ZipRecruiter
SENIOR SECURITY ARCHITECT, TECHNICAL LEAD
ZipRecruiter, Arlington, Texas, United States, 76000
Job DescriptionJob Description
SENIOR SECURITY ARCHITECT, TECHNICAL LEAD
MILITARY FRIENDLY & - HOH SPONSOR
Zermount, Inc has a requirement for a highly talented, technical hands-on Senior Security Architect, Technical Lead located in the Washington, DC metro area to help accelerate our Security Program for a client in the Government Sector. You will use your exceptional security knowledge and hands-on security tooling and systems administration skills to lead a team of Security Architects and Engineers to help support customers with developing, reviewing, and modernizing highly secure and compliant computing architectures and implementations.
The Senior Security Architect, Technical Lead will provide support to the Cybersecurity Division (CD) staff with the execution of its organizational mission related to cybersecurity services and capabilities through a proactive,
agency-wide cybersecurity program that provides cybersecurity operations, continuous monitoring, and compliance. This includes administrative support and event management to ensure the execution of key developmental events and related activities. The Senior Security Architect, Technical Lead will manage and direct a staff in planning, executing, and monitoring the day-to-day operations of the Cybersecurity Division. Support the objectives of this requirement by working closely with the Office of the Chief Information Officer (OCIO)/CD employees and managers, as well as staff throughout the agency.
The Senior Security Architect, Technical Lead will have oversight and quality assurance for the following activities: Security Architecture Reviews (SAR); Cloud Security Engineering; System Security Engineering (SSE); Technical Risk Assessments (TRA); High Value Asset (HVA) Assessments; IT Security System Administration; IT Security (Assessments - Security Control (SCA), & risk; Scanning - vulnerability, compliance, configuration, database, web application, continuous monitor, and ad-hoc; secure code analysis, and Security Controls Assessments (SCA's). Responsible for ensuring the proper level of analysis is conducted for assessments are conducted and accompanied with practical mitigation solutions and recommendations. Support the development and updating of documentation such as Standard Operating Procedures (SOP's), Cyber Policy and Procedures is required.
DUTIES & RESPONIBILTIES
Lead team of Security Architects and Engineers to meet agency Cybersecurity Mission.
Develop and Recommend Security Architecture Patterns and Standards for both cloud and on-prem environments.
Review proposed architecture diagrams, security tools, network traffic flow and data protection and make recommendations for security enhancements.
Determine security requirements by evaluating business strategies and requirements; research federal information security standards; conduct system security and vulnerability analyses and risk assessments and analyze architectures/platforms.
Develop enterprise security architecture frameworks, patterns and best practices in partnership with Enterprise Architecture and Cloud COE (CCOE).
Assess existing and emerging information technology; identify strengths and weaknesses; determine efficacy and efficiency.
Enhance security by planning delivery of security solutions; answering technical and procedural questions; teaching improved processes.
Consult with engineers in the design and development of security best practices; implementation of security measures to meet business goals, customer needs and regulatory requirements.
Provide presentations/briefings on security architecture or other topics.
Validate security architecture to proactively detect infrastructure and DEVSECOPS changes and ensure compliance to standards, policies, and procedures in order to mitigate risks.
Validate security architecture to improve Cybersecurity Operations visibility, detection and response capabilities across the enterprise including the Cloud environment.
Review current security measures of an organization to identify areas of improvement. Research, design and document recommended security architectures.
Perform manual security code reviews. Examine codebase to identify potential security flaws, vulnerabilities, and areas where best practices might have been overlooked. Participate in organizations' SDLC (Secure Development Life Cycle). Develop Review Guide and secure code checklist.
Cybersecurity Operations: Improve Cloud monitoring, detection, and response; Improve Security Operations (SOC) operations; Review existing security tools in the environment for gaps and/or overlaps and make recommendations for improvements.
Privacy & Continuous Monitoring: Improve Vulnerability Assessment program; Integrate security scanning in Cloud Pipeline; Improve Cloud and on-prem vulnerability coverage and scanning.
Cybersecurity Authorizations and Compliance: Reduce time to ATO through continuous ATO; Improve Cloud Compliance.
Addressing critical software; and Developing secure Cloud adoption.
Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process.
Integrate with Enterprise Architecture (EA) review process.
Perform security reviews based on RMF controls compliance, clients, and security best practices.
Develop security architectural patterns to enable faster ATO or assessment process by creating architectural designs that already meet compliance controls.
