the UK Government.
- Architecture & Design Authority: Produce and maintain security reference architectures, principles, design patterns, roadmaps, baselines, and technical standards, with authoritative input in technical governance boards.
- Technology Direction & Tooling: Shape security technology strategy and tooling roadmaps using threat intelligence, vendor capabilities, and business risk assessments.
- Risk-Based Security Leadership: Provide authoritative security advice for secure delivery of products, platforms, and services across complex environments.
- Lifecycle Governance: Oversee security architecture and control implementation across the full delivery lifecycle (strategy, design, implementation, and operations).
- Stakeholder & Cross-Government Engagement: Engage with senior business and technical stakeholders, represent HMRC at governance forums, and participate in communities of practice.
- Capability Development: Coach, mentor, and cultivate security architecture skills across SCS and the broader organisation.
- Innovation & Continuous Improvement: Evaluate emerging technologies, patterns, and methodologies to refine HMRC’s security architecture and operational model.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Selection Process Details
HMRC uses Success Profiles to assess Experience and Technical Skills.
Application Requirements
- A name-blind CV, detailing job history and skills with key achievements.
- A 500-word Personal Statement matching your experience to the Person Specification (Essential Criteria).
- Optional 250-word statement noting how you meet the Desirable Criteria (if applicable).
Person Specification
Essential Criteria
Key traits and experience for Enterprise Security Architects at enterprise scale include:
Security Architecture and Strategy
- Proven ability to define and enforce enterprise security architecture—covering principles, reference architectures, infrastructure standards, security patterns, and roadmaps.
- In-depth knowledge of risk-based security, with expertise in confidentiality, integrity, availability, resilience, privacy, and non-functional requirements.
Frameworks & Methodologies
- Practical experience applying TOGAF and SABSA frameworks in complex organisations.
- Strong knowledge of frameworks like NIST CSF 2.0 and the ISO 27000 series.
Technical Security Expertise
- Experience driving strategy across at least two core security domains from the following areas:
- Access Management & Identity: PAM, SSO, Key and Secrets Management, JML, Attestation, RBAC, Identity Governance.
- Network & Hybrid Cloud Security: Segmented WLAN/WAN/Saas proxies, DDoS/WAF/DLP/DNS, NAC/NSPM, SASE, Zero Trust.
- Application & API Security: SAST/DAST/RAST/IAST tools, OWASP compliance, robust threat modeling, and secure containerisation.
- Information Protection: DLP, key and secrets management, protective marking and classification.
- Threat & Incident Management: SIEM/SOAR, threat intelligence, data analytics, anti-phishing with integrated AI security tools.
- Endpoint Security: EDR, EPP, UEBA (்க pane actions on hybrid Microsoft workloads including workstations, servers, IoT/mobiles, VDI/DCAAS).
- Cloud Security: Reference architectures for hybrids (AWS/Azure: IaaS/PaaS/SaaS/FaaS) plus CASB, CSPM, cloud workload protection.
Enterprise Delivery & Influence
- Experience providing authoritative security leadership across large initiatives, speaking to C-level stakeholders and offering risk-based strategic guidance.
- Proven influencing skills to navigate agile governance, collaborate with multi-supplier environments, and maintain security standards across hybrid procurement models.
- Skilled in knowledge sharing, mentoring, and managing complex change across diverse teams.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desirable but Advantageous Criteria
- Certifications such as CISSP, CCSP, ISO 27001/27701.
- Specialised vend-specific expertise (e.g. Microsoft/AWS Cloud Security).
- Chartership with industry bodies like IAPP, ISACA, or ISC2.
Upfront & Security Requirements
Requirements for this role:
- A SC (Security Check) clearance, either currently held or willingness to obtain it.
- Proof of 5 years minimum UK residency before vetting and processing (applies from 1 April 2026).
Existing HMRC contractual homeworkers flagged for possible in-office presence where necessary.
Benefits & Terms
- Civil Service Benefits: £71,725 basic salary with £20,778 pension contribution (Civil Service DB scheme).
- Flexible and Hybrid Working (up to 2 days per week home working, averaged monthly).
- Leave Allowance: Starts at 25 days per year, increasing to 30 days over time.
- Childcare Support / Tax Benefits (locally variable).
- Career advancement via coaching, Skills Development programmes, and training funds.
Hybrid working is 60% in-office, allowing exceptions where feasible.
Transitional Locations
- Employees may be based at transitional sites until relocation plans are confirmed (example: Benton Park View, Newcastle, transitioning to Pilgrims Quarter).
- Important: Future moves beyond transitional sites are subject to the organisation’s evolving location strategy.
Candidate Information Session
- Where: Virtual webinar.
- When: Monday, 30 June 2026 at 2:00 PM (UK time).
- Agenda: Learn about the role, Q&A.
- Register: Submit a form for meeting materials; link provided by email on the day.
Application Instructions
Key Steps
- Submit a name-blind CV with concise job/achievement summaries.
- Provide a structured 500-word Personal Statement directly referencing Person Specification Essentials.
- Optional: Include a state maxim250-word statement aligning with Desirable Criteria if relevant.
Assessment Caution: Expect a sift process for Personal Statements if applications are high. Interviews feature experience-based and technical scenario assessments.
Note on AI
Applications generated using AI or copied from external sources will be retractable.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills