DV-Cleared Network Security SME

Posted 14 hours 23 minutes ago by iO Associates

Permanent
Full Time
Other
England, United Kingdom
Job Description

DV-Cleared Network Security SME - Contract (Freelance) - Start Date: ASAP

  • Job Title: DV-Cleared Network Security SME
  • Location: Hybrid - UK
  • Clearance Required: Active Developed Vetting (DV) - Non-negotiable
  • Rate: DOE
  • Client: Defence
  • Start Date: ASAP
Role Overview

We are instructed on an exclusive, sole-supplier basis to identify an elite DV-cleared Network Security SME for a flagship National Security programme delivering next-generation secure network infrastructure for UK Defence and Intelligence Community end-customers.

Key Responsibilities
  • Design and implement ultra-high-assurance network architectures (LAN/WAN/SD-WAN) for air-gapped, cross-domain and multi-level security environments.
  • Lead the integration of Zero Trust Network Access (ZTNA), SASE and Software-Defined Perimeter solutions at scale.
  • Architect and harden boundary protection systems (next-gen firewalls, IDS/IPS, web proxies, reverse proxies, data diodes).
  • Define and enforce cryptographic network segmentation using PKI, IPsec, MACsec and quantum-resistant algorithms.
  • Produce HLD/LLD, security operating procedures and As-Built documentation to NCSC/CESG standards.
  • Act as design authority during security accreditation (RMADS, SyOPs, risk balance cases).
  • Mentor and upskill SC-cleared team members and conduct secure design reviews.
Essential Technical Skills & Experience
  • Current active DV clearance (no lapses, used within last 12 months).
  • 10+ years network security architecture in Defence/Intelligence environments.
  • Expert-level Cisco (CCIE Security or CCDP equivalent) + deep Palo Alto, Fortinet, Juniper SRX/MSeries.
  • Advanced routing/switching (BGP, OSPF, MPLS, EVPN-VXLAN in secure enclaves.
  • Zscaler ZIA/ZPA, Netskope, Menlo Security or equivalent SASE platforms.
  • Illumio, AppGate SDP or Tuffin for micro-segmentation.
  • F5 BIG-IP APM/LTM, Pulse Secure or Cisco Secure Connect for remote access.
  • Experience of CESG IA Notices, JSP 440, JSP 604 and NCSC Good Practice Guides.
  • HMG Crypto Custodian experience highly desirable.
Desirable
  • Current or recent exposure to Project MORPHEUS, NSoIT(D), DART or Skynet 6
  • NCSC CCP SIRA / Senior SIRA status
  • CHECK Team Leader or CREST CRT
  • TOGAF or SABSA certification
Next Steps
  • Please send me your latest CV so that we can speak in more detail.