Enterprise Security Architect
- Washington, DC, USA
- Clearance Level: Secret
MindPoint Group delivers industry-leading cybersecurity solutions, services, and products. We are the trusted cybersecurity advisors to key government and commercial decision-makers and support security operations for some of the most security-conscious organizations globally. We design and implement innovative security solutions to identify and defend against today’s risks and tomorrow’s attacks.
We believe that helping organizations operate from the best security posture possible requires automation. Empowering our employees to excel and providing them with the means to do so enables us to consistently exceed our clients’ expectations.
Unlike many IT consultancies, we’re not a body shop. Our client engagements are challenging and growth-oriented. Our relationship with you is for the long run because, in this business, your success is our success. That’s why we treat investments in employees as investments in the company itself, which is why we offer fantastic benefits (healthcare, generous PTO, paid maternity and paternity leave, and tuition reimbursement, to name a few).
But you’ll want to work here for reasons that can’t be written into an offer letter—the challenge, growth opportunities, and most important: the culture of a company that cares about you.
We are an established, profitable, and growing company that promises you the following:
- A diverse organization.
- A safe workplace with zero tolerance for discrimination and harassment of any kind.
- A balanced work life. Seriously.
- Potential of a flexible schedule, depending on the specific customer.
- A leadership team focused on your professional growth and development.
MindPoint Group is seeking an experienced Enterprise Security Architect for our government client. The Enterprise Security Architect will focus on standardization, suitability, and integration of the existing security portfolio while looking to incorporate new and more dynamic solutions to make the client's environment more secure and user-friendly. As a Security Architect, you will be responsible for evaluating new solutions (IoT, APIs, etc.) and developing the supporting elements required to incorporate new technologies safely and securely. The candidate should be familiar with the following:
- Develop and maintain current and planned state architectural documents – domain roadmaps, standards, reference architecture, implementation documents.
- Assess vendor capabilities, development, and test strategies
- Lead working groups and work collaboratively with other domain enterprise and solution architects to deliver a comprehensive technology roadmap and future state vision.
- Review solutions to be deployed in cloud and on-premise environments
- Assess, design, implement, and document cybersecurity processes and solutions
- Perform cybersecurity modeling, analysis, and planning activities
- Analyze business requirements to develop technical solutions and their framework
- Respond to and, when appropriate resolve or escalate security incidents
- Review security logs, enterprise tools and network traffic for unusual or suspicious activity
- Maintain in-depth knowledge of IT industry best practices, technologies, architectures, and emerging technologies.
- Communicate architectural decisions, plans, goals, and strategies
- Experience leading the alignment of on-going activities in support of critical Federal mandates such as Continuous Diagnostics and Monitoring (CDM), Executive Orders related to cybersecurity, and guidance from OMB and NIST
- Experience providing high-level design and architecture diagrams, technically validating solutions and connecting business, data, security, systems, and other technical and non-technical architectures
- Familiarity with open architecture and cybersecurity architecture principles that achieve cybersecurity framework goals
- Support with vendor/customer assessment and audit activities
- Active Secret Clearance required
- Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) required
- At least 8 years of experience in network and endpoint security architecture
- Experience with security tools such as vulnerability management tools (Nessus, Retina), configuration management (Bigfix, SCCM, EPO), endpoint detection (antivirus, ATP), data loss prevention, and intrusion detection software and hardware
- Familiar with data analysis tools (Excel or PowerBI)
- Familiar with encryption technologies used in commercial operating systems, including Public Key Infrastructures, symmetric and asymmetric cryptography, certificate trust stores and the use of key escrow for discovery and legal purposes
- Familiarity with the use of Transport Layer Security (TLS) to secure network communications, code signing certificates and Certificate Authorities (CA) for the administration of encryption trust certificates.
- Familiar with multi-tiered network applications, common ports and protocols used in those communications, the Common Vulnerability System (CVS) and the exploitation mechanisms of common vulnerability types (e.g. buffer overflows, cross-site-scripting, SQL injection).
- Ability to perform online research and comprehend attack signatures while comparing them to network traffic to perform proper analysis of detections.
- Ability to use common tools such as Wireshark to examine network traffic.
- Familiarity with protocols commonly used in commercial networks, such as Server Message Block (SMB), Remote Procedure Calls (RPC), Hypertext Transfer Protocol (HTTP) and Structured Query Language (SQL).
- Ability to perform Splunk queries to examine and query log data from the Enterprise Logging as a Service system.
- Candidate should have strong analytical and organizational skills.
- Candidate should have concise writing skills, excellent MS Word skills as well as other MS Office Applications.
- Candidate should have experience leading meetings and other briefings to senior leaders
- Candidate should have a background in general security practices such as identity and access management (IAM), encryption, and multi-factor authentication, security information and event management (SIEM), and supporting technologies
- All your information will be kept confidential according to EEO guidelines
- Equal Opportunity Employer Veterans/Disabled