Provide security architecture input for DevSecOps security strategy and roadmap including application and infrastructure vulnerability scanning, automated assessments, and security controls.
Perform architecture design reviews including configuration and log reviews and perform network traffic analysis.
Produces a SAR Report to include HVAs architecture strengths and findings.
QUALIFICATIONS:
High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
Equally adept at strategic planning and operational/technical level.
Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
At least 5 years ( 10 years) of network, systems, applications (secure code practices).
LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS.
Virtualization, hypervisor security, container security.
Application development, serverless security, microservices, CICD.
At least 5 years of designing and/or implementing security in Cloud (AWS required, Azure or GCP optional).
Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
At least 5 years working in or managing Agile Devops, Scrum, Kanban
Experienced with providing Security consulting, engineering, and Architecture support for numerous cloud environments (e.g., AWS, Azure, and Google).
Displays technical experience with conducting research and providing reviews and recommendations on threat and vulnerability mitigations.
Possess expertise in Security Architecture/Engineering principles, conducting security testing, analytical skills, and technologies.
Ability to explain and break down technical details, and solutions to executive management and ability to explain business impacts.
Understanding network protocols, design, and operations.
Strong analytical skills and efficient problem solving.
Experienced writing security related procedures and guidelines.
Experience with NIST Special Publications and guidance.
Excellent report development and presentation skills.
Customer facing skills and a proven track-record of building client relationships.
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
Must have the ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
EDUCATION:
Candidate must have a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, information technology, or cyber security. The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or information technology.
CERTIFICATIONS:
Certified Information Systems Security Professional (CISSP) is required.
Certifications to include one or more of the following:
Certified Cloud Security Professional,
AWS Certified Solutions Architect Associate
AWS Certified Security Specialist
Microsoft Azure Solutions Architect
Google Professional Cloud Architect
Clearance: United States Patent and Trademark Office Specific Minimum Background Investigation (MBI) will be conducted
Work Location: Remote (Initial onboarding in Arlington, VA). Minimal travel to the Washington, D.C. Metro Area may be required if requested by the client.
CLEARANCE:
Public Trust
Must be a United States .
WORK LOCATION and HOURS:
Location: Remote with occasional travel to Zermount HQ, and client location in Washington DC
Business Hours: 8:30 am - 5:00 pm
Core Hours: 9:00 am - 3:00 pm
SENIOR SECURITY ARCHITECT, TECHNICAL LEAD
MILITARY FRIENDLY & - HOH SPONSOR
Zermount, Inc has a requirement for a highly talented, technical hands-on Senior Security Architect, Technical Lead located in the Washington, DC metro area to help accelerate our Security Program for a client in the Government Sector. You will use your exceptional security knowledge and hands-on security tooling and systems administration skills to lead a team of Security Architects and Engineers to help support customers with developing, reviewing, and modernizing highly secure and compliant computing architectures and implementations.
The Senior Security Architect, Technical Lead will provide support to the Cybersecurity Division (CD) staff with the execution of its organizational mission related to cybersecurity services and capabilities through a proactive,
agency-wide cybersecurity program that provides cybersecurity operations, continuous monitoring, and compliance. This includes administrative support and event management to ensure the execution of key developmental events and related activities. The Senior Security Architect, Technical Lead will manage and direct a staff in planning, executing, and monitoring the day-to-day operations of the Cybersecurity Division. Support the objectives of this requirement by working closely with the Office of the Chief Information Officer (OCIO)/CD employees and managers, as well as staff throughout the agency.
The Senior Security Architect, Technical Lead will have oversight and quality assurance for the following activities: Security Architecture Reviews (SAR); Cloud Security Engineering; System Security Engineering (SSE); Technical Risk Assessments (TRA); High Value Asset (HVA) Assessments; IT Security System Administration; IT Security (Assessments - Security Control (SCA), & risk; Scanning - vulnerability, compliance, configuration, database, web application, continuous monitor, and ad-hoc; secure code analysis, and Security Controls Assessments (SCA's). Responsible for ensuring the proper level of analysis is conducted for assessments are conducted and accompanied with practical mitigation solutions and recommendations. Support the development and updating of documentation such as Standard Operating Procedures (SOP's), Cyber Policy and Procedures is required.
DUTIES & RESPONIBILTIES
Lead team of Security Architects and Engineers to meet agency Cybersecurity Mission.
Develop and Recommend Security Architecture Patterns and Standards for both cloud and on-prem environments.
