Security Architect

Leidos is seeking a Security Architect to develop robust security frameworks for a groundbreaking integrated air and missile defence command and control (C2) program for NATO partners and allied operations. You will bring your expertise in data-centric security to design, evolve, and validate a fit-for-purpose security architecture for a cloud-based solution supporting NATO missions. The role requires a thorough understanding of modern data-centric security, Zero Trust Architecture (ZTA), Identity and Access Management (IAM), and cloud security, fully aligned with the NATO Data Strategy for the Alliance (DaSA) and NATO Data-Centric Reference Architecture (DCRA).

To help define and evolve security concepts and architecture underpinning a federated, multi-domain cloud environment, you will leverage security patterns supporting data classification, tagging, lineage, encryption, access controls (RBAC/ABAC/CBAC), access decision logic, and policy-based enforcement. You will also bring strong skills in architecting Identity, Credential, and Access Management (ICAM) & Zero Trust solutions. You will create Zero Trust enforcement models across identity, endpoints, networks, workloads, and data.

Primary Responsibilities

• Use MBSE tools (e.g. Sparx Enterprise Architect) to build data-centric security-first architecture models.

• Develop architecture views aligned with the NATO Architecture Framework (NAF v4), including security views, system views, technical standards/compliance views, service-based views, and data views.

• Model security behaviours using sequences, activity flows, state machines, and dependency diagrams.

• Trace security requirements from operational concepts to system functions to services to components and to controls.

• Assist the programme and teammates in navigating and completing the NATO Security Accreditation process for systems on restricted and classified networks. Clearly identify compliance concerns and trade-offs and propose accreditation strategies.

• Create the System Security Architecture Document (SSAD), Security Target & Risk Assessment, Secure Configuration Baselines, Security Operating Procedures (SecOPs), and Security Test & Evaluation (ST&E) artifacts.

• Engage directly with NATO Security Accreditation Authorities and comply with the NATO Security Directive Series, STANAGs, and FMN Baseline requirements. 

Basic Qualifications

• NATO SECRET or national equivalent security clearance.

• Bachelors in Cybersecurity, Information Assurance, Computer Science, Systems Engineering, or related field.

• Strong knowledge of the underpinnings of multi-domain security concepts, attribute-based security, and associated approaches, architectures, and technologies.

• Hands on experience with architecting for Data Centric Security and Zero Trust Architecture, preferably in a military and/or coalition environment.

• 5+ years in defense security architecture, cloud security, or classified system environments.

• Deep knowledge of cloud security, data-centric protection, encryption, IAM/ICAM, Zero Trust, and secure system design.

• Experience designing architectures for cross-domain, multi-level, multi-tenant systems.

• Knowledge of MBSE tools and modelling languages (e.g., SysML, UML, NAF/DoDAF/UAF frameworks).

• Strong understanding of modelling data flows, access policies, interfaces, and trust boundaries.

• Ability to coordinate reviews, produce documentation, and close findings with Security Accreditation Authorities (SAAs).

• Proficient with standards including but not limited to: NIST 800-207 (ZTA), NIST 800-53, ISO 27001, CIS, and NATO cyber/INFOSEC frameworks (STANAG 4774, STANAG 4778, STANAG 5636, and ACP 240)

• Experience conducting risk analyses, vulnerability assessments, and defining mitigations.

• Excellent communicator comfortable with multinational stakeholders.

• Able to guide engineers and analysts through secure-by-design principles and model-based workflows.

Preferred Qualifications

• Master’s degree.

• Expertise in Zero Trust Data Format (ZTDF)

• Expertise in MBSE tools such as Cameo, MagicDraw, or Sparx Enterprise Architect and NAF v4 operational, system, service, and security viewpoints.

• Demonstrated expertise in applying data-centric security principles.

• Demonstrated experience completing NATO accreditation for classified systems.

• Strong understanding of the NATO Data Strategy and NATO Data-Centric Reference Architecture (DCRA).

• Relevant advanced certifications:

  • CompTIA Security+

  • CISSP, CCSP

  • Zero Trust, ICAM, cloud security certifications

• Model-based engineering certifications (e.g., SysML, vendor MBSE training)

If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $107,900.00 - $195,050.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.