RQ07078 - Applications Architect - Senior

Description:

The Senior Application Architect role requires extensive knowledge of modern network connectivity network security cyber security and internet technologies with demonstrated handson experience designing and developing modern networks network security and cyber security solutions in the Ontario K12 school board environment. This resource is responsible for but not limited to:

• Providing subject matter expertise advice consultancy and training with various network and cyber security architectures and framework such as:
  
• Softwaredefined networking (SDN) and SDWAN (Softwaredefined Wide Area Network)
  
• Secure Access Service Edge (SASE)
  
• MITRE ATT&CK framework
  
• Zerotrust architecture (ZTA)
  
• Cloud security architecture
  
• Various vendor specific architectures and frameworks (e.g. Azure Security Architecture Google infrastructure security AWS cloud security architecture)
  
• NIST Cyber Security Framework v2
  
• CIS Controls v8
  
• Security Operation (SecOps) practices
  
• Providing subject matter expertise solution and architecture advice consultancy training and implementation guidance with cyber security network security and network protection solutions including:
  
• Nextgeneration cyber security technologies leveraging automation artificial intelligence (AI) and machine learning (ML)
  
• Endpoint security solutions Endpoint protection (EPP) Endpoint detection and response (EDR) and Extended Detection and Response (XDR)
  
• Cloudbased cyber security solutions Secure Service Edge (SSE) / SASE including Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) and ZeroTrust Network
  
• Identity security solutions such as MultiFactor Authentication (MFA) Passkey Identity Management (IdM) and Privileged Access Management (PAM)
  
• Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)
  
• Network access control
  
• Incident Response and Incident Management (IR and IM) systems
  
• Automated vulnerability and patching
  
• Penetration testing and automated Red Teaming
  
• User and Entity Behaviour Analytics (UEBA)
  
• Distributed denial of service (DDoS) protection
  
• Operation Technology (OT) security
  
• Providing subject matter expertise advice consultancy training and implementation guidance on logging securing and analysing data vulnerability scanning and penetration testing and risk assessments to ensure sound network security architecture
  
• Providing subject matter expertise advice and consultancy on complex cyber security and network security issues
  
• Providing subject matter expertise advice consultancy training and implementation guidance with network operations centre (NOC) and security operations centre (SOC) technologies services and equipment including but not limited to:
  
• Security Information and Event Management (SIEM)
  
• Security Orchestration Automation and Response (SOAR)
  
• Threat Intelligence
  
• (SASE
  
• SolarWinds NetFlow Traffic Analyzer
  
• Network Performance Monitor (NPM) and Network Configuration Management (NCM) Tools
  
• Providing subject matter expertise advice consultancy training and implementation guidance with identity security and authentication solutions and technologies for:
  
• Passwordbased and passwordless authentication
  
• MFA
  
• Certificatebased authentication
  
• Biometric authentication
  
• Staying abreast of the everevolving cyber threat landscape to provide subject matter expertise guidance and advice on tactical and operational cyber security and network security practices
  
• Developing strategic technology roadmaps based on new and emerging cyber security and network security architecture solutions technology trends and industry analysis.
  
• Developing strategic technology roadmaps based on new and emerging network architecture solutions and technology trends and industry analysis including but not limited to:
  
• Network function virtualization (NFV) Open Network Automation Platform (ONAP) etc.
  
• WiFi and cellular broadband adoption
  
• WiFi 6 (802.11ax) 802.11ay WiFi 7 (802.11be)
  
• WISP tools technologies and implementation in Ontario
  
• 5G (5th generation) mobile data service spectrum sharing splicing etc.
  
• Wireless network security practices including authentication and edge security
  
• Providing subject matter expertise advice consultancy training and implementation guidance of network technology solutions services and equipment including but not limited to softwaredefined networking (SDN) technology:
  
• SDWAN (e.g. Fortinet Cisco Meraki Palo Alto etc.)
  
• Emerging SDEdge such as VMware VeloCloud Silver Peak etc.
  
