Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Secure System Architecture and Design Principal

Secure System Architecture and Design Principal

Role summary

Secure System Architecture & Design is the designing of an IT system to meet its security requirements, balancing this with its functional requirements.

Role expectations

At this role level, you may:

  • Lead the embedment of ‘secure by design’ principles into application development by providing advice and internal consultancy on highly complex criteria and contexts
  • Lead multi-team assessment of application resilience throughout an IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation
  • Lead and assure processes, and provide SME thought leadership on tooling and dynamic and static analysis in the product development life cycle
  • Lead development teams alongside senior cross-government decision makers to embed secure development life cycle and security awareness, and ensure appropriate tools and skills exist
  • Lead projects with high strategic impact, setting a strategy that can be used in the long term and across the whole organisation
  • Develop vision, principles and strategy for Security Architects for multiple projects or technologies
  • Recommend security design across several projects or technologies, up to an organisational or inter-organisational level, solving unprecedented issues and problems
  • Influence key organisational and architectural decisions, and interact with senior stakeholders across organisations to reach and influence a wide range of people across larger teams and communities

Accreditation

For further information on accreditation in this role see the UK Cyber Security Council’s guide on secure system architecture and design.

Skills

Security architecture

Expert

Secure design

Expert

Secure development

Expert

Information risk assessment and risk management

Working

Threat understanding

Working

Protective security

Awareness

Learning Pathway

Core learning

BCS Certificate in Information Security Management Principles (CISMP)

CompTIA IT Fundamentals

CREST Practitioner Security Analyst

Secure by Design

Secure Programming Foundation Certification (S-SPF)

Foundation Certificate in Cyber Security

NIST Cyber Security Professional (NCSP) Foundation Certificate

CompTIA Server+

SEC530: Defensible Security Architecture

GIAC Defensible Security Architecture (GDSA)

Certified Data Protection Foundation & Practitioner

CompTIA Security+

SEC573: Automating Information Security with Python

GIAC Python Coder (GPYC)

SABSA Chartered Security Architect – Foundation Certificate (SCF)

CertNexus Cyber Secure Coder (CSC)

CREST Registered Technical Security Architecture (CRTSA)

GIAC Defensible Security Architecture (GDSA)

SABSA Chartered Security Architect – Practitioner Certificate (SCP)

SEC530: Defensible Security Architecture

Recommended for Principal level

CSSLP – Certified Secure Software Lifecycle Professional

CompTIA Advanced Security Practitioner (CASP+)

SABSA Chartered Security Architect – Master Certificate (SCM)

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now