Network Security Architect

Network Security Architect (Outside IR35)

• Job Title: MoD-DV Network Security Architect
• Contract: Outside IR35
• Duration: 12 months (rolling extensions)
• Location: UK (hybrid) – split between home working and onsite UK data centres / secure sites (onsite frequency to be confirmed)
• Clearance: Active, transferable UK MoD DV is mandatory

Role Overview

We’re looking for an experienced DV-cleared Network Security Architect to lead the design, assurance, and governance of secure network architecture within a UK Defence environment. You’ll set architectural direction, define secure standards and patterns, and support delivery teams across on-prem/data-centre and hybrid estates.

Key Responsibilities

• Lead secure network architecture design across data-centre/on-prem and hybrid environments.
• Produce and own architecture deliverables, including:
• HLD / LLD
• Standards, patterns, and reference architectures
• As-built documentation
• Provide technical governance and assurance, including:
• Design reviews and technical approval
• Risk and exception management
• Architectural decision-making and stakeholder sign-off support
• Define and assure solutions covering:
• Secure boundaries / perimeter controls
• Segmentation and zoning (including secure enclaves)
• Controlled data flows and restricted connectivity models
• Secure remote access aligned to Defence constraints
• Collaborate closely with engineers, security teams/SOC, service owners, and suppliers to drive designs from concept through to implementation.

Essential Skills & Experience

• Proven experience in Network Security Architecture within Defence / Government / high-assurance environments.
• Strong understanding of secure network design principles, including:
• Defence-in-depth
• Least privilege
• Secure boundary patterns
• Zero Trust concepts
• Hands-on architectural capability across:
• Enterprise routing and switching
• Firewall architecture (HA design, policy design, rulebase strategy)
• Segmentation approaches (zones, VLAN/VRF patterns, restricted service exposure)
• Security controls such as proxy, IDS/IPS, NAC (as applicable)
• Strong documentation and stakeholder skills (able to brief both senior technical and non-technical audiences).

Desirable

• Experience with one or more of: Fortinet, Palo Alto, Check Point, Cisco, Juniper
• Exposure to SASE / SD-WAN within constrained/secure environments
• Experience supporting assurance/accreditation evidence and security design sign-off

Next Steps

If you hold active MoD DV clearance and this aligns with your experience, please send your most recent CV and best contact details so we can arrange a confidential discussion.