Cybersecurity Architect

About The Position

Requirements

• High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
• Equally adept at strategic planning and operational/technical level.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
• At least 10 years of hands-on technical IT and cybersecurity experience.
• Experience with LAN/WAN, WAF/CDN/DDoS, Network Firewalls, IDS/IPS, inline decryption.
• Experience with NIST RMF, FedRAMP, FISMA, and NIST SP 800-53 control implementation.
• Experience with SIEM platforms (Splunk preferred) - log architecture, ingestion design, detection tuning.
• Virtualization, hypervisor, and container security.
• Application development, serverless security, microservices, CI/CD.
• Designing and/or implementing security in Cloud (AWS required, Azure or GCP optional): Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
• AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
• A minimum of a Bachelor of Science in one of the following: Computer Science, Engineering, Information Technology, Cybersecurity or similar field. Years of experience will be taken into consideration, in place of a degree.
• One or more industry-recognized cybersecurity certifications aligned with DoD 8570/8140 IAM Level III or IAT Level III baseline requirements.
• Must be able to obtain and maintain a Public Trust background investigation.

Nice To Haves

• Certified Cloud Security Professional (CCSP)
• AWS Certified Solutions Architect Associate
• AWS Certified Security-Specialty

Responsibilities

• Develop and maintain Enterprise Security Architecture (ESA), cybersecurity roadmap in alignment with EO 14028 implementation priorities: Zero Trust, Supply Chain Risk Management (SCRM), critical software security, and secure cloud adoption.
• Design and lead implementation of Zero Trust Architecture (ZTA) across the hybrid environment spanning on-premises infrastructure and cloud services, aligned with NIST SP 800-207 and the Federal Zero Trust Strategy (OMB M-22-09).
• Research and evaluate emerging security capabilities - including AI/ML-assisted detection and automation for applicability to the agency requirements and potential Zermount service development.
• Lead architecture and implementation of cATO capability replacing periodic assessment snapshots with automated, real-time security control monitoring and evidence collection.
• Plans & conducts Proof of Concept (PoC) deployments within the client enterprise and/or in external vendor environments.
• Understands & evaluates business, technical & functional requirements, translating mission goals & operational directives into actionable recommendations.
• Understand requirements, use cases, implementation challenges, client road maps & operational pain points.
• Designs solutions for existing & ongoing implementations & supports implementation efforts. This includes tool evaluation, adoption, implementation & phase-out; system integration development and implementation; and feature/content development.
• Assist in developing schedules, work breakdown structures (WBS's) & project schedules with the Technical Project Manager.
• Collaborates with internal & external teams & ensures client & NIST compliance.
• Serves as a technical leadership role and provides services as a cross-functional team member supporting other Task Areas as required.