Senior Security Architect Job at Zermount, Inc in Arlington

SENIOR SECURITY ARCHITECT

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

Summary:

We are looking for a highly talented, technical hands-on Senior Security Architect located in the Washington, DC metro area to help accelerate our Security Program for a client in the Government Sector. You will use your exceptional security knowledge and hands-on security tooling and systems administration skills to help support our customer with developing, reviewing, and modernizing highly secure and compliant computing architectures and implementations.

Duties and Responsibilities:

• Lead a team of Security Architects and Security Engineers.
• Security Architecture: Develop and Recommend Security Architecture and Standards for both cloud and on-prem environments. Review and update diagrams of security tools and traffic flow within environment and make recommendations for enhancements.
• Cybersecurity Operations: Improve Cloud monitoring, detection, and response; Improve Security Operations (SOC) operations; Review existing security tools in environment for gaps and/or overlaps and make recommendations for improvements.
• Privacy & Continuous Monitoring: Improve Vulnerability Assessment program; Integrate security scanning in Cloud Pipeline; Improve Cloud and on-prem vulnerability coverage and scanning.
• Cybersecurity Authorizations and Compliance: Reduce time to ATO through continuous ATO; Improve Cloud Compliance.
• Addressing critical software; and Developing secure Cloud adoption.
• Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process.
• Integrate with Enterprise Architecture (EA) review process.
• Perform security reviews based on RMF controls compliance, clients, and security best practices.
• Develop security architectural patterns to enable faster ATO or assessment process by creating architectural designs that already meet compliance controls.
• Provide security architecture input for DevSecOps security strategy and roadmap including application and infrastructure vulnerability scanning, automated assessments, and security controls.
• Performs architecture design reviews including configuration and log reviews and perform network traffic analysis.
• Produces a SAR Report to include HVAs architecture strengths and findings.

Qualifications

Required Skills:

• High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
• Equally adept at strategic planning and operational/technical level.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
• At least 5 years (preferred 10 years) of network, systems, applications:
  • LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS.
  • Virtualization, hypervisor security, container security.
  • Application development, serverless security, microservices, CICD.
• At least 3 years of designing and/or implementing security in Cloud (AWS required, Azure or GCP optional):
  • Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
  • AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
  • Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance with RMF, CSF, FISMA, and Fedramp.
• Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
• At least 2 years working in or managing Agile DevOps, Scrum, Kanban.
• Cloud architecture.
• Architecture experience.
• Networking experience.
• Network Security/Cyber Security experience.

Education:

Candidate must have a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, information technology, or cyber security. The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or information technology.

Certifications:

• Certifications to include one or more of the following:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional,
  • AWS Certified Solutions Architect Associate
  • AWS Certified Security Specialist
  • Microsoft Azure Solutions Architect
  • Google Professional Cloud Architect

Clearance: United States Patent and Trademark Office Specific Minimum Background Investigation (MBI) will be conducted.

Work Location: Remote (Initial onboarding in Arlington, VA). Minimal travel to the Washington, D.C. Metro Area may be required if requested by the client.