Search
Header navigation

Lead Cloud Security Engineer

The National Archives
remoteHybrid
ExpiresExpires: Expiring in less than 3 weeks
Flexible
£60,000 - £64,500 per year

Job summary

The National Archives is the official archive and publisher for the UK Government, and for England and Wales. We hold over 1,000 years of iconic national documents – from Domesday Book to digital files from contemporary government. Our mission is to collect, preserve, and make accessible the record of the state, helping citizens understand their past and governments make informed decisions for the future.

Our digital services support preservation and access at scale – and securing our systems means protecting history itself. We are seeking cyber professionals with hands-on technical skills and a passion for protecting data and infrastructure that underpins national memory. Join us and be part of a unique, purposeful mission.

Job description

Full job description attached (see below).

Person specification

As the Lead Cloud Security Engineer, you will lead TNA wide initiatives to protect digital assets, data and cloud infrastructure from ever evolving threats. The role demands deep technical expertise, leadership in secure by design implementation and architecture governance, and the ability to influence decisions across departments and external suppliers. You will be accountable for the design, implementation and continuous improvement of multi cloud security frameworks (AWS, Azure and other environments), aligned with government standards and resilient to emerging risks. Your work protects critical information from malicious attacks, accidental loss and unauthorised access.

Reporting to the IT Security & Information Assurance Manager, you will own the “how” of secure cloud delivery across TNA—translating policy objectives into actionable technical standards, guardrails and patterns, and making the implementation decisions that ensure they are adopted effectively.

You will Chair a virtual Technical Design Authority (TDA) to embed secure by design practices across AWS, Azure and other cloud environments, define technical standards and roadmaps to reflect the desired cyber security posture and remain hands on—engineering solutions, codifying controls and leading complex investigations. Through the TDA you hold decision rights to set guardrails and approve exceptions across directorates, combining technical authority, governance leadership and practical delivery to keep TNA’s systems secure, compliant and cost efficient.

As Lead Cloud Security Engineer, you will spearhead strategic decision-making and shape the overall security posture of our cloud infrastructure. You’ll collaborate closely with cross-functional teams across The National Archives to define security architecture, evaluate emerging technologies, and establish work practices and technologies that align with business objectives and regulatory requirements. Leveraging deep expertise in cloud platforms and threat landscapes, you’ll guide the selection and implementation of security controls, drive risk assessments, and lead incident response planning. Your leadership will ensure that security is embedded into every stage of cloud adoption and operations, fostering a culture of proactive defence and continuous improvement.

This is a full time post. However, requests for part-time working, flexible working and job share will be considered, taking into account at all times the operational needs of the Department. A combination of onsite and home working is available and applicants should be able to regularly travel to our Kew site for a minimum of 60% of their work time.

Application Process:

  • Application: We ask all applicants to submit work history details and a personal statement, not exceeding 1200 words
  • Interview: Interviews will be held on-site at The National Archives in Kew

Selection for interview will be based on the ‘essential’ requirements shown below so please ensure that your statement demonstrates in detail how you meet these requirements.

Essential criteria:

  • Significant expert knowledge of cloud security in either AWS or Azure, with proven experience leading cross organisation security initiatives.

  • Demonstrable experience in architecture governance (guardrails, patterns, exceptions) and standardising threat modelling.

  • Strong hands on engineering skills: IaC, CI/CD security, IAM hardening, CSPM tuning, incident response.

  • Ability to drive cost efficiencies and make evidence based recommendations.

  • Technical expertise in the following tech stack; AWS, Azure, Microsoft 365, GitHub, Kubernetes, Terraform, Linux, JAMF, Sentinel and Defender for Endpoint

  • Experienced in excellent communication and able to influence up to senior leadership being able to deliver complex technical concepts and summarise complicated events to senior stakeholders up to and including board level

SC clearance/willingness to obtain SC clearance will be required for this role. This requires candidates to have been resident in the UK for at least the past three years. Please do not apply if you have been resident in the UK for less than three years as your application will be rejected.

Benefits

Alongside your salary of £60,000, The National Archives contributes £17,382 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.Generous benefits package, including pension, sports and social club facilities, onsite gym, discounted rates at our on-site cafe and opportunities for training and development.

Any move to The National Archives from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk;

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Reasonable adjustments:

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

  • Contact The National Archives via careers@nationalarchives.gov.uk as soon as possible before the closing date to discuss your needs
  • Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional


Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact The National Archives via email: careers@nationalarchives.gov.uk If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission at http://civilservicecommission.independent.gov.uk/civil-service-recruitm…

https://www.nationalarchives.gov.uk/

Attachments

Job Description - Lead Cloud Security Engineer Opens in new window (docx, 45kB)

Salary range

  • £60,000 - £64,500 per year