Security Architect

Cybersecurity Architecture

Summary

Zermount Inc. is seeking a Cybersecurity Architect who can create government solutions that will withstand even the most complex of IT and Cyber threats. As a Lead in our project you will lead the architecture and design of innovative solutions and services to secure federal networks. You will coordinate with a dynamic team of thought leaders and experts to determine the right tools and methods to translate your clients IT needs and future goals into a plan that delivers secure and efficient solutions. We need to find the best solution for you to explore new methods break free from the outdated model and go where the industry is heading. You will guide the team through a critical approach to network design suggesting alternatives and tweaking solutions to maintain a balance between security and mission needs. Your technical expertise will be vital as you help clients overcome their toughest challenges with cutting-edge technologies and cybersecurity domains. Join our team as we address cybersecurity challenges and build capabilities to deliver solutions and service offerings using investments and proven capabilities.

Duties and Responsibilities

Roadmap and Strategy

• Provide input to the Cybersecurity roadmap and strategy for key organization strategic initiatives for the following and related areas:
  • Security Architecture: Develop and Recommend Security Architecture and Standards including Cloud Security for government approval.
  • Cybersecurity Operations: Improve Cloud monitoring detection and response; Improve Security Operations (SOC) operations.
  • Privacy & Continuous Monitoring: Improve Vulnerability Assessment program; Integrate security scanning in Cloud Pipeline; Improve Cloud vulnerability coverage and scanning.
  • Cybersecurity Authorizations and Compliance: Reduce time to ATO through continuous ATO; Improve Cloud Compliance.
  • Executive Order (EO) 14028 Improving the Nations Cybersecurity in terms of: Implementing Zero Trust; Enhancing Supply Chain Risk Management (SCRM); Addressing critical software; and Developing secure Cloud adoption.

Security Architecture Reviews

• Develop and integrate with other Cybersecurity workflow to include: ATO Intake assessment and Vulnerability Scanning process.
• Integrate with Enterprise Architecture (EA) review process.
• Perform security reviews based on RMF controls compliance clients and security best practices.
• Develop security architectural patterns to enable faster ATO or assessment process by creating architectural designs that already meet compliance controls.
• Develop Security Architecture Standards in Cybersecurity SharePoint site and cross-link with Cloud Operations (SSB) and Enterprise Architecture (EA) sites.
• Provide security input on Cloud Center of Excellence (CCOE) and Cloud Advisory Council (CAC) agenda items by participating in technical working groups providing security analysis and providing recommendations.
• Provide security architecture input for DevSecOps security strategy and roadmap including application and infrastructure vulnerability scanning automated assessments and security controls.
• Research document and publish a Cloud Security Codex to include security best practices based on security architecture patterns or Cloud services guidances such as security configuration or use-cases and design.
• Recommends security requirements architectural direction and assists in pilot testing of key enterprise-wide initiatives to include:
  • Zero Trust Architecture (ZTA)
  • Secure Access Service Edge (SASE) including Cloud Access Security Broker (CASB)
  • Zero Trust Network Access (ZTNA)
  • Secure Web Gateway (SWG)
  • Trusted Internet Connection (TIC) 3.0
  • Identity Credential and Access Management (ICAM) - OKTA
  • Configuration Management Database (CMDB).
• Evaluate a subset of the agencys High Value Asset (HVA) security posture to determine whether the agency has properly architected its cybersecurity solutions and provides agency leadership the risks inherent in the implemented cybersecurity solution.
• Performs architecture design reviews including configuration and log reviews and perform network traffic analyses.
• Produces a SAR Report to include HVAs architecture strengths and findings.

Cloud Security Engineering

• Drive the pilot and adoption of Cloud Security Posture Management (CSPM).
• Design and deploy native Cloud security services in AWS Microsoft Azure and Google Cloud.
• Perform proof of value of Cloud-native COTS 3rd party or opensource security capabilities by hands-on deploying and evaluating against security requirements.
• Lead the development of scripts or code to perform Cloud Security assessments through Cloud native API or SDK.
• Lead the development of enterprise cloud security blueprints to include security in Infrastructure as Code (IaC templates).
• Research new and emerging security practices and capabilities such as AI/ML to address compliance and mitigate security risk.

System Security Engineering (SSE)

• Collaborate with the CyberOps Branch to improve Cloud Security monitoring to include ingestion of logs such as: API application/database and flow logs into SIEM; and improve Cloud SME on Cloud log analysis to analyze create and tune Cloud events to increase coverage and alerting in the Cloud.
• Collaborate with the Privacy and Continuous Monitoring Branch to increase Cloud vulnerability coverage in the areas of Operating System (OS) application code and Infrastructure level; and develop architecture for integrating findings into a centralized dashboard that allows product owners direct access to teams specific systems or cloud account findings.
• Collaborate with the Cybersecurity Authorizations and Compliance Branch to provide input on designing compliance systems that perform continuous ATO process to decrease the processing lead times of current ATO process; provide responses on data calls; and participate in working groups in order to collaborate and share technical knowledge.
• Identify security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle.
• Ensure the team provides system engineering and architectural design support services to include Studies and analysis of proposed operations modifications; End-to-end architecture tradeoff assessment; Development of strategic and tactical plans; Evaluation of new program requirements; and Investigation and development of new technologies for possible operations modifications.

Requirements

• High level of attention to detail needs minimal guidance effective verbal and written communications.
• Equally adept at strategic planning and operational/technical level.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
• At least 5 years (preferred 10 years) of network systems applications:
  • LAN/WAN WAF/CDN/DDOS Network Firewalls IDS/IPS.
  • Virtualization hypervisor security container security.
  • Application development serverless security microservices CICD.
• At least 5 years of designing and/or implementing security in Cloud (AWS required Azure or GCP optional):
  • Multi-Cloud Hybrid Cloud IaaS PaaS SaaS shared responsibility model.
  • AWS IAM KMS S3 RDS SNS/SQS Organization Guard Duty Security Hub Detective Config CloudTrail CloudWatch Lambda.
  • Azure E3/E5 Active Directory Blob Azure Security Center Key Vault SSE Monitor Log Analytics Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF CSF FISMA and Fedramp.
• Familiarity with: ZTNA and SASE Framework ICAM (OKTA) CWPP SOC Operations Vulnerability Threat Management and Compliance.
• At least 2 years working in or managing Agile Devops Scrum Kanban.

Education

Candidate must have a Bachelor of Science (or higher) in one of the following:

• Computer engineering
• Computer science
• Information Technology (IT) or
• Cybersecurity

The resume may reference another major so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering systems administration information systems security software development security systems engineering information systems or IT.

Certifications

The candidate must have a:

• Certified Information Systems Security Professional (CISSP) and

At least one of the following or equivalent:

• Certified Cloud Security Professional (CCSP)
• AWS Certified Solutions Architect Associate
• AWS Certified Security Specialist
• Microsoft Azure Solutions Architect
• Google Professional Cloud Architect.

Clearance

• Public Trust

LOCATION & Hours

• Hybrid - primarly Remote however there maybe occasional times that the team could be asked to report to the are as follows:
  • USPTO HQ:

600 Dulany Street Alexandria Virginia 22314

• Zermount HQ:

2111 Wilson Blvd Ste 200 Arlington VA 22201

• Hours of Operation
  • 8:00 am EDT - 4:30 pm EDT

Required Experience:

Staff IC