Review proposed architecture diagrams, security tools, network traffic flow and data protection and make recommendations for security enhancements.
Determine security requirements by evaluating business strategies and requirements; research federal information security standards; conduct system security and vulnerability analyses and risk assessments and analyze architectures/platforms.
Develop enterprise security architecture frameworks, patterns and best practices in partnership with Enterprise Architecture and Cloud COE (CCOE).
Assess existing and emerging information technology; identify strengths and weaknesses; determine efficacy and efficiency.
Enhance security by planning delivery of security solutions; answering technical and procedural questions; teaching improved processes.
Consult with engineers in the design and development of security best practices; implementation of security measures to meet business goals, customer needs and regulatory requirements.
Provide presentations/briefings on security architecture or other topics.
Validate security architecture to proactively detect infrastructure and DEVSECOPS changes and ensure compliance to standards, policies, and procedures in order to mitigate risks.
Validate security architecture to improve Cybersecurity Operations visibility, detection and response capabilities across the enterprise including the Cloud environment.
Review current security measures of an organization to identify areas of improvement. Research, design and document recommended security architectures.
Perform manual security code reviews. Examine codebase to identify potential security flaws, vulnerabilities, and areas where best practices might have been overlooked. Participate in organizations' SDLC (Secure Development Life Cycle). Develop Review Guide and secure code checklist.
Cybersecurity Operations: Improve Cloud monitoring, detection, and response; Improve Security Operations (SOC) operations; Review existing security tools in the environment for gaps and/or overlaps and make recommendations for improvements.
Privacy & Continuous Monitoring: Improve Vulnerability Assessment program; Integrate security scanning in Cloud Pipeline; Improve Cloud and on-prem vulnerability coverage and scanning.
Cybersecurity Authorizations and Compliance: Reduce time to ATO through continuous ATO; Improve Cloud Compliance.
Addressing critical software; and Developing secure Cloud adoption.
Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process.
Integrate with Enterprise Architecture (EA) review process.
Perform security reviews based on RMF controls compliance, clients, and security best practices.
Develop security architectural patterns to enable faster ATO or assessment process by creating architectural designs that already meet compliance controls.
Provide security architecture input for DevSecOps security strategy and roadmap including application and infrastructure vulnerability scanning, automated assessments, and security controls.
Perform architecture design reviews including configuration and log reviews and perform network traffic analysis.
Produces a SAR Report to include HVAs architecture strengths and findings.
QUALIFICATIONS:
High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
Equally adept at strategic planning and operational/technical level.
Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
At least 5 years ( 10 years) of network, systems, applications (secure code practices).
LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS.
Virtualization, hypervisor security, container security.
Application development, serverless security, microservices, CICD.
At least 5 years of designing and/or implementing security in Cloud (AWS required, Azure or GCP optional).
Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
At least 5 years working in or managing Agile Devops, Scrum, Kanban
Experienced with providing Security consulting, engineering, and Architecture support for numerous cloud environments (e.g., AWS, Azure, and Google).
Displays technical experience with conducting research and providing reviews and recommendations on threat and vulnerability mitigations.
Possess expertise in Security Architecture/Engineering principles, conducting security testing, analytical skills, and technologies.
Ability to explain and break down technical details, and solutions to executive management and ability to explain business impacts.
Understanding network protocols, design, and operations.
Strong analytical skills and efficient problem solving.
Experienced writing security related procedures and guidelines.
Experience with NIST Special Publications and guidance.
Excellent report development and presentation skills.
Customer facing skills and a proven track-record of building client relationships.
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
Must have the ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
EDUCATION:
Candidate must have a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, information technology, or cyber security. The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or information technology.
CERTIFICATIONS:
Certified Information Systems Security Professional (CISSP) is required.
Certifications to include one or more of the following:
Certified Cloud Security Professional,
AWS Certified Solutions Architect Associate
AWS Certified Security Specialist
Microsoft Azure Solutions Architect
Google Professional Cloud Architect
Clearance: United States Patent and Trademark Office Specific Minimum Background Investigation (MBI) will be conducted
Work Location: Remote (Initial onboarding in Arlington, VA). Minimal travel to the Washington, D.C. Metro Area may be required if requested by the client.
CLEARANCE:
Public Trust
Must be a United States .
WORK LOCATION and HOURS:
Location: Remote with occasional travel to Zermount HQ, and client location in Washington DC
Business Hours: 8:30 am - 5:00 pm
Core Hours: 9:00 am - 3:00 pm