Security Architect

Location: Rockville MD

Work Type: Hybrid Work (Minimum 2 days onsite may extend based on client meetings delivery needs and proposal support)

Job Title: Security Architect

Clearance: Public Trust

Job Summary: LCG is seeking a Security Architect provides enterprise cybersecurity architecture and engineering support to Clients Office of Management Technology and Operations (OMTO) Division of Technology Management (DTM). This role is responsible for designing and improving security architecture across hybrid (cloud on-premises) environments ensuring alignment with HHS and federal cybersecurity mandates and supporting modernization efforts that strengthen security posture improve operational resilience and enable compliant system delivery.

The Security Architect will lead technical planning for security control implementation provide guidance to stakeholders across infrastructure and application teams and contribute to remediation strategy continuous monitoring alignment and integration of security requirements into enterprise environments. The position supports Clients cybersecurity and risk-based program objectives including improving security infrastructure integrating federal requirements into operational execution and supporting continuous monitoring and automation activities.

Key Responsibilities

Security Architecture Design & Improvement

• Design and recommend enterprise security architecture improvements for Client systems focusing on strengthening security posture across network infrastructure cloud and application layers.
• Develop security architecture artifacts such as:
• Target-state security architecture models
• Security service integration patterns (identity logging scanning endpoint security WAF)
• Security control inheritance mapping for enterprise services and shared platforms
• Conduct architecture reviews to identify security gaps and opportunities for improved resiliency and compliance alignment.

Vulnerability Remediation Strategy Support

• Support the development of vulnerability remediation strategies by analyzing scan results security weaknesses and systemic configuration issues impacting Client environments.
• Recommend enterprise remediation approaches such as:
• Standard security baselines (e.g. hardened images secure configurations)
• Compensating controls where patching is delayed or constrained
• Repeatable remediation processes across system classes (servers endpoints cloud workloads)
• Assist stakeholders in prioritizing remediation based on risk mission impact and federal compliance expectations.

Analyze HHS Design Requirements & Security Impacts

• Analyze HHS and federal design requirements and evaluate impacts to Clients architecture implementations and operational processes.
• Translate requirements into actionable security architecture guidance for:
• Infrastructure engineering teams
• Application owners and system developers
• Governance/compliance stakeholders (FISMA RMF POA&M coordination)
• Provide architectural interpretation and support for new security mandates and evolving federal expectations.

Define Security Deployment Approach (Enterprise Implementation Patterns)

• Define secure deployment approaches for new and existing systems ensuring security controls and tools are implemented consistently and efficiently.
• Produce standardized design approaches for:
• Secure logging and monitoring architectures (supporting SIEM/Splunk ingestion and monitoring coverage)
• Vulnerability scanning integration and automated evidence generation
• Identity and privileged access integration (IAM PAM patterns)
• Ensure solutions support both operational needs and compliance requirements.

Implementation Plans for New Controls Capabilities and Tools

• Create implementation plans for deploying new security controls or tool capabilities including:
• Scope definition and technical prerequisites
• Integration dependencies across teams and environments
• Phased rollouts validation checkpoints and operational transition steps
• Support adoption of security tools and security control implementation activities that improve Clients maturity and automated security posture.

Support Cloud On-Prem Security Integrations

• Architect integration of cloud and on-prem solutions to support secure hybrid operations aligned to Clients enterprise security framework.
• Support integration activities involving:
• Cloud security tooling integrations
• Network security boundaries and monitoring pipelines
• Web application protection patterns (e.g. WAF integrations)
• Assist with secure architecture decisions for systems operating under federal compliance constraints.

Provide Technical Guidance to Stakeholders

• Provide technical leadership and architecture guidance to cross-functional stakeholders including system owners engineers program teams and compliance personnel.
• Support design reviews technical working sessions and architecture decision-making including:
• Explaining security control requirements and implementation options
• Advising on secure patterns for system modernization and new deployments
• Collaborating on resolving engineering blockers impacting security posture

Support Modernization & Automation Initiatives

• Support modernization initiatives that improve Clients cybersecurity capability through automation and improved security-by-design practices.
• Contribute architecture guidance for initiatives such as:
• Enhanced continuous monitoring approaches (NIST SP 800-137 aligned)
• Integrating security requirements into DevSecOps/CI/CD delivery pipelines (as applicable to security automation goals)
• Supporting implementation strategies for improved security metrics and reporting capabilities

Requirements:

Education: Bachelors degree in one of the following or related technical discipline (Cybersecurity / Information Assurance /Information Systems / Information Technology / Computer Science / Engineering)

Certification: Preferred: CISSP (industry standard preferred credential for senior security architecture roles)

Experience:

• Minimum: 5 years of experience in enterprise security architecture and/or security engineering

• Experience supporting federal cybersecurity programs and security governance objectives (FISMA/NIST-aligned)
• Hands-on exposure to cloud security architecture and hybrid integration patterns
• Experience designing security modernization approaches (automation improved monitoring scalable control deployment).
• Strong background in security architecture and security engineering with demonstrated ability to design enterprise security solutions
• Experience developing architecture recommendations that improve security posture across hybrid IT environments
• Ability to evaluate and translate security requirements into actionable architecture decisions and implementation plans
• Working knowledge of:
• Vulnerability remediation strategy development and execution support
• Continuous monitoring practices and operational security reporting
• Security tool integrations and technical dependencies across organizations

Tools Set / Platforms

The Security Architect will work across architecture and compliance support tooling such as:

• Security architecture tools (models diagrams and enterprise design artifacts)
• GRC artifacts and governance documentation (e.g. control evidence security posture analysis)
• Cloud security tooling and hybrid security capabilities
• Scanning tools outputs used to drive remediation and risk reduction efforts

Compensation and Benefits

The projected compensation range for this position is $100000 to $200000 per year benchmarked in the Washington D.C. metropolitan area. Salary at LCG is determined by various factors including but not limited to role location education/training skills certifications and experience.

LCG offers a competitive and comprehensive benefits package including medical dental and vision insurance life and disability insurance retirement plan contributions paid leave federal holidays professional development opportunities and lifestyle benefits.

Devoted to Fair and Inclusive Practices

All qualified applicants will receive consideration for employment without regard to sex race ethnicity age national origin citizenship religion physical or mental disability medical condition genetic information pregnancy family structure marital status ancestry domestic partner status sexual orientation gender identity or expression veteran or military status or any other basis prohibited by law.

If you are interested in applying for employment with LCG and need special assistance or an accommodation to apply for a posted position contact Human Resources at

Securing Your Data

Beware of fraudulent job offers using LCGs name. LCG will never request payment-related details or advance payment during the application process. Legitimate communication will only come from or email addresses.