Responsibilities:
Assessment of the current state of Zero Trust Architecture implemented across all systems.
Plan/roadmap defining best path forward to implement Zero Trust Architecture across all systems along with updates at least quarterly.
Assessment of the current state of Client's implementation of multi-factor authentication ("MFA") across all systems
Plan/roadmap or assessment defining the best path forward for the continued implementation of multi-factor authentication ("MFA") across all systems along with updates at least quarterly.
Enterprise definition of encryption at-rest and in-transit based on understanding of Client's enterprise technology implementation
Assessment and inventory of the current state of encryption at-rest and in-transit for all systems and associated data.
Plan/roadmap defining how and when all systems will implement encryption at-rest and in-transit if not already implemented along with updates at least quarterly.
Support in continually improving the IT Security's incident detection and response posture by providing recommendations on how to improve processes and toolsets
Support the implementation of a Supply Chain Risk Management program by recommending processes improvements, i.e. SDLC updates, and appropriate toolsets.
Assess current development methodologies adherence to security compliance and make recommendations/policies to ensure security compliance is incorporated rigidly into the SDLC process.
Validate and/or recommend changes to Client's current Security Standards and Implementation / Maintenance Policies and support the effort to ensure that Security Standards are incorporated in all EA and Development Initiatives.
Contribute to defining a path forward to transition to a 100% Dev/Sec/Ops adoption including developing a recommendation taking into account all facets of Dev/Sec/Ops including technical as well as organizational objectives and challenges.
Contribute to the maintenance of the EA To-Be Architecture and the associated Roadmap for achieving the EA To-Be Architecture from a Security Architecture perspective taking into account the strategic direction of the Information Security Program.
Required Skills:
B.A. or B.S. degree or equivalent experience.
Minimum 7 years of experience working as a Security Architect in a mid to large size IT environment and delivering technical security solutions for the enterprise.
Experience providing IT security support to government clientele is preferred.
Desired capabilities shall include:
Solid understanding of security protocols, cryptography, authentication, authorization and security.
Good working knowledge of current IT risks and experience implementing security solutions.
Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
Working knowledge and experience implementing zero trust architecture across both custom developed and cloud-based systems.
Ability to interact with a broad cross-section of personnel to explain and enforce security measures.