Information Security Architect

Summary :

A Security Architect is "responsible for ensuring that the information security requirements necessary to protect the organization's core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes."

Client's Security Architects regularly perform the following types of work :

1. Document designs for configuration and controls to reduce cyber and information security risk for applications, infrastructure, and data.

2. Guide implementation of security configuration and controls and help test the effectiveness of the implementation.

3. Discuss proposed IT changes (including but not limited to new technology) with subject matter experts and implementers so that security risks are identified before implementation.

4. Client and document the current state of configuration and controls protecting applications and infrastructure to help the IT teams understand where there are gaps or weaknesses and how the cyber risk context may have changed since initial implementation.

5. Take an active role on the Cyber Incident Response Team (CIRT) when there are investigations, incidents, or practice exercises.

DUTIES & RESPONSIBILITIES :

Systems Requirements Planning

Develop and document secure system designs by applying the principles of Zero Trust, micro-segmentation, and other approaches for reducing cyber risk.

Provide subject matter expertise to the Information Security Risk Management Team as they are assessing risk for new technologies or use cases.

Guide technology teams by applying your knowledge of cloud services, solution platforms, data center hosting environments, and IP networking to all proposed solution architecture to help them apply secure configurations and conform to the Commonwealth's security standards.

Systems Security Architecture

Serve as a security representative on technology project teams to provide guidance and support during the project lifecycle.

Ensure that security controls are designed, implemented, and documented.

Advise on the criticality and remediation of known software and firmware vulnerabilities.

Create and document solutions using a risk-based approach, that considers the business requirements, compliance requirements, and cyber risk across all functions in the NIST Cyber Security Framework.

Serve as a member of the Cyber Incident Response Team.

Design, document, build, implement, and support enterprise-class security tools and systems.

Perform or supervise security assessments on critical and important technology infrastructure and applications.

Maintain current knowledge of global cyber threat information, including tactics and techniques, and how they may pose new risk to MassDOT's networks, systems, and applications.

Function as a subject matter expert who can explain highly technical topics to those without a technical background.

General Duties :

Continuously provide feedback and recommendations for the protection of user accounts, employee information, and constituent data.

Possess and utilize professional communication skills.

Identify and communicate current and emerging cybersecurity threats.

Maintain a general understanding of current Laws, Articles and Regulations regarding Massachusetts resident's data.

Understand and monitor compliance with enterprise security policies and standards.

Participate in continuous process improvement activities by providing documented security guidance and recommendations to various stakeholders and teams.

Assist in the creation and upkeep of documented managed processes that apply security requirements from enterprise security policies and standards to the work being performed by the Security Team.

Respond to each inquiry, whether from a customer, vendor, or co-worker in a courteous and professional manner.

Perform duties and project work as assigned.

Provide on-call support as needed.

Be willing and able to drive a company or personal vehicle to assist at emergencies and / or events as needed.

QUALIFICATIONS :

Bachelor's degree or relevant applied experience in computer, network, data, or cloud technologies.

Knowledge of all layers of the OSI model.

Knowledge of and experience with security architecture frameworks.

Current knowledge of the cyber threat landscape, vulnerability management strategies and tactics, security monitoring requirements and implementation, and security operations analytics.

Knowledge of cyber security frameworks such as NIST CSF, CIS 18, etc.

Demonstrated ability to perform risk assessments of applications, databases, and / or infrastructure.

Excellent verbal and written communication skills.

Experience with creating and updating documentation related to security requirements and managed processes.

Ability to work as part of a team as well as independently.

PREFERENCES INCLUDE :

CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, Security or equivalent certification preferred.