Vacancy expired!
Req ID: RQ148643Type of Requisition: RegularClearance Level Must Be Able to Obtain: NoneJob Family: Solutions ArchitectSkills:Cybersecurity,Information Security,Information Technology SecurityExperience:7 + years of related experienceJob Description:We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country. We ensure today is safe and tomorrow is smarter. Our work has meaning and impact on the world around us, but also on us, and that’s important.We are looking for a Chief Security Architect to join our team. You will be responsible for ensuring security technologies align and meet client requirements. The ideal candidate will be savvy to current government cyber security policies/mandates and be a proven contributor with experiencing achieving security and compliance objectives within a large, managed, enterprise environment.HOW THE SECURITY ARCHITECT WILL MAKE A DIFFERENCE:At GDIT, people are our differentiator. As a Security Architect, in this role, a typical day will include:
Evaluating customer information systems unique cybersecurity requirements
Develop new, or improve existing, security architectures and designs to meet customer requirements
Develop, document, and maintain the organization's information security, cybersecurity architecture, and systems security engineering capabilities throughout the system life cycle.
Review acquired or developed system(s) and technologies to ensure compliance with organization's cybersecurity architecture guidelines.
Collaborate with organizational stakeholders to identify and prioritize critical business functions and align cybersecurity activities accordingly as part of an overarching Risk Management plan.
Perform security reviews, identify gaps in security architecture, and work with system stakeholders to develop a mitigation plan.
Review, define and document security implementation for system interfaces to ensure security posture of the current environment is maintained.
Determine the safeguards for the information system(s) and network(s) and document appropriately.
Responsibilities:
Mature security practices within the Software Development Life Cycle methodology
Ensure systems and security processes integrate with enterprise programs including Continuous Diagnostics and Monitoring (CDM), and Enterprise Governance, Risk, and Compliance tool(s).
Oversee cyber security tests, risk evaluations, assessments and present results to leadership
Guide team in implementing DevSecOps methodologies
Work in conjunction with the Information Security Officer to provide technical consultation and escalate security—related issues
Develop and implement threat models within a risk assessment process to prioritize identified security issues and provide mitigation recommendations to stakeholders
Provide input on configuration changes and risk recommendations as needed
Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce the exposure to cyber risks
WHAT YOU'LL NEED TO SUCCEEDEDUCATION:
A BA/BS degree (computer science/systems, information systems/technology, engineering/engineering technology, infosec) and one or more of the following certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified Data Privacy Solutions Engineer
Certified Ethical Hacker (CEH)
Required Experience:
Minimum 7 years of security architecture and compliance experience
Desired Skills and Experience
Has expertise with FISMA, OMB, NIST, Federal Government or private sector security certification requirements.
Understands IT Security and Privacy compliance issues
Has an advanced understanding of information systems and architectures.
Has the ability to work across multiple projects simultaneously.
Has expertise with several security platforms, including but not limited to firewalls, intrusion detection systems, two-factor authentication systems, antivirus systems, secure email gateway appliances, web filtering proxy, security information and event management (SIEM) platforms, data-loss prevention, vulnerability detection & remediation, content filtering and identity & access management.
Demonstrates expertise in designing secure networks, systems, & application architectures; in disaster recovery technologies & methods; in planning, researching, & developing security policies, standards & procedures; in system administration activities; and in supporting multiple platforms and applications.
Demonstrates expertise with cloud Platform-as-a-Service (PaaS) and security testing tools.
Demonstrates an understanding of vulnerability management; specifically, understanding the remediation process and how to prioritize risks and which remediation actions are appropriate to take.
Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation.
Maintains knowledge of relevant network and security technologies and trends such as Single Sign-on, MFA, Federation, SAML, IDAM, SDN, Zero Trust, SOAR, AI, IoT, and others.
Experience with analyzing vulnerability and penetration testing reports to develop and manage POA&Ms to include risk calculations
Demonstrated knowledge of data security administration principles, methods, and techniques
Requires familiarity with network concepts, user authentication, and digital signatures
Has thorough knowledge of security principles, concepts, policy, and regulations.
Ability to identify risks in security systems and work with technical experts to resolve security issues.
LOCATION:
This job can be supported remotely or with a Hybrid work arrangement. There will be some required travel to customer sites in the Richmond, VA area and throughout Virginia will be required. It is currently estimated at 25-30% travel/ on-site time.
TIMELINE:
This position is being posted contingent on contract award or funding. It is expected to start in late 2023 or early 2024.
We are unable to provide work visa sponsorship for this position.GDIT IS YOUR PLACE:
Full-flex work week to own your priorities at work and at home
401K with company match
Comprehensive health and wellness packages
Internal mobility team dedicated to helping you own your career
Professional growth opportunities including paid education and certifications
Cutting-edge technology you can learn from
Rest and recharge with paid vacation and holidays
COVID-19 Vaccination: GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the customer site requirements.We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Vacancy expired!