• Designing and building network data monitoring and management systems
  
• Creating/updating detailed system documentation and technical specifications for various solutions and architecture including cyber security network security network protection authentication SDWAN network technology and NOC and SOC solutions
  
• Providing detailed options analysis including cost estimates on cyber security network security and network architectures.
  
• Assessing new and emerging cyber security network and network security solutions technology trends and industry analysis including but not limited to wireless network security practices such as authentication and edge security
  
• Presenting to senior and executive management and external stakeholders as needed
  
• Provide status and project status reports on all deliverables assigned.
  
• Deliver on other duties as assigned.
  

This work involves working in close partnership with sector technical IT leads (e.g. school board IT leads) to develop tailored approaches and implementation plans. To support various stakeholders the resource must be available to perform handson configuration troubleshooting and training at the client site.

The unit manager may assign school boardrelated work for other initiatives as required.

Requirements

Experience and Skill Set Requirements:

Must haves:

Cyber Security and Network Security:

• 10 years knowledge and experience with cyber security network security and network protection architectures frameworks and solutions including:
  
• Softwaredefined networking (SDN) and SDWAN (Softwaredefined Wide Area Network)
  
• Secure Access Service Edge (SASE)
  
• MITRE ATT&CK framework
  
• 10 years handson experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation preferably for Ontario K12 school boards including:
  
• Nextgeneration cyber security technologies leveraging automation artificial intelligence (AI) and machine learning (ML)
  
• Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) including Microsoft Sentinel Splunk Google Chronicle and FortiSIEM
  
• Endpoint security solutions Endpoint protection (EPP) Endpoint detection and response (EDR) Extended Detection and Response (XDR)
  
• Identity Management (IdM) Privileged Access Management and other identity security solutions
  
• Automated patching solutions
  
• Incident Response (IR) and Incident Management (IM)
  
• 2 years demonstrated handson experience providing security operations center (SOC) design architecture and plans including SOC technologies services and equipment but not limited to:
  
• SIEM
  
• SOAR
  
• SASE
  

Network Technology

• 5 years handson experience with softwaredefined networking (SDN SDWAN SDEdge)
  
• 5 years handson experience in data and performance monitoring and management systems in particular SolarWinds FortiManager Meraki Panorama Wireshark preferably for Ontario K12 school boards
  

Coordination Skills and Experience

Strong communication skills as demonstrated through:

• 5 years experience in effectively presenting to management teams and external stakeholders
  
• 5 years coordinating complex technical work with multiple IT teams internal and external to the Ministry
  

Industry Certifications / Relevant Degrees

• Relevant security certification required (e.g. CISSP or CISM).
  
• Postgraduate degree (e.g. M.Sc. and/or Ph.D.) in computer science or engineering is preferred.
  

Nicetohave:

Public Sector Experience:

• 5 years handson experience working with Ontario K12 school boards in particular with school board networks and network security
  

Skill Set Requirements:

Cyber Security and Network Security:

• 10 years experience in advanced SD networks and network security preferably for Ontario K12 school boards
  
• 10 years knowledge and experience with cyber security network security and network protection architectures frameworks and solutions including:
  
• Softwaredefined networking (SDN) and SDWAN (Softwaredefined Wide Area Network)
  
• Secure Access Service Edge (SASE)
  
• MITRE ATT&CK framework
  
• Zerotrust architecture (ZTA)
  
• Cloud security architecture
  
• Various vendor specific architecture and frameworks (e.g. Azure Security Architecture Google infrastructure security AWS cloud security architecture)
  
• 10 years handson experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation preferably for Ontario K12 school boards including:
  
• Nextgeneration cyber security technologies leveraging automation artificial intelligence (AI) and machine learning (ML)
  
• Nextgeneration firewalls (specifically Fortinet Meraki Palo Alto)
  
• Network access control (e.g. HPE Aruba ClearPass FortiNAC)
  
• Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) including Microsoft Sentinel Splunk Google Chronicle and FortiSIEM
  
• Endpoint security solutions Endpoint protection (EPP) Endpoint detection and response (EDR) Extended Detection and Response (XDR)
  
• Cloudbased cyber security solutions such as Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) firewalls and ZeroTrust Network access as available SASE (such as Zscaler Netskope Cisco Umbrella etc.)
  
