RQ10544 Technology Architect Senior

Description:

The Senior Technology Architect role requires deep knowledge expertise and experience in cyber security solutions; security operations (SecOps) technologies solutions and practices; automation and artificial intelligence (AI) in cyber security and managed security services (MSS). This resource will contribute to the design planning implementation and operationalization of the transition governance and oversight processes for transition to MSS providing architectural leadership and independent oversight for cyber security security operations (SecOps) and shared MSS within a federated public sector environment. This role combines deep cyber security expertise with critical analysis of managed security service offerings validation of service alignment to existing models and stewardship of AI-assisted security operations roadmaps.

This resource will be responsible for but not limited to:

• Contributing to the definition maintenance and evolution of cyber security and SecOps reference architectures aligned to existing principles and shared services objectives including:
  
• Ensuring consistent architectural interpretation and adoption across organizations with varying security maturity
  
• Developing architectural patterns onboarding models and integration guidance that align internal environments with shared MSS capabilities
  
• Providing architecture-based guidance to governance bodies on vendor selection service readiness and phased adoption strategies.
  
• Providing technical guidance delivering solution training and implementation support for hybrid cyber security operating models involving both in-house and outsourced MSSP capabilities including:
  
• MSSP integration and optimization
  
• Security operations functions and architecture
  
• Threat detection and incident response
  
• Security Information and Event Management (SIEM) Security Orchestration Automation and Response (SOAR) endpoint detection and response (EDR) and extended detection and response (XDR) and threat intelligence platforms in a hybrid implementation
  
• Automation and orchestration workflows and
  
• Governance risk and compliance in a hybrid (in-house and outsourced) security operations environment.
  
• Providing subject matter expertise in security operations centre (SOC) technologies services and tools including but not limited to:
  
• Security Information and Event Management (SIEM) and
  
• Security Orchestration Automation and Response (SOAR).
  
• Providing independent analysis and validation of managed security services providers (MSSP) managed detection and response (MDR) and security operations centre (SOC)-as-a-service offerings including:
  
• Service scope assumptions dependencies and exclusions
  
• Identifying service gaps capability overlaps and misalignments between vendor claims and architectural reality
  
• AI-assisted detection and correlation automated triage and enrichment and orchestration and response
  
• Tooling ownership vs. service responsibility
  
• Human vs. automated decision boundaries and
  
• Alignment with existing reference architectures current risk profiles and operational maturity and required threat detection incident response and recovery capabilities.
  
• Supporting service assurance and continuous improvement through structured architectural reviews and outcome-based evaluations.
  
• Contributing to the definition and refinement of SecOps performance metrics including key performance indicators (KPIs) and key risk indicators (KRIs) aligned to risk and governance objectives.
  
• Evaluating and analyzing MSS and SOC metrics to:
  
• Support executive and stakeholder decision-making
  
• Support continuous improvement and
  
• Translate operational and service-level data into strategic insights.
  
• Provide architectural guidance on the adoption of AI in security operations aligned with current strategies and objectives and contributing to the development of pragmatic AI roadmaps.
  
• Developing materials for and presenting to school board senior management executives and sector stakeholders including executive briefings working sessions and stakeholder forums for architectural insights service evaluations and roadmap recommendations to executive and senior stakeholders.
  
• Supporting shared service adoption by defining roles responsibilities escalation models and governance structures.
  
• Developing and delivering targeted technical training and guidance to IT and security teams on cyber security and SecOps including working effectively with MSSPs and shared SecOps models.
  
• Translating technical architectures and other technical materials into clear executive-ready visuals and narratives bridging technical teams and senior decision-makers through concise plain-language communications for school boards executives and sector stakeholders.
  
• Coordinate effectively across multiple stakeholder groups to ensure architectural coherence unified and consistent messaging and alignment with established standards and policy direction.
  
• Delivering solution and architecture guidance training and implementation support for AI and machine learning (ML)-driven network and security technologies.
  
• Delivering training and operational guidance to board IT and security teams on threat response workflows and defensive posture validation.
  
• Presenting to senior and executive management and external senior stakeholders as needed.
  
• Providing regular status updates and project reports on assigned deliverables.
  
• Taking a collaborative approach to solution definition development and implementation with multiple stakeholder groups with differing needs and expectations.
  
• Aligning with industry and legislative advancements at the federal provincial/local level (e.g. Enhancing Digital Security and Trust Act 2024 (EDSTA)).
  
• Delivering on other duties as assigned.
  

• This work involves working in close partnership with various government departments the K-12 education sector telecommunications providers and network and cyber security technology vendors to develop tailored approaches and implementation plans. To support various stakeholders the resource must be available to at the client site as required. Therefore the resource must be available to travel same day or overnight in Ontario as needed.
  
• The unit manager may assign other related board work for other unit or branch initiatives as required.
  

Requirements

Experience and Skill Set Requirements:

Must Haves:

• 3 years of experience in security operations including operating or supporting a Security Operations Centre (SOC) managed security services or hybrid SOC models.
  
• SOC processes including monitoring alert triage incident detection incident response threat hunting threat intelligence integration and post-incident review.
  
