CYBERSECURITY ARCHITECT
Hiring Our Heroes · Arlington, VA · 2 wk ago
EngineeringFull-time
Du es and Responsibilities
- Develop and maintain Enterprise Security Architecture (ESA), cybersecurity roadmap in alignment with EO 14028 implementa on priori es: Zero Trust, Supply Chain Risk Management (SCRM), critical software security, and secure cloud adop on.
- Design and lead implementa on of Zero Trust Architecture (ZTA) across the hybrid environment spanning on-premises infrastructure and cloud services, aligned with NIST SP 800-207 and the Federal Zero Trust Strategy (OMB M-22-09)
- Research and evaluate emerging security capabili es - including AI/ML-assisted detec on and automa on for applicability to the agency requirements and poten al Zermount service development.
- Lead architecture and implementa on of cATO capability replacing periodic assessment snapshots with automated, real- me security control monitoring and evidence collec on.
- Plans & conducts Proof of Concept (PoC) deployments within the client enterprise and/or in external vendor environments.
- Understands & evaluates business, technical & functional requirements, translating mission goals & operational directives into actionable recommendations.
- Understand requirements, use cases, implementation challenges, client road maps & operational pain points.
- Designs solutions for existing & ongoing implementations & supports implementation efforts. This includes tool evaluation, adoption, implementation & phase-out; system integration development and implementation; and feature/content development.
- Assist in developing schedules, work breakdown structures (WBS's) & project schedules with the Technical Project Manager.
- Collaborates with internal & external teams & ensures client & NIST compliance.
- Serves as a technical leadership role and provides services as a cross functional team member supporting other Task Areas as required.
QUALIFICATIONS
- High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
- Equally adept at strategic planning and operational/technical level.
- Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
- At least 10 years of hands-on technical IT and cybersecurity experience. To include experience with:- LAN/WAN, WAF/CDN/DDoS, Network Firewalls, IDS/IPS, inline decryption. o Experience with NIST RMF, FedRAMP, FISMA, and NIST SP 800-53 control implementation. o Experience with SIEM platforms (Splunk preferred) - log architecture, ingestion design, detection tuning.
- Virtualization, hypervisor, and container security. o Application development, serverless security, microservices, CI/CD.
- Designing and/or implementing security in Cloud (AWS required, Azure or GCP optional): Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model. AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
EDUCATION
- A minimum of a Bachelor of Science in one of the following: Computer Science, Engineering, Information Technology, Cybersecurity or similar field. Years of experience will be taken into consideration, in place of a degree.
CERTIFICATIONS
- One or more industry-recognized cybersecurity certifications aligned with DoD 8570/8140 IAM Level III or IAT Level III baseline requirements.
Ideal candidate would also have:
- Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect Associate, AWS Certified Security-Specialty.
CLEARANCE
- Must be able to obtain and maintain a Public Trust background investigation.
LOCATION
- This is a primarily remote position. Candidates must be able to travel occasionally to Zermount headquarters and customer sites based on program needs, meetings, workshops, and deployment activities.
HOURS OF OPERATION
- Business Hours: 7:00 am EST - 7:00 pm EST | Core Hours: 8:00 am - 4:00pm EST