Job Description
Description
This is a Security/Firewall Architect position within the Vanguard 2.2.1 Cybersecurity Integrity Center (CIC) office, within the Department of State Bureau of Diplomatic Technology (DT) providing security architecture and design leadership over multiple firewall and security systems and devices. The well qualified candidate will possess and apply comprehensive expertise knowledge regarding security solutions. The candidate must be capable of designing and developing large scale, complex security solutions. The solutions shall meet or exceed the security compliance guideline requirements. The candidate must be capable of evaluating performance results, performing risk assessments, and recommending changes affecting security configuration/implementations. The position directly supports DoS on-site to provide security protection to over 100,000 customers globally.
This role can be located in Beltsville, MD or Washington, DC. It is hybrid and requires at least 2-3 days per week onsite.
Responsibilities include:
- Plans and designs security architecture and solutions for a global environment by evaluating network and security technologies, on premise and cloud.
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; when needed preparing cost estimates.
- Develop and deploy perimeter security solutions utilizing multi-vendor firewalls, email security, IPS/IDS, SSL decryption, DMZs, and virtualization/zones for on premise and cloud based services.
- Define and implement enterprise perimeter (on premise and cloud based) security policies and procedures.
- Lead security-related architecture projects. Design robust and resilient solutions for PSD infrastructure services, and for new services.
- Lead and oversee PSD certification and accreditation efforts, NIST Cybersecurity Framework/DoD Risk Management Framework/DIACAP.
- Evaluate and recommend new and emerging security products and technologies.
- Develop and interpret security policies and procedures.
- Create policies and ongoing processes in support of the security engineering team. Verify ongoing compliance with policies and best practice.
- Identify security issues and risks, lead development and implementation of mitigation.
- Advise and consult with other teams to identify risks and implement remediation.
- Provides leadership and/or direction to engineering teams.
- Oversee and guide the completion of major programs and projects.
- Participates as a Subject Matter Expert in technical and business discussions with clients, teammates, vendors, partners and /or upper level managers.
- Ability to manage and/or lead cross-functional teams for customer engagements.
- Participate in incident response; create incident response procedures and documentation; assist with post-event analysis.
- Wide breadth of knowledge across security products, tools, and industry trends; ability to create solutions using a pragmatic, risk-based approach.
Qualifications
Required Education & Experience:
- Bachelor’s Degree in Information Technology/Computer Science or Bachelor’s Degree and relevant experience. May accept additional experience in lieu of degree.
- 20+ years’ experience in Information Technology.
- 15+ years of relevant Network/Perimeter Security engineering experience.
- 5+ years’ experience as Security Architect/Network Architect in a large scale, global environment.
- Experience providing secure connectivity from on premise services to/from Cloud services.
- Hands on experience with a diverse variety of firewalls and networking devices.
- One or more of the following certifications: CCIE Security, JNCIE Security, Palo Alto Networks Certified Network Security Engineer, CISSP.
- Expert knowledge of networking concepts and architecture, including security considerations associated with networking hardware like Routers, Switches, Firewalls, Gateways, SSL Encryption/Decryption, PKI, TCP/IP, IPv4 and IPv6, etc.
- Expert experience in one or more of the following security devices: Palo Alto firewalls, Panorama management console, McAfee/Forcepoint StoneGate firewalls, A10 Encrypted Traffic Inspection/Application Delivery, and Cisco ESA & ASA.
- Experience developing and configuring SSL encryption/decryption solutions for traffic inspection.
- Strong understanding of routing/switching technologies, IP addressing/subnetting, and network traffic analysis/troubleshooting.
- Experience with network monitoring devices such as HP Openview, Nagios, Zenoss, NeuralStar or other similar monitoring tools.
- Experience working directly with Government customer.
- Excellent written and oral communication skills; must be able to prepare solution papers and present solutions to senior management.
Required Clearance:
- US Citizenship.
- Active Secret clearance with the ability to obtain a Top Secret clearance.
Desired Education/Skills:
- Firsthand experience in developing and providing quality assurance review of engineering change orders relating to the replacement or enhancement of perimeter security hardware and software.
- Experienced with performing root cause analysis, risk identification, and risk mitigation.
- ITIL ® Foundation certification.
- Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), Foreign Affairs Manuals (FAMs).
- Experience with Red Hat Linux/CentOS and Ubuntu including administration scripting is a plus.
Target salary range: $160,001 - $200,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC accepts applications on an ongoing basis and there is no deadline.
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
Overview
SAIC® is a premier Fortune 500® technology integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.
We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.