RQ09515 - Technology Architect - Senior

The Senior Technology Architect role requires deep knowledge expertise and experience in in cyber security solutions security operations (SecOps) solutions and practices automation and artificial intelligence (AI) in cyber security managed security services and next-generation network security. The resource also requires hands-on experience in analyzing configuring implementing and troubleshooting cyber security models automation solutions and threat detection particularly within the education sector preferably in the Ontario K12 school board environment.

This resource is responsible for but not limited to:

Providing subject matter expertise tactical and operational advice consultancy and training on all aspects of cyber security and network solutions such as:

o Cyber security solutions to protect detect and respond to cyber threats

o Zero-trust architecture (ZTA) solutions

o Cloud security solutions

o Use of MITRE ATT&CK D3FEND and ATLAS frameworks in security operations

o Various vendor specific cyber security and network solutions

o Security operation (SecOps) and AI-Operations (AIOps) practices

Delivering solution and architecture guidance training and implementation support for next-generation networks network protection and cyber security technologies including:

o Security service edge (SSE) / secure access service edge (SASE) including integration of network and security functions including secure web gateway (SWG) cloud access security broker (CASB) and zero-trust network architecture firewall-as-a-service (FWaaS)

o SD-WAN (software-defined wide area network) and software-defined networking (SDN)

o AI and machine learning (ML)-driven network and security technologies

o Endpoint protection platforms (EPP) endpoint detection and response (EDR) and extended detection and response (XDR) solutions

o Advanced intrusion prevention systems (IPS) intrusion detection systems (IDS) network access control and distributed denial of service (DDoS) protection

o Identity security and authentication solutions (passwordless password-based certificate-based MFA)

o Incident Response and Incident Management (IR and IM) solutions

o Automated vulnerability and patching

o User and Entity Behaviour Analytics (UEBA)

o Penetration testing and automated red teaming

o Operation technology (OT) security

Providing technical guidance delivering solution training and implementation support for strategic integration of hybrid cyber security operating models involving both in-house and outsourced MSSP (managed security services provider) capabilities including:

o Oversight of MSSP integration and optimization

o Security operations architecture planning

o Threat detection and incident response

o Security Information and Event Management (SIEM) Security Orchestration Automation and Response (SOAR) EDR/XDR and threat intelligence platforms in a hybrid implementation

o Automation and orchestration workflows

o Governance risk and compliance in a hybrid (in-house and outsourced) security operations environment

Providing subject matter expertise in network operations centre (NOC) and security operations centre (SOC) technologies services and tools including but not limited to:

o Security Information and Event Management (SIEM)

o Security Orchestration Automation and Response (SOAR)

o Strategic use of telemetry and analytics tools to support architectural decisions

Designing and implementing end-to-end security automation workflows using SOAR platforms (e.g. Microsoft Sentinel Cortex XSOAR) including bi-directional integrations telemetry ingestion and orchestration of real-time response actions.

Provide expertise on integrating advanced AI in cyber security including agentic AI and autonomous security to support automation maturity and organizational readiness.

Deploying agentic AI-based automation for incident response phishing mitigation access control and exposure management across distributed environments.

Developing observability dashboards and managing security metrics (KPIs/KRIs) to measure automation effectiveness operational maturity and MSSP accountability.

Executing and maintaining continuous automated red teaming (CART) platforms (e.g. SCYTHE Caldera AttackIQ) and integrating red team outputs into detection tuning and playbook updates.

Applying data science and ML techniques to security telemetry for anomaly detection triage automation and prioritization scoring.

Collaborating with MSSPs and internal teams to operationalize AI-human workflows improve detection logic and support continuous improvement loops.

Providing subject matter expertise in the development and delivery of technical training courses including working on automation and autonomous systems to board IT and cyber security staff in support of boards cyber resilience efforts.

Presenting to senior and executive management and external senior stakeholders as needed.

Providing regular status updates and project reports on assigned deliverables

Taking a collaborative approach to solution definition development and implementation with multiple stakeholder groups with differing needs and expectations.

