Position: Associate Security Solution Architect
Location: Bethesda, MD, 20814
Duration: 7+ Months
Job Type: Contract
Work Type: Remote
Pay Rate: $70 - 72/hr on W2
Job Description:
- The Associate Security Solution Architect provides in depth technical security guidance and is identified as the security subject matter experts (SME) for various technologies and project areas.
- Responsible for creating and developing capability-focused security solution architectures that are aligned to business and technology needs.
- Assists with maintaining security strategies, requirements, and standards for applications and platforms.
- Ensures architectures and patterns are aligned to company security policies, standards and industry standards.
- Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability.
- Assist with any reviews and approvals for Security Accreditation tasks during each phase of SDLC.
- Serves as project/program point of escalation for security issues and risks that may arise.
- Has a broad and deep knowledge in security areas such as application security, IAM, infrastructure, network, and security vulnerability management.
- This position may work as a dedicated embedded solution architect team member or across multiple projects/programs as may be required
CANDIDATE PROFILE
Education / Experience
Required:
- Bachelor or Associates degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.
- 5-7+ years of Information Technology experience including 5+ years security experience in conducting security reviews and accreditation.
- 2+ years experience developing Security Architectures and Solutions.
- 2+ years experience reviewing and identifying security risks/gaps.
- The Associate Security Solution Architect must have at least two years experience with some or all of the following:
- Experience in using architecture methodologies such as TOGAF, SABSA, Zachman, etc
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Experience securing CI/CD pipelines.
- Experience in public cloud security such as – AWS, Azure, Alibaba Cloud, Oracle Cloud
- Full-stack knowledge of IT infrastructure
- Could infrastructure and technologies
- Databases
- Operating systems — Windows, Unix and Linux
- Hypervisors
- IP networks — WAN and LAN
- Storage networks and technologies
- Backup networks and media
- Containers/Kubernetes
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
Additional Experience and Skills
- Experience in conducting independent research
- Direct interaction with cross functional, sourced, or matrixes teams
Preferred
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
- Experience in providing input to or developing Enterprise Security Strategies.
- Verifiable experience reviewing application code for security vulnerabilities.
- Current information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA's CISA, The Open Group's TOGAF, SANS' GAIC
- Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, CIS Benchmarks etc.
- Proven ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM and Infrastructure.
- Knowledge of how to secure technologies such as but not limited to; SaaS services (ie. O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management.
- Knowledge of SDLC (Waterfall/Agile), DevSecOps and good understanding of ITIL v3 Framework.
- Proficient in performing quantitative risk management analysis.
- Using ServiceNow to track activities, tasks, approvals, etc.
- Strong negotiating, influencing and problem resolution skills.
- Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
- Experience in business systems and process planning.
- Knowledge of business environment, service requirements and hospitality culture.
- Ability to translate information security objectives into mutually beneficial business strategies for the client organizations.
- Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action.
- Graduate/post graduate degree in cyber security.