Security Architect

Position: Security Architect
Location: Fairfax, VA - Hybrid (3 days onsite)
Duration: 6 Months CTH / Fulltime

Interview - Web/In-person

Local Candidates and North Virginia candidates only

About the role:
Own and unify security architecture across a complex enterprise environment. You ll align
identity, device, data, and technical controls; tailor solutions for research and academic needs;
and partner with GRC on an annual Security Program Review, roadmap development, and
implementation oversight.

Responsibilities:
Security Architecture Design & Strategy 35%
Develop and maintain enterprise wide security architecture aligned with business and
technology goals.
Create security roadmaps, models, standards, and procedures for cloud and on premise
environments.
Define baseline configurations and secure design patterns for systems and networks.
Security Risk Management & Assurance 25%
Conduct security reviews and threat modeling for applications and infrastructure.
Validate security configurations and recommend improvements.
Support internal audits and compliance with regulatory frameworks (e.g., NIST, HIPAA,
FERPA).
Collaboration & Stakeholder Engagement 20%
Liaise with Enterprise Cybersecurity, architects, and business stakeholders to ensure
secure practices.
Participate in project planning to integrate security requirements.
Coordinate with system owners and architects to allocate and implement security
controls.
Technology Evaluation & Implementation 15%
Evaluate and recommend security tools and services based on technical and financial
metrics.
Support secure deployment of applications and infrastructure, including cloud services.
Stay current with emerging threats and technologies.Policy Development & Documentation 5%
Draft and maintain security policies, procedures, and standards.
Document data flows and security requirements across systems and services.
Qualifications:
15+ years in information security, including 8+ years in architecture or security
engineering leadership.
Required Knowledge, Skills, and Abilities (KSAs)
Knowledge: Enterprise security architecture principles (e.g., SABSA, TOGAF, NIST CSF);
security technologies (e.g., firewalls, SIEM, IAM, endpoint protection);
regulatory/compliance (e.g., HIPAA, FERPA, ISO 27001); cloud and on premise
infrastructure security.
Skills: Strategic planning and roadmap development; threat modeling and risk
assessment; secure system and network design; technical documentation and policy
writing.
Abilities: Translate business and risk requirements into technical solutions; collaborate
across departments; evaluate and recommend security tools/services; communicate
complex security topics to non technical stakeholders.
Preferred Knowledge, Skills, and Abilities (KSAs)
Knowledge: Advanced understanding of cloud native security (AWS, Azure, Google Cloud Platform); data
protection techniques (encryption, tokenization); OT/IoT security.
Skills: Financial analysis of security investments (ROI, TCO); project management and
cross functional coordination; vendor risk assessment and third party reviews.
Abilities: Lead security architecture in large scale IT projects; influence policy and
governance decisions; adapt to evolving technologies and threats.
Other Attributes: Experience in government, education, or research environments.
Required Education and Experience:
Bachelor s degree in a related field.
Hands on experience with security infrastructure (e.g., firewalls, SIEM, endpoint
protection).
Experience with threat modeling and risk assessments.
Experience securing cloud and on premise environments.
Familiarity with IT infrastructure components (OS, networks, databases, containers).
Experience with IAM technologies (e.g., Active Directory, AWS IAM, Okta).
Working knowledge of IT service management practices (e.g., change, incident, asset
management).
Licenses/Certifications: One or more of CISSP, CISA, TOGAF, GIAC.Preferred Education and Experience:
Master s degree in a related field.
Experience in higher education or research environments.
Experience with vendor risk assessments and third party security reviews.
Experience with OT/IoT security and business continuity planning.
Licenses/Certifications: CISM or other advanced certifications (