This is a full-time position with Tecknomic and the project is with the Office of the Chief Financial Officer (OCFO). This is a hybrid role in Washington DC. Please note, in order to apply for this position, you must be able to provide proof of Covid-19 vaccination at the initial screening stage of the interview.
This role closes on 12/30/2024.
Job Description:
Hybrid position - required to report on-site at least once bi-weekly and as needed depending on project needs.
Role Overview:
We are seeking a highly experienced Cybersecurity Architect / Strategic Consultant to lead and guide the development, implementation, and evolution of customer cybersecurity strategy. This role demands a deep understanding of cybersecurity frameworks, risk management, emerging technologies, and technical security controls and architecture. The ideal candidate will be a trusted advisor to senior leadership, aligning cybersecurity initiatives with business objectives to safeguard organizational assets and reputation.
Key Responsibilities:
Strategic Planning and Advisory:
oDevelop and refine the organization’s cybersecurity strategy, ensuring alignment with overall business goals.
oProvide expert guidance on implementing industry-standard security program frameworks such as NIST CSF, ISO 27001, and CIS Controls.
oIdentify emerging threats and recommend proactive technical measures to mitigate risks.
oDesign and enablement of cyber controls functions and processes based on CMMC / NIST 800-171, NIST 800-53
Risk Management:
oFamiliarity with risk management frameworks like NIST RMF, ISO 27005, and FAIR.
oConduct comprehensive cybersecurity risk assessments, identifying vulnerabilities and recommending remediation strategies.
oDevelop and maintain a robust risk management program to address both IT and operational risks.
oImplement technical solutions to manage and monitor risk effectively, including vulnerability management tools.
Technical Oversight
oDesign and validate secure network architectures, focusing on principles such as Zero Trust and least privilege.
oEvaluate and implement advanced security technologies, including EDR, SIEM, DLP, and intrusion detection/prevention systems.
oProvide hands-on technical assessments of infrastructure, applications, and cloud environments to ensure security compliance.
oOversee penetration testing activities and ensure identified vulnerabilities are remediated.
Policy and Governance
oLead the development and enforcement of cybersecurity policies, standards, and procedures.
oEstablish metrics and reporting mechanisms to measure the effectiveness of cybersecurity initiatives.
oSupport incident response planning and governance, ensuring technical readiness for potential breaches.
Cloud and Emerging Technologies
oProvide technical guidance on securing multi-cloud environments, including AWS, Azure, and Google Cloud.
oEvaluate and implement cloud-native security tools, such as CSPM, CIEM, and workload protection platforms.
oAdvise on emerging technologies like AI and ML, focusing on their application in threat detection and response.
Incident Response and Threat Intelligence
oDevelop and oversee technical aspects of the incident response plan, ensuring readiness for real-world threats.
oLeverage threat intelligence platforms to proactively identify and address potential vulnerabilities.
oCoordinate with SOC teams to fine-tune detection rules and improve response times.
Qualifications:
Education:
oBachelor’s orMaster’sdegree in Cybersecurity, Computer Science, Information Technology, or a related field.
Experience:
oMinimum of 15 years of experience in information security.
oProven experience with NIST CSF, NIST 800-53, and NIST 800-171 frameworks.
oProven track record of developing and executing cybersecurity strategies for organizations of varying sizes and industries.
oHands-on experience with risk assessments, compliance audits, and incident response planning.
oPrior role as a Sr. Security Consultant, Security Architect, or similar position is highly desirable.
Certifications:
oRelevant certifications (e.g., CISSP, CISM, CISA, CRISC, OSCP, CEH, or GSEC).
Skills:
oStrong understanding of cybersecurity frameworks, regulatory requirements, and risk management methodologies.
oProficiency with technical tools such as vulnerability scanners (e.g., Nessus, Qualys), SIEM platforms (e.g., Splunk,QRadar), and EDR solutions (e.g., CrowdStrike, Cisco Secure Endpoint, Cisco Secure Workload).
oExceptional communication and presentation skills, with the ability to convey complex cybersecurity concepts to both technical and non-technical stakeholders.
oLeadership and influence capabilities to drive organizational change.
oAnalytical mindset with the ability to anticipate and solve complex challenges.
oExpertise in cloud security, Zero Trust architecture, and emerging technologies.
What we bring:
• Health, Dental and Vision Benefits
• Life, AD&D, Short Term Disability and Long Term Disability paid 100% by the company
• Time off: Public Holidays, Vacation Days & Sick Days
• 401K