• Distributed denial of service (DDoS) protection
  
• Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)
  
• Identity Management (IdM) Privileged Access Management and other identity security solutions
  
• Automated patching solutions
  
• Incident Response (IR) and Incident Management (IM)
  
• Operation Technology (OT) security
  
• 10 years handson experience providing subject matter expertise and leading implementation of authentication solutions and technologies preferably for Ontario K12 school boards including:
  
• Passwordbased and passwordless authentication
  
• Multifactor authentication (MFA)
  
• Certificatebased authentication
  
• Biometric authentication (e.g. Fast Identity online (FIDO) Universal 2nd Factor (U2F) FIDO2 Google Authenticator Security Assertion Markup Language (SAML))
  
• 2 years demonstrated handson experience providing security operations center (SOC) design architecture and plans including SOC technologies services and equipment but not limited to:
  
• SIEM
  
• SOAR
  
• SASE
  
• Demonstrated handson experience with cyber security industry frameworks such as NIST Cyber Protection Framework and 800 series CIS Controls v8 COBIT and ISO 27001
  
• Knowledge of the new draft NIST Cyber Security Framework v2.0
  
• Excellent knowledge of the new and emerging cyber security and network security technology trends
  
• Excellent knowledge and exposure to IoT security issues and data capturing mechanisms
  

Network Technology:

• 10 years handson experience with network infrastructure solutions and technologies including LAN/WAN VPN VXLAN wLAN fog computing network function virtualization (NFV) server virtualization cloud platforms and hardware (servers switches routers firewalls)
  
• 5 years handson experience with softwaredefined networking (SDN SDWAN SDEdge)
  
• 5 years handson experience with Ontario K12 school boards networks (WAN LAN WiFi internet service delivery)
  
• 5 years handson experience in data and performance monitoring and management systems in particular SolarWinds FortiManager Meraki Panorama Wireshark preferably for Ontario K12 school boards
  
• 5 years handson experience with network data traffic awareness monitoring and analysis tools and technologies and enterprise tools including SolarWinds PRTG (Paessler Router Traffic Grapher) and Wireshark Network Analyzer preferably for Ontario K12 school boards
  
• 5 years handson experience with data logging mechanisms and technologies including Syslog IPFix CSV CEF and NetFlow preferably for Ontario K12 school boards
  
• Demonstrated handson experience with developing customized WAN and network architectures for SDN networks to address unique and specific needs
  
• Excellent knowledge of the new and emerging network technology trends
  
• Demonstrated experience assessing and evaluating new and emerging network technologies with pilots and proofof concepts
  
• Experience with telecommunication technologies such as:
  
• Data transport technologies including fibre optic cable coaxial cable wireless radio and microwave
  
• Nextgeneration data transport such as LTE Advanced DOCSIS C3.1 and 5G
  
• Transmission protocols including Multiprotocol Label Switching (MPLS) Virtual Private LAN Service (VPLS) TCP/IP (Transmission Control Protocol/Internet Protocol) and tunneling
  

Coordination Skills and Experience:

Strong communication skills as demonstrated through:

• 5 years experience in effectively presenting to management teams and external stakeholders
  
• 5 years experience in preparing written materials (e.g. status reports recommendations briefing notes)
  
• 5 years coordinating complex technical work with multiple IT teams internal and external to the Ministry
  

Industry Certifications / Relevant Degrees:

• Relevant network certifications or equivalent work experience
  
• Relevant security certification required (e.g. CISSP or CISM).
  
• Computer Science engineering or other relevant degree is required.
  
• Postgraduate degree (e.g. M.Sc. and/or Ph.D.) in computer science or engineering is preferred.
  

Public Sector Experience:

• Knowledge of Government of Ontario standards (e.g. GOITS) and relevant policies and legislation
  
• 5 years handson experience working with Ontario K12 school boards in particular with school board networks and network security
  
• Handson experience providing design development and delivery of technical training courses to Ontario K12 school boards