This role ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.
· Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET).
· Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
· Employ secure configuration management processes.
· Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
· Identify and prioritize critical business functions in collaboration with organizational stakeholders.
· Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
· Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
· Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
· Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
- Knowledge of business continuity and disaster recovery continuity of operations plans.
- Ability to serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.
- Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
- Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
- Knowledge of microprocessors.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
- Ability to design architectures and frameworks.
- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Knowledge of computer algorithms.
- Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
- Knowledge of installation, integration, and optimization of system components.
- Knowledge of human-computer interaction principles.
- Knowledge of remote access technology concepts.
- Knowledge of communication methods, principles, and concepts that support the network infrastructure.
Additional information :
· Start date : ASAP
· Contract : Mission and/or CDI
· Location : Liège, Belgium