Security Architect

Posted 14 hours 41 minutes ago by Stott and May

Permanent
Part Time
Other
Wiltshire, Swindon, United Kingdom, SN256
Job Description

Security Architect

Location: Swindon (Hybrid)
Contract Duration: 6 Months
Start Date: ASAP
Day Rate: £531.25 Inside IR35

Role Overview

We are seeking an experienced Security Architect to join our Realtime Platforms team. You will ensure robust security controls across hybrid and multi-cloud environments for a leading financial services organisation, aligning with regulatory and compliance requirements. This role involves working on cutting-edge technologies including service mesh deployments and IBM DataPower for API security and integration, contributing to high-impact projects that protect sensitive data and digital assets.

Key Responsibilities
  • Develop and maintain security architecture for service mesh and containerised environments.
  • Conduct risk assessments and implement mitigation strategies.
  • Create threat models aligned with MITRE ATTACK & STRIDE frameworks.
  • Recommend controls and enforce best practices for APIs, microservices, and data flows.
  • Design and review secure API gateways using IBM DataPower.
  • Implement mTLS, RBAC, and zero-trust principles.
  • Configure and manage IBM DataPower for API security, encryption, authentication, and traffic mediation.
  • Collaborate with teams to integrate security measures and communicate risks to stakeholders.
Required Skills & Knowledge
  • Proven Security Architect experience in large, complex organisations, ideally in financial services (PCI compliance).
  • Hands-on experience with IBM DataPower, OAuth 2.0, JWT, TLS, WS-Security, and encryption standards.
  • Previous experience developing bespoke threat models using MITRE ATTACK & STRIDE.
  • Ability to design secure architectures for hybrid/multi-cloud environments.
  • Knowledge of zero-trust security models and microservices security.
  • Ability to assess security aspects of technical designs and provide constructive guidance.
  • Strong cryptography knowledge.
  • Experience in UK Financial Services or similar regulated industry.
  • Relevant qualification (or working towards) such as CISM or CISSP.
  • Familiarity with M&A processes and associated security challenges.
  • Proficiency in CI/CD tools (Terraform, Ansible, Git, Jenkins).
  • Knowledge of PCI-DSS (including PCI-P), GDPR, and financial regulatory frameworks.
  • Excellent interpersonal, communication, and client-facing skills.
  • Assertive, collaborative, and able to lead or support teams effectively.