Security Solution Architecture

Microsoft Microsoft · Big Tech · United Kingdom · Solution Architecture

Enterprise Identity Architect with deep expertise in IAM across complex, multitenant, and multiforest estates in the UK defence sector. The role will lead the unravelling of a complex identity landscape, establish a single authoritative master identity model spanning OFFICIAL to SECRET domains, and drive a secure, standards aligned roadmap built on Zero Trust and defence policy frameworks.

What you'd actually do

  1. Define and own end to end IAM reference architectures for OFFICIAL and SECRET domains, including enclave segregation, trust models, and boundary controls.
  2. Lead consolidation/modernisation across Microsoft Entra ID (Azure AD), on Prem AD, MIM/Entra ID Governance, and third-party IGA (SailPoint/Saviynt).
  3. Map designs and evidence to ASP 240 and applicable JSP guidelines (e.g., JSP 440 Security, JSP 604 Information/IA policies or successors), NCSC guidance, ISO/IEC 27001, and Zero Trust principles.
  4. Run workshops to untangle legacy identity estates, discover shadow entitlements, and align business/mission owners to a single operating model.
  5. Proven record of accomplishment leading largescale IAM transformations in the Defence Sector with mixed classification environments (OFFICIAL, OFFICIALSENSITIVE, SECRET).

Skills

Required

  • Enterprise Identity Architecture
  • IAM transformations
  • Microsoft Entra ID (Azure AD)
  • Active Directory
  • MIM/Entra ID Governance
  • Conditional Access
  • PIM
  • PAW
  • PAM
  • MFA/password less
  • Zero Trust
  • RBAC/ABAC
  • policy as code
  • cross domain identity patterns
  • guardmediated flows
  • brokers
  • HLD/LLD
  • STRIDE/ATT&CK
  • ASP 240
  • JSP 440
  • JSP 604
  • NCSC guidance
  • ISO/IEC 27001
  • NIST SP 800-63
  • NIST SP 800-207

Nice to have

  • SailPoint/Saviynt
  • CyberArk/Beyond Trust
  • FIDO2/YubiKey
  • smartcard/PIV equivalents
  • Kerberos/NTLM deprecation strategies
  • HMG SPF
  • IAO/SIRO approvals

What the JD emphasized

  • UK defence sector
  • OFFICIAL to SECRET
  • Zero Trust
  • defence policy frameworks
  • ASP 240
  • relevant JSPs
  • Master Identity Model Delivered
  • Consolidation & Simplification
  • Control Maturity Increase
  • Assured Inter Domain Patterns
  • Legacy Decommission
  • end to end IAM reference architectures
  • OFFICIAL and SECRET domains
  • authoritative identity sources
  • golden record schemas
  • attribute governance
  • RBAC/ABAC models
  • privileged access patterns
  • Microsoft Entra ID (Azure AD)
  • on Prem AD
  • MIM/Entra ID Governance
  • SailPoint/Saviynt
  • MFA/password less
  • Conditional Access
  • risk based access
  • PIM
  • PAM
  • critical apps
  • cross domain
  • ASP 240
  • JSP guidelines
  • JSP 440
  • JSP 604
  • NCSC guidance
  • ISO/IEC 27001
  • Zero Trust principles
  • HLD/LLD
  • Control Matrices
  • Risk/Threat Models (STRIDE/ATT&CK)
  • Security Cases
  • Transition Plans
  • Operational Runbooks
  • IAO/SIRO
  • accreditation
  • workshops
  • single operating model
  • guardrails
  • patterns
  • reference implementations
  • devsecops
  • largescale IAM transformations
  • Defence Sector
  • OFFICIAL, OFFICIALSENSITIVE, SECRET
  • Microsoft Entra ID
  • Entra Connect/Cloud Sync
  • Entra ID Governance
  • Conditional Access
  • PIM
  • Active Directory
  • DNS/PKI
  • PIM
  • PAW
  • PAM
  • MFA/password less
  • credential hygiene
  • Kerberos/NTLM deprecation strategies
  • Zero Trust
  • RBAC/ABAC
  • policy as code
  • unravelling complex identity estates
  • master identity model
  • cross domain identity
  • air gapped
  • highside
  • guardmediated flows
  • brokers
  • one way trust
  • offline credential issuance
  • HLD/LLD
  • architecture decision records
  • control mappings (JSP/ASP/NCSC)
  • test plans
  • migration & decommission plans
  • ASP 240
  • Authority Security Policy
  • JSP 440
  • JSP 604
  • NCSC
  • HMG SPF
  • ISO/IEC 27001
  • NIST SP 800‑63
  • NIST SP 800‑207
  • assurance/accreditation
  • DV clearance
  • secure facilities