IT - Cyber Security Architect/Engineer III
PlanIT Group, LLC · Reston, VA · 2 mo ago
RemoteRemoteEngineeringContract
Key Responsibilities
- Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, or GCP.
- Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors.
- Develop and enforce enterprise-wide security policies using Terraform, etc., ensuring that non-compliant infrastructure is automatically remediated or blocked from deployment.
- Design and oversee the integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions.
- Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and "blast radius" scenarios to strengthen system resilience.
- Act as the lead security advisor for the Cloud Architecture team, bridging the gap between DevOps agility and rigorous regulatory compliance (SOC2).
Technical Qualifications
- Mastery of cloud-native security suites (e.g., AWS Security Hub, Azure Defender, GCP Security Command Center).
- Expert knowledge of Identity-First Security, including CIEM, Just-In-Time (JIT) access, and complex OIDC/SAML flows.
- Proficiency in Python, Go, or Bash to build custom security automations and integrate with SOAR platforms.
- Deep experience embedding automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines.
- Advanced understanding of secure connectivity, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA).
Preferred Experience
- 12+ years in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scale.
- Top-tier credentials.
- Advanced degree in Computer Science, Cybersecurity, or a related engineering field preferred.
- BS degree from an accredited College/University in the applicable field of services is required, or four additional years of relevant experience in lieu of a college degree.
- Strong ability to bridge the gap between "Speed of DevOps" and "Rigors of Security" while communicating clearly with executive leadership.
- Proven ability to influence technical roadmaps and present security risks clearly to C-suite stakeholders.
Core Objectives
- Help Transition the organization to a "Zero Standing Privilege" model for all production environments.
- Achieve automated auditing for core compliance frameworks (e.g., NIST, CIS Benchmarks).
- Reduce the detection time of anomalous cloud activity to minimum.
Additional Provisions
- Pass a client mandated clearance process to include drug screening, criminal history check and credit check.
- Continuation of employment is based on the candidate receiving a sensitive clearance.
- All candidates must be a US Citizen or permanent status Green Card holder.
- Cannot have more than 6 months travel outside the United States within the last five years.
- Military Service excluded (Exception does not include military family members).
- All overtime must be pre-approved in writing by the client manager or his/her designated representative.
- The enforced dress code is business casual, i.e., collared shirt with slacks for men, no skirts above the knee for women.