Enterprise Network Architect

Location: Falls Church, VA
Job Type: Temp To Perm
Salary: $1.00 - $1.00
Degree: Bachelor of Science;
Date: 11/10/2017
Job ID: 02527084
Job Description
Location: Falls Church, VA
Clearance: Secret
Certifications: CCIE / CCNP

We are seeking a Guru-level enterprise network architect to support the USPS Cyber Security Program. Work within the Corporate Information Security Office (CISO) team to improve the overall Cybersecurity plans and act as a liaison and evangelist to encourage strong security practices across all projects, code development, infrastructure, and operations. Apply Engineering techniques to validate and test complex security architecture and designs to produce detailed engineering specifications for existing and proposed technologies; in certain cases, provide detailed designs to effectively mitigate legacy technology vulnerabilities. Collaborate with business and IT staff to understand strategic and tactical business, application, or service requirements, then translate those into securely designed solutions.
  • Develop a comprehensive enterprise security architecture and implementation plan that will effectively scale and support regulatory and legal business requirements.
  • Participate in leading and defining security practices for enterprise networks consuming both cloud and on premises services using systematic approach to security and anticipation of threat vectors.
  • Lead initiatives to ensure that the technology vision is realized including developing advance detection and monitoring capabilities for incident management, response planning and reaction to events.
  • Work with software engineers to develop network security related software. 
  • Provide complex technical guidance, oversight, and enforcement of security directives, policies, standards, plans, and procedures.
  • Develop project documentation including detailed security plans, security architecture designs, detailed security implementation and deployment plans, test plans, and security-focused operational procedures and training materials.
  • Assess, design, implement, and integrate enterprise security solutions including, but not limited to, next-generation firewalls, web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), content filtering, secure log management, security information, event management (SIEM) systems, anti-malware solutions, mobile device management (MDM), cloud orchestration, and endpoint security solutions.
  • Identify technology risks and independently evaluate the efficiency and effectiveness of complex information technology and security controls across IT infrastructure, cloud services, networks, and security systems to help manage risks that could impact the company.
  • Maintain knowledge of complex industry trends, current security issues, and security technologies.
  • Analyze products, systems, projects, and concepts and document their role in the cybersecurity architecture, tracing their value to business requirements and their effectiveness at supporting policies.
  • Work with project leads, developers, network engineers, and cybersecurity peers, to design and maintain a highly secure infrastructure.
  • Gain understanding of the organization’s systems, networks, people, duties, and goals and ensure that they are documented in a standards-compliant framework.
  • Document the organization’s Cybersecurity landscape for several audiences.
  • Communicate the business vision, requirements, policies, physical, and operational elements of system and security architecture.
  • Communicate technologies, protocols, boundaries, system interfaces, APIs, dependencies, interactions, and products of and component architecture to audiences including executives and engineers.
  • Work with experts to identify, document, and track weak points in the architecture based on standardized methodologies and innovative analysis.
  • Document countermeasures needed as revealed in the architecture.
  • Serve as a business enabler by supporting development of clear planning and design documents for properly-secured, policy-compliant, systems and networks.
  • Support system- and network-related policy development and regulatory compliance.
  • Promote application of FISMA compliance standards, including NIST, DISA STIGs, and related guidance and standards for configuration/audit.
  • Contribute system and network engineering knowledge in improving the security architecture.
Technical Expertise:
  • EMC Avamar, EMC Data Domain
  • Cisco ASA, Cisco Catalyst Switches
  • Cisco NetScalers, DNS Forwarder
  • Gigamon, Cisco ISE
  • Extensive experience (7+ years) in enterprise security architecture including security architecture review, design, implementation, and operations experience.
  • Must possess a Master’s in information security and CISSP (prefer ISSAP or ISSEP specialization)
  • Strong expertise in large networks and systems (servers, operating systems, virtualization, cloud services, and storage) and networking technologies (communication protocols, infrastructure)
  • Familiarity with compliance & security standards across the enterprise IT landscape.
  • Proven experience building security reference architecture for all-in cloud deployments and hybrid scenarios.
  • Strong verbal and written communication skills, with the ability to work effectively across internal and external organizations.
  • Strong leadership, project, and team building skills, including the capability to lead teams and drive projects and initiatives by working effectively with others, demonstrating the ability to work cross-departmentally.
  • Extensive knowledge of and ability to design secure solutions that will meet various compliance frameworks including FISMA/FEDRAMP/NIST, ISO/IEC 27000, PCI, HIPAA, as well as global and regional privacy mandates.
  • Implementation experience with enterprise security solutions such as WAF, IPS, Anti-DDOS, and SIEM.
  • Familiarity with compliance & security standards across the enterprise IT landscape Deep understanding of enterprise risk management methods and techniques to drive successful outcomes in a multi-national environment.
  • Working knowledge of cloud computing technologies and workload transition challenges for example AWS Experience, Azure etc.
  • Significant technical expertise in Cloud Computing technologies, Mobile Security and encryption, scripting languages (Python, RoR, etc), integrating 3rd party monitoring tools, encryption tools and best practices, and forensics.
  • US Citizenship status and Active DoD Secret Clearance (preferred), must successfully complete the government's security process (required).