Security Architect

About The Position

Requirements

• High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
• Equally adept at strategic planning and operational/technical level.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
• At least 5 years (preferred 10 years) of network, systems, applications:
• LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS.
• Virtualization, hypervisor security, container security.
• Application development, serverless security, microservices, CICD.
• At least 5 years of designing and/or implementing security in Cloud (AWS required, Azure or GCP optional):
• Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
• AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
• Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
• Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
• At least 2 years working in or managing Agile Devops, Scrum, Kanban.
• Candidate must have a Bachelor of Science (or higher) in one of the following:
• Computer engineering
• Computer science
• Information Technology (IT), or
• Cybersecurity
• The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or IT.
• The candidate must have a:
• Certified Information Systems Security Professional (CISSP), and
• At least one of the following, or equivalent:
• Certified Cloud Security Professional (CCSP),
• AWS Certified Solutions Architect Associate,
• AWS Certified Security Specialist,
• Microsoft Azure Solutions Architect,
• Google Professional Cloud Architect.
• Public Trust

Responsibilities

• Provide input to the Cybersecurity roadmap and strategy for key organization strategic initiatives for the following and related areas:
• Security Architecture: Develop and Recommend Security Architecture and Standards including Cloud Security for government approval.
• Cybersecurity Operations: Improve Cloud monitoring, detection, and response; Improve Security Operations (SOC) operations.
• Privacy & Continuous Monitoring: Improve Vulnerability Assessment program; Integrate security scanning in Cloud Pipeline; Improve Cloud vulnerability coverage and scanning.
• Cybersecurity Authorizations and Compliance: Reduce time to ATO through continuous ATO; Improve Cloud Compliance.
• Executive Order (EO) 14028 "Improving the Nation's Cybersecurity" in terms of: Implementing Zero Trust; Enhancing Supply Chain Risk Management (SCRM); Addressing critical software; and Developing secure Cloud adoption.
• Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process.
• Integrate with Enterprise Architecture (EA) review process.
• Perform security reviews based on RMF controls compliance, clients, and security best practices.
• Develop security architectural patterns to enable faster ATO or assessment process by creating architectural designs that already meet compliance controls.
• Develop Security Architecture Standards in Cybersecurity SharePoint site and cross-link with Cloud Operations (SSB) and Enterprise Architecture (EA) sites.
• Provide security input on Cloud Center of Excellence (CCOE) and Cloud Advisory Council (CAC) agenda items by participating in technical working groups, providing security analysis, and providing recommendations.
• Provide security architecture input for DevSecOps security strategy and roadmap including application and infrastructure vulnerability scanning, automated assessments, and security controls.
• Research, document, and publish a Cloud Security Codex to include security best practices based on security architecture patterns or Cloud services guidance's such as security configuration or use-cases and design.
• Recommends security requirements, architectural direction, and assists in pilot testing of key enterprise-wide initiatives to include:
• Zero Trust Architecture (ZTA),
• Secure Access Service Edge (SASE) including Cloud Access Security Broker (CASB),
• Zero Trust Network Access (ZTNA),
• Secure Web Gateway (SWG)
• Trusted Internet Connection (TIC) 3.0
• Identity, Credential, and Access Management (ICAM) - OKTA
• Configuration Management Database (CMDB).
• Evaluate a subset of the agency's High Value Asset (HVA) security posture to determine whether the agency has properly architected its cybersecurity solutions and provides agency leadership the risks inherent in the implemented cybersecurity solution.
• Performs architecture design reviews including configuration and log reviews and perform network traffic analyses.
• Produces a SAR Report to include HVAs architecture strengths and findings.
• Drive the pilot and adoption of Cloud Security Posture Management (CSPM).
• Design and deploy native Cloud security services in AWS, Microsoft Azure, and Google Cloud.
• Perform proof of value of Cloud-native, COTS, 3rd party, or opensource security capabilities by hands-on deploying and evaluating against security requirements.
• Lead the development of scripts or code to perform Cloud Security assessments through Cloud native API or SDK.
• Lead the development of enterprise cloud security blueprints to include security in Infrastructure as Code (IaC templates).
• Research new and emerging security practices and capabilities such as AI/ML to address compliance and mitigate security risk.
• Collaborate with the CyberOps Branch to improve Cloud Security monitoring to include ingestion of logs such as: API, application/database, and flow logs into SIEM; and improve Cloud SME on Cloud log analysis to analyze, create, and tune Cloud events to increase coverage and alerting in the Cloud.
• Collaborate with the Privacy and Continuous Monitoring Branch to increase Cloud vulnerability coverage in the areas of Operating System (OS), application code, and Infrastructure level; and develop architecture for integrating findings into a centralized dashboard that allows product owners direct access to team's specific systems or cloud account findings.
• Collaborate with the Cybersecurity Authorizations and Compliance Branch to provide input on designing compliance systems that perform continuous ATO process to decrease the processing lead times of current ATO process; provide responses on data calls; and participate in working groups in order to collaborate and share technical knowledge.
• Identify security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle.
• Ensure the team provides system engineering and architectural design support services to include Studies and analysis of proposed operations modifications; End-to-end architecture tradeoff assessment; Development of strategic and tactical plans; Evaluation of new program requirements; and Investigation and development of new technologies for possible operations modifications.