Enterprise Security Architect

Vigor Values

Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.

Truth: We seek the truth, and we speak the truth

Responsibility: We act on what we know is right

Evolution: We seek mastery, and adapt to a changing world

Love: We care about the people we work with, and the world we live in

POSITION SUMMARY:

As an Enterprise Security Architect you will operate within the Information Security organization, reporting directly to the Information Security Director. To ensure separation of duties between IT and Information Security (IS) you will oversee and provide guidance and mentorship to IT Network Engineers and other IT personnel who are conducting the implementation of the organization's contractual and business-mandated cyber security requirements, improving the company's overall security posture. You will be responsible for providing recommendations related to the overall architecture, network infrastructure design and application of strategy across multiple companies by working closely between the IT and IS teams. You will also focus on post-implementation assessment of network configurations and controls, advising the Information Security Director regarding the operational, compliance and security components of the overall network infrastructure across multiple companies. You will perform high level end-to-end assessments and reviews, from initial setup and configuration to ongoing change management and vetting of newly proposed networking tools. You will ensure responsible personnel have conducted necessary actions under your guidance for all applicable devices, applications and network infrastructure to properly configure and manage these components. You will have knowledge and familiarity of network and security tools and standards (Security Technical Implementation Guides (STIGS), NIST 800-171 and related) in order to provide guidance on initial configurations and recommendations for security tools and network setup.

Responsibilities

• Must live the Vigor Values every day

• Represent Information Security objectives in organizational initiatives.

• Provide functional and empirical analysis and recommendations related to the proper planning, design, installation and implementation of the network architecture and infrastructure that includes: servers, endpoints, network equipment and enterprise applications.

• Design Network Topology in order to provide layered security throughout the network. Work with teams to implement and maintain this design.

• Responsible for establishing and ensuring compliance through appropriate policies, processes and technology with CMMC, NIST SP 800-171, and Naval Nuclear 801 including collection and storage of compliance evidence.

• Thorough understanding of Information security best practices and regulatory requirements within overall infrastructure, across multiple companies

• Provide technical expertise for a wide range of Information Security tools, techniques and controls and advise on their incorporation into the IT Technology Roadmap.

• Proficient with best practice configuration requirements for firewalls with preferred experience in Cisco and Fortinet.

• Identify cyber security deficiencies and risk mitigation strategies, develop and oversee corrective actions through technical and non-technical measures working in conjunction with the appropriate IT manager

• Work with Technical Services, Enterprise Applications and End User Support managers to ensure processes are in place to appropriately harden infrastructure server, network and enterprise applications to DISA STIG standards.

• Contribute to company's IT and Security policies and procedures.

• Oversee Vulnerability management Program.

• Provide guidance on the management of Operational Technology (OT) networks

• Stay up-to-date with the latest security threats, and make ongoing recommendations for improving our security posture.

• Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.

Job Scope

The role operates within general parameters, but must use sound judgment and independent decision making when carrying out job responsibilities. Has the ability to influence existing protocols and modify practices. He/she has the responsibility to oversee the implementation of security measures in line with established government and contract mandated parameters.

Knowledge Skills and Abilities

• Broad experience directly applicable to position responsibilities listed above

• Experience in implementations of large-scale compliance programs such as NIST 800-171

• Experience with public cloud service providers (e.g. Microsoft Azure).

• Experience with identity and access management frameworks and protocols, including SAML, OAUTH, and SCIM.

• Experience with e-mail security protocols (e.g. SPF, DKIM, DMARC) and controls.

• Knowledge of modern adversary tactics, techniques, and procedures.

• Experience with Network infrastructure (Cisco, Fortinet)

• Understanding of networking concepts (e.g., protocols, topologies, encryption).

• Ability to perform technical security assessments of large complex systems.

• Ability to design and develop new security control implementations.

• Self-motivated and be able to work in a dynamic, changing environment.

• Broad understanding of cyber threat mitigation techniques and security technologies including emerging trends.

• Possess excellent interpersonal skills to include working with customers, employees, management and security personnel

Requirements

• Be a U.S. Citizen

• Ability to obtain an Active DoD Secret Clearance

Education and/or Experience

• 7 years' experience with Bachelor's degree in Computer Science, Engineering or equivalent or 10 years related technical experience (required)

• 4+ years of work experience in Information Security

• Experience contributing to Information Security solutions, scope, and architecture

• Significant experience with Information Security technologies, including vulnerability scanning tools, SIEMs, endpoint protection tools, DLP, and IDS/IPS tools

• Prefer experience with Tenable.io, ForcePoint, Titus, Titus Illuminate, and Microsoft O365 tools

Certificates, Licenses and Registrations

Must have a current version (or obtain within 120 days of start) at least one of the following DoD 8140 IAT Level III professional certifications:

• CASP+ - CompTIA Advanced Security Practitioner
• CCNP Security - Cisco Certified Network Professional Security
• CISA - Certified Information Systems Auditor
• CISSP (Or Associate) - Certified Information Systems Security Professional
• GCED - GIAC Certified Enterprise DefenderGCIH - GIAC Certified Incident Handler CCSP - Certified Cloud Security Professional