Data-Centric Security Architect (MBSE / Sparx EA)

About the role

Leidos is seeking a Data-Centric Security Architect (MBSE / Sparx EA) to develop robust security frameworks for a groundbreaking integrated air and missile defence command and control (C2) program for NATO partners and allied operations. You will bring your expertise in data-centric security to design, evolve, and validate a fit-for-purpose security architecture for a cloud-based solution supporting NATO missions. The role requires a thorough understanding of modern data-centric security, Zero Trust Architecture (ZTA), Identity and Access Management (IAM), and cloud security, fully aligned with the NATO Data Strategy for the Alliance (DaSA) and NATO Data-Centric Reference Architecture (DCRA). To help define and evolve security concepts and architecture underpinning a federated, multi-domain cloud environment, you will leverage security patterns supporting data classification, tagging, lineage, encryption, access controls (RBAC/ABAC/CBAC), access decision logic, and policy-based enforcement. You will also bring strong skills in architecting Identity, Credential, and Access Management (ICAM) & Zero Trust solutions. You will create Zero Trust enforcement models across identity, endpoints, networks, workloads, and data. This is a strict MBSE position. To be successful, you must be an expert in data-centric security models and possess deep, practical experience utilizing SysML and Sparx EA (or equivalent) to define information flows, security constraints, and systems architecture. Traditional IT security professionals without MBSE modelling experience will not be considered Primary Responsibilities Use MBSE tools (e.g. Sparx Enterprise Architect) to build data-centric security-first architecture models. Develop architecture views aligned with the NATO Architecture Framework (NAF v4), including security views, system views, technical standards/compliance views, service-based views, and data views. Model security behaviours using sequences, activity flows, state machines, and dependency diagrams. Trace security requirements from operational concepts to system functions to services to components and to controls. Assist the programme and teammates in navigating and completing the NATO Security Accreditation process for systems on restricted and classified networks. Clearly identify compliance concerns and trade-offs and propose accreditation strategies. Create the System Security Architecture Document (SSAD), Security Target & Risk Assessment, Secure Configuration Baselines, Security Operating Procedures (SecOPs), and Security Test & Evaluation (ST&E) artifacts. Engage directly with NATO Security Accreditation Authorities and comply with the NATO Security Directive Series, STANAGs, and FMN Baseline requirements.