Principal Security Architect, UK Security Operations

info_outlineXMust be a British citizen to meet customer and compliance requirements, including potential access to classified information.

Minimum qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, a related technical field, or equivalent practical experience.
• 8 years of experience in a customer-facing advisory role designing multi-cloud environments (e.g., IaaS, PaaS, and SaaS).
• Experience in defining secure architectural patterns and integrating security practices across the software development lifecycle (DevSecOps).
• Experience automating security controls and processes, including Infrastructure as Code (IaC) tools.
• Experience in critical security domains (e.g., network security, identity security, data security, application security).
• Previous or currently active UK Developed Vetting (DV) security clearance.
  

Preferred qualifications:

• Certifications in CISSP, CCSP, or relevant cloud-specific security credentials.
• Experience leading comprehensive threat modeling exercises and conducting detailed risk assessments for customer systems to identify security vulnerabilities.
• Experience in securing modern cloud-native architectures, including containerisation technologies (e.g., Kubernetes, Docker) and serverless computing.
• Experience in evaluating the integration of a range of security tools, such as SIEM, WAF, DLP, and CSPM.
  
• Understanding of security concerns associated with Generative AI and suitable mitigation strategies.
• Ability to articulate security concepts and recommendations to both technical and non-technical executive stakeholders.

About the job

The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology. This Principal Security Architect role is pivotal in supporting and guiding Google's public sector customers by acting as their executive, trusted security advisor.

As a Principal Security Architect, you will directly advise customers at all levels, from C-suite to engineering, on security best practices, risk management, and compliance. You will be a key advisor and a primary point of contact for customer security strategy, translating technical concepts into clear, actionable recommendations. You will focus on building trusted relationships, fostering customer confidence, and ensuring their long-term success and security on our cloud services.

In this role, you will be responsible for collaborating with and guiding customers on the development and implementation of comprehensive security architectures on Google's cloud platforms. This involves defining secure patterns, standards, and best practices that ensure their infrastructure, applications, and data are resilient against evolving threats. You will provide architectural leadership for customer initiatives, conducting thorough security reviews of customer designs, and identifying opportunities to improve their security posture.

Responsibilities

• Act as the primary trusted security advisor for key public sector customers, providing consultation on security architecture, risk management, and compliance.
• Build and maintain, collaborative relationships with customer stakeholders (from technical teams to C-level), understanding their unique security needs and effectively communicating Google's security capabilities and best practices.
• Lead the design and review of secure solutions for customers on cloud platforms, ensuring secure configurations and demonstrating compliance pathways. Foster a security-aware culture within customer organisations, advocating security-by-design principles.
• Guide customers on security best practices, including embedding security into their CI/CD pipelines (DevSecOps) and adopting security automation.
• Guide customers in identifying, assessing, and mitigating cloud security risks specific to their environments and workloads. Translate security standards and regulations into practical, achievable implementation plans for customer architectures.

---