Security Architect

Leidos is seeking a Security Architect to develop robust security frameworks for a groundbreaking integrated air and missile defence command and control (C2) program for NATO partners and allied operations. You will bring your expertise in data-centric security to design evolve and validate a fit-for-purpose security architecture for a cloud-based solution supporting NATO missions. The role requires a thorough understanding of modern data-centric security Zero Trust Architecture (ZTA) Identity and Access Management (IAM) and cloud security fully aligned with the NATO Data Strategy for the Alliance (DaSA) and NATO Data-Centric Reference Architecture (DCRA).

To help define and evolve security concepts and architecture underpinning a federated multi-domain cloud environment you will leverage security patterns supporting data classification tagging lineage encryption access controls (RBAC/ABAC/CBAC) access decision logic and policy-based enforcement. You will also bring strong skills in architecting Identity Credential and Access Management (ICAM) & Zero Trust solutions. You will create Zero Trust enforcement models across identity endpoints networks workloads and data.

Primary Responsibilities

• Use MBSE tools (e.g. Sparx Enterprise Architect) to build data-centric security-first architecture models.

• Develop architecture views aligned with the NATO Architecture Framework (NAF v4) including security views system views technical standards/compliance views service-based views and data views.

• Model security behaviours using sequences activity flows state machines and dependency diagrams.

• Trace security requirements from operational concepts to system functions to services to components and to controls.

• Assist the programme and teammates in navigating and completing the NATO Security Accreditation process for systems on restricted and classified networks. Clearly identify compliance concerns and trade-offs and propose accreditation strategies.

• Create the System Security Architecture Document (SSAD) Security Target & Risk Assessment Secure Configuration Baselines Security Operating Procedures (SecOPs) and Security Test & Evaluation (ST&E) artifacts.

• Engage directly with NATO Security Accreditation Authorities and comply with the NATO Security Directive Series STANAGs and FMN Baseline requirements.

Basic Qualifications

• NATO SECRET or national equivalent security clearance.

• Bachelors in Cybersecurity Information Assurance Computer Science Systems Engineering or related field.

• Strong knowledge of the underpinnings of multi-domain security concepts attribute-based security and associated approaches architectures and technologies.

• Hands on experience with architecting for Data Centric Security and Zero Trust Architecture preferably in a military and/or coalition environment.

• 5 years in defense security architecture cloud security or classified system environments.

• Deep knowledge of cloud security data-centric protection encryption IAM/ICAM Zero Trust and secure system design.

• Experience designing architectures for cross-domain multi-level multi-tenant systems.

• Knowledge of MBSE tools and modelling languages (e.g. SysML UML NAF/DoDAF/UAF frameworks).

• Strong understanding of modelling data flows access policies interfaces and trust boundaries.

• Ability to coordinate reviews produce documentation and close findings with Security Accreditation Authorities (SAAs).

• Proficient with standards including but not limited to: NIST 800-207 (ZTA) NIST 800-53 ISO 27001 CIS and NATO cyber/INFOSEC frameworks (STANAG 4774 STANAG 4778 STANAG 5636 and ACP 240)

• Experience conducting risk analyses vulnerability assessments and defining mitigations.

• Excellent communicator comfortable with multinational stakeholders.

• Able to guide engineers and analysts through secure-by-design principles and model-based workflows.

Preferred Qualifications

• Masters degree.

• Expertise in Zero Trust Data Format (ZTDF)

• Expertise in MBSE tools such as Cameo MagicDraw or Sparx Enterprise Architect and NAF v4 operational system service and security viewpoints.

• Demonstrated expertise in applying data-centric security principles.

• Demonstrated experience completing NATO accreditation for classified systems.

• Strong understanding of the NATO Data Strategy and NATO Data-Centric Reference Architecture (DCRA).

• Relevant advanced certifications:

  • CompTIA Security

  • CISSP CCSP

  • Zero Trust ICAM cloud security certifications

• Model-based engineering certifications (e.g. SysML vendor MBSE training)

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.