Aligning with industry and legislative advancements at the federal provincial/local level (e.g. Bill 194 / Enhancing Digital Security and Trust Act 2024 (EDSTA)).

Delivering on other duties as assigned.

This work involves working in close partnership with various government departments the K-12 education sector telecommunications providers and network and cyber security technology vendors to develop tailored approaches and implementation plans. To support various stakeholders the resource must be available to perform hands-on configuration troubleshooting and training at the client site. Therefore the resource must be available to travel same day or overnight in Ontario as needed.

The unit manager may assign other related board work for other unit or branch initiatives as required.

SkillsExperience and Skill Set Requirements

TOTAL OF 100%

NOTE:

MUST HAVE

NICE TO HAVE

Cyber security Architecture Threat Management & Network 40%

10 years in cyber security solutions and next-generation network security with a focus on hands-on implementation configuration and troubleshooting.

5 years of experience in network security within advanced SDN environmentspreferably in Ontario K12 school boards.

Proven hands-on experience deploying and implementing the following solutions and technologies preferably for Ontario K-12 school boards:

o Cloud-based security (SSE/SASE including SWG CASB FWaaS ZTNA)

o Zero-trust architecture (ZTA)

o Cloud security architecture (e.g. Azure AWS Google Cloud)

o MITRE ATT&CK D3FEND and ATLAS frameworks

o NIST Cybersecurity Framework (CSF) v2 CIS Controls v8

o AI/ML-driven cyber security and agentic AI-based automation

o Security automation (static and dynamic) and playbook development

o Endpoint security solutions (EPP EDR XDR)

o Advanced IPS/IDS DDoS protection and NAC

o Identity security and authentication (passwordless password-based certificate-based 2FA MFA)

o Incident response and incident management (IR/IM)

o Automated vulnerability management and patching

o User and Entity Behaviour Analytics (UEBA) OT security

o Penetration testing and automated red teaming

Strong knowledge of layered security controls and risk-informed cyber security models (NIST CSF v2 CIS Controls v8).

Demonstrated ability to assess and evaluate emerging cyber security technologies through pilots and proof-of-concepts.

Automation AI & Autonomous Security 25%

5 years of experience deploying secure architectures and automation workflows preferably within Ontario K12 school boards.

Hands-on experience with SOAR playbook design bi-directional integrations and AIOps-driven incident response.

Experience with Continuous Automated Red Teaming (CART) platforms (e.g. SCYTHE Caldera AttackIQ) and integrating red team outputs into detection tuning and MSSP metrics.

Proficiency in applying data science and ML to cyber security telemetry including anomaly detection scoring algorithms and observability dashboards.

Familiarity with security data lakes and log analytics platforms (e.g. Azure Data Explorer Splunk ELK).

Understanding of AI governance explainability and ethical deployment of autonomous systems.

Security Operations Managed Services & Compliance 10%

Proven hands-on experience designing and implementing hybrid (internal and outsourced) security operations including:

o Strategic oversight of MSSP integration and optimization

o High-level threat detection and incident response planning

o SIEM SOAR EDR/XDR and threat intelligence platforms

o Automation and orchestration workflows

o Governance risk and compliance in hybrid environments

Strong knowledge of MSSP MDR and SOCaaS models.

Experience guiding the integration of SecOps platforms into broader cyber security architecture and automation frameworks.

Experience developing and tuning detection use cases across identity endpoint email network and cloud environments.

Familiarity with telemetry ingestion log normalization and real-time correlation

Training Collaboration & Stakeholder Engagement 10%

5 years of experience presenting to senior and executive management and external stakeholders.

5 years coordinating and leading complex technical work with multiple IT teams internal and external stakeholders.

5 years of experience preparing written materials (e.g. status reports recommendations briefing notes) and experience maintaining security content (rules dashboards playbooks) across shared platforms.

5 years of experience delivering cyber security upskilling training to IT and security teams.

Industry Certifications / Relevant Degrees 10%

Bachelors degree in computer science cyber security or a related field.

Postgraduate degree (e.g. . and/or Ph.D.) in computer science cyber security or engineering is preferred.