Lead Cybersecurity Architect

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master’s Degree preferred.
• 12+ years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
• Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
• In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
• Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
• Expert knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
• Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
• Expert knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
• In-depth experience with static code analysis tools including HP Fortify.
• Must have solid working experience and knowledge of Unix/Linux operating system.
• Comprehensive understanding of Agile/Scrum methodologies.

Nice To Haves

• Master’s Degree preferred.
• Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools.
• Experience working with GIT source code management.
• Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB.
• Experience with Axiomatics.

Responsibilities

• Lead the Security Architect team within the Joint Cyber Operations Integration Center (JCOIC) to conduct security reviews of network diagrams/topologies, architecture diagrams, and associated Risk Management Framework (RMF) artifacts to proactively discover security issues prior to implementation.
• Lead the review of technical documentation and artifacts to assess a system/network for potential security issues, document potential courses of action to support resolution, and submit findings to the appropriate party.
• Respond to requests for assistance from the Network Security Operations (NSO) and Cyber teams.
• Engage with internal/external stakeholders to drive resolution of IT and cyber problems.
• Determine cybersecurity risks and threats present, document and monitor them, and escalate to leadership as appropriate.
• Serve as a liaison to Department of Defense (DoD) personnel to resolve technical issues, assume ownership of the issue until it is complete, and develop Standard Operating Procedures (SOP) to proactively address those issues.
• Demonstrate expertise with VA and DoD policies, instructions, standards, guides, and requirements; validate that systems reviewed are compliant and identify for system owners where they are not.
• Provide expertise to cybersecurity artifacts and technical briefings given to clients.
• Lead the development of technical briefs for senior leaders and executives that can explain complex technical information concisely and accurately.
• Collect information or intelligence necessary to conduct the full scale of your responsibilities.