Security Architect

Position: Security Architect Location: McLean, VADuties and Responsibilities

• Assess assigned security project tasks and milestones and allocate tasking and responsibilities of team members according to their respective strengths.
• Perform daily checks on outstanding project tasks keep the team on track to complete milestones accordingly.
• Clarify issues or questions for team members to facilitate obtaining the necessary support to remove roadblocks.
• Provide clarification to agencies' stakeholders' questions to ensure successful assessment outcomes.
• Provide feedback to senior management on performance issues and improvements on the implemented security project approach, processes, procedures, methodologies, etc.
• Provide technical guidance and mentoring to team members.
• Tactically navigate stalemate situations to manage competing interests and priorities among stakeholders.
• Assess and understand at a high-level organization mission, goals, and objectives and relate cyber security principles and requirements to the mission.
• Translate and explain cyber security principles and technical security requirements to non-technical stakeholders to facilitate understanding implementation and maturity of management, operational, and technical security controls, based organization mission objectives outlined in security policies, directives, orders, and standards.
• Identify and review the body of evidence/artifacts required to support implementation and maturity of management, operational, and technical security controls i.e., Policies, plans, process, procedures, guidelines, standards, and system architecture, design, and configuration documents, service and change control tickets, logs, reports, formal and informal communication artifacts.
• Communicate assessment/audit risk findings and mitigations to technical and non-technical stakeholders.
• Identify, monitor, and communicate to senior management task performance risks, issues, problems, and develop and implement mitigations or request assistance needed.
• Provide support developing and maintaining security assessment practice documentation i.e., policies, plans, processes, procedures, guidelines, standards, methodologies, report templates, questionnaire templates.
• Design and develop security architectures for cloud and cloud/hybrid-based systems.
• Develops standards in partnership with Engineering, Infrastructure Services, and Application Development.
• Develops and executes strategies to increase Cloud Security knowledge throughout the enterprise.
• Leads initiatives designed to share knowledge across Security Platforms and/or Technology teams. Identifies, recommends, coordinates, delivers timely knowledge to support teams regarding technologies, processes, or tools.

• At least five (5) years of experience leading security teams.
• At least eight (8) years of hands-on experience performing security tasks like scanning, patching, reviewing evidence/documentation.
• Bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Cybersecurity, or related discipline.

• Excellent written and oral communication, and presentation skills
• Ability to facilitate security tasks, ensuring that technical requirements are communicated clearly to agency stakeholders.
• Self-starter, able to assess, plan, assign, and monitor/execute security assessment project tasks ensuring successful closure.
• Customer-oriented with excellent issue follow-through and resolution abilities.
• Ability to develop, motivate, and manage teams.
• Outstanding interpersonal skills, strong work ethic, and self-motivated.
• Able to perform gap analysis and initiate process, procedure, methodology improvements.
• Utilize tools and analytical skills to plan and execute tasks.

• CISSP, or CISA, or CISM, or CRISC, or CAP, or relevant industry security certifications
• Experience conducting Seeker, Blackduck, NetSparker, and Coverity scans
• Experience in planning, managing, and patching vulnerabilities from system scans
• Experience with relevant laws and regulations: FISMA, HIPAA, HITECH, IRS, GDPR, etc.
• Experience with any of the following security controls frameworks: NIST SP 800-53 Rev 4, SANS 20 Critical Security Controls, CIS Controls (Basic, Foundational, and Organizational), COBIT 5, HITRUST Common Security Framework, ISO 27001/2, SOC 1/SOC 2
• Experience with any of the following assessment frameworks/models: Data Management Maturity Model (DMM), Capability Maturity Model Integration (CMMI), NIST Cyber Security Framework (CSF), NIST Risk Management Framework (RMF), NIST Privacy Framework
• Experience with service-oriented architecture for cloud-based services.
• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.