• Hands-on experience with key security operations tools and platforms such as:
  
• Security Information and Event Management (SIEM)
  
• Security Orchestration Automation and Response (SOAR)
  
• Endpoint protection platforms (EPP) endpoint detection and response (EDR) and extended detection and response (XDR) solutions
  
• AI/ML-driven security technologies
  
• Identity security and authentication solutions (password less password-based certificate-based multi-factor authentication (MFA))
  
• Incident Response and Incident Management (IR/IM) solutions
  
• Familiarity with industry standards and frameworks including MITRE ATT&CK D3FEND ATLAS NIST CSF v2 and CIS Controls v8)
  
• Proven ability to assess implement and optimize managed security services including collaboration with Managed Security Services (MSS) and Managed Detection and Response (MDR) providers evaluation of service models and integration with internal security teams.
  
• Relevant specialized industry / vendor certifications such as:
  
• ITIL 4 Foundation or higher
  
• EC-Council Certified SOC Analyst (CSA)
  
• GIAC certifications (e.g. Security Operations Certified (GSOC) Cyber Threat Intelligence (GCTI) Certified Incident Handler (GCIH) etc.) or
  
• Equivalent work experience.
  

Nice To Have:

• 5 years of experience in cyber security and next-generation network security.
  
• 5 years of experience designing and deploying secure architectures and automation workflows preferably within Ontario K-12 or comparable public sector environments.
  

Skill Set Requirements:

Cyber Security and Architecture Expertise:

• 3 years of experience in security operations including operating or supporting a Security Operations Centre (SOC) managed security services or hybrid SOC models.
  
• 5 years of experience in cyber security and next-generation network security.
  
• 5 years of experience designing and deploying secure architectures and automation workflows preferably within Ontario K-12 or comparable public sector environments.
  
• Demonstrated expertise in SOC processes including monitoring alert triage incident detection incident response threat hunting threat intelligence integration and post-incident review.
  
• Hands-on experience with key security operations tools and platforms such as:
  
• Security Information and Event Management (SIEM)
  
• Security Orchestration Automation and Response (SOAR)
  
• Endpoint protection platforms (EPP) endpoint detection and response (EDR) and extended detection and response (XDR) solutions
  
• Vulnerability management and patching platforms
  
• Network detection and response (NDR) intrusion prevention systems (IPS) intrusion detection systems (IDS)
  
• Threat intelligence platforms
  
• AI/ML-driven security technologies
  
• Security service edge (SSE) / secure access service edge (SASE) including integration of network and security functions e.g. secure web gateway (SWG) cloud access security broker (CASB) firewall-as-a-service (FWaaS) and zero-trust network architecture (ZTNA)
  
• Identity security and authentication solutions (password less password-based certificate-based multi-factor authentication (MFA))
  
• Incident Response and Incident Management (IR/IM) solutions
  
• Cloud security and
  
• User and Entity Behaviour Analytics (UEBA) and threat behavior analytics.
  
• Familiarity with industry standards and frameworks including MITRE ATT&CK D3FEND ATLAS NIST CSF v2 and CIS Controls v8).
  
• Demonstrated experience evaluating emerging cyber security and security operations technologies through pilots proofs of concept or operational readiness testing.
  

Security Operations and Managed Security Services:

• 3 years of experience in IT service management with implementation/transition experience.
  
• Experience designing and operationalizing governance frameworks for security operations including roles processes escalation paths service-level definitions and performance metrics.
  
• Proven ability to assess implement and optimize managed security services including collaboration with Managed Security Services (MSS) and Managed Detection and Response (MDR) providers evaluation of service models and integration with internal security teams.
  
• Strong understanding of modern operational security models such as zero-trust architecture risk-based alerting layered security control strategies.
  
• Experience developing and interpreting SOC metrics KPIs and KRIs.
  
• Experience guiding the integration of SecOps platforms into broader cyber security architecture and automation frameworks.
  
• Experience developing and tuning detection use cases across identity endpoint email network and cloud environments.
  
• Ability to evaluate MSS service maturity automation claims and operational transparency.
  
• Familiarity with AI/ML trends in cyber security and their impact on threat detection and response.
  
• Familiarity with telemetry ingestion log normalization and real-time correlation.
  

Training Collaboration and Stakeholder Engagement:

• 5 years of experience presenting to senior and executive management and stakeholders.
  
• 5 years experience coordinating and leading complex technical initiatives across multiple teams organizations and stakeholders.
  
• 5 years of experience preparing written materials (e.g. briefing notes status reports recommendations executive reports and architectural documentation).
  
• Proven experience communicating complex technical concepts to non-technical audiences including executive and senior management and stakeholders.
  
• Proven experience with group facilitation for cross-functional groups and operating in advisory and/or consulting roles.
  
• Experience delivering cyber security and SecOps training to technical teams.
  

Relevant Degrees / Industry Certifications:

• Bachelors degree in computer science engineering cyber security or a related field.
  
• Postgraduate degree (e.g. . MA Ph.D.) is preferred.
  
• Relevant specialized industry / vendor certifications such as:
  
• ITIL 4 Foundation or higher
  
• EC-Council Certified SOC Analyst (CSA)
  
• GIAC certifications (e.g. Security Operations Certified (GSOC) Cyber Threat Intelligence (GCTI) Certified Incident Handler (GCIH) etc.) or
  
• Equivalent work experience.
  
• Cyber security certification(s) or equivalent experience preferred (e.g. Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Cloud Security Professional (CCSP). Other examples include Certified Ethical Hacker (CEH) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC)).
  

Public Sector Experience:

• Experience working in the Ontario K-12 education sector particularly with school board network and cyber security environments or similar public sector environments.
  
• Knowledge of Government of Ontario standards (e.g. GO-ITS) policy and relevant legislation (e.g. Enhancing Digital Security and Trust Act 2024 (EDSTA)).
  
• Experience working within federated or shared service security models is preferred.