Security Architect

Summary

Join Tria Federal as a Security Architect and contribute to the implementation of portfolio and product line architecture across the Department of Veterans Affairs. You will analyze security artifacts, identify gaps, and design solutions to improve cybersecurity compliance and reduce risk. Collaborate with stakeholders to propose solutions and create epics that enhance security. Review strategic plans, conduct analysis, and interview stakeholders to understand portfolios. Highlight gaps, areas of concern, and opportunities for efficiencies using agile, CI/CD, and DevSecOps approaches. This role requires a minimum of 4 years of experience, including at least 2 years of cloud experience, and a Bachelor's degree. A CISSP certification is preferred.

Requirements

• Understanding of Compliance and Industry Regulations (e.g., GDPR, HIPAA, PCI DSS), compliance requirements, and security frameworks (e.g., NIST, ISO 27001) to ensure adherence to legal and regulatory standards. Prefer an understanding of NIST 800-53, NIST 800-37, and NIST 800-39
• Must have a good working knowledge of foundational cloud aspects and architectures
• Must understand encryption types (symmetric / asymmetric) as well as encryption algorithms such as RSA and DSA
• Must have a strong communication skillset to be able to translate security points to government customers
• CISSP (Certified Information Systems Security Professional)
• Bachelor’s Degree
• Ability to obtain and maintain Public Trust
• 4 years (at least 2 years of Cloud Experience)

Responsibilities

• General understanding of cybersecurity principles, best practices, and industry standards, including confidentiality, integrity, and availability (CIA triad), as well as common attack vectors and threat actors
• Ability to understand and interpret comprehensive security architectures that address the organization's risk profile, compliance requirements, and business objectives
• Proficiency in secure network architectures, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, network segmentation, and secure remote access solutions
• Experience with securing cloud environments (e.g., AWS, Azure, Google Cloud) and services, including identity and access management (IAM), data encryption, network security groups, and cloud security posture management (CSPM) tools, and an understanding of shared responsibility between the cloud provider and the end user
• Knowledge of secure coding practices, web application firewalls (WAFs), secure software development life cycle (SDLC) methodologies, and vulnerability assessment tools to mitigate application-layer risks
• Expertise in Identity and Access Management (IAM) technologies and solutions, including single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and privileged access management (PAM)
• Understanding of endpoint security controls, including antivirus/antimalware solutions, host intrusion detection/prevention systems (HIDS/HIPS), endpoint detection and response (EDR), and device encryption
• Familiarity with data encryption, tokenization, data loss prevention (DLP), and data classification techniques to protect sensitive data at rest, in transit, and during processing. This includes protection within cloud environments
• Knowledge of Security Operations Center (SOC) processes, incident response procedures, threat hunting techniques, and security information and event management (SIEM) platforms for proactive threat detection and response
• Ability to conduct risk assessments, threat modeling, and security risk analyses to identify, prioritize, and mitigate security risks effectively
• Ability to communicate security risks and recommendations to technical and non-technical stakeholders, as well as to document security architecture designs and requirements
• Basic project management skills to plan, coordinate, and execute security projects, including resource allocation, budgeting, and timeline management

Preferred Qualifications

• Prefer candidate to have strong knowledge and an understanding of security best practices with cloud architectures and the ability to use cloud-based tools to audit environments for compliance
• Familiarity with API’s (Application Programming Interfaces) and API types
• Desired understanding of DISA STIG (Security Technical Implementation Guide)
• AWS / Azure / Google Cloud (Foundational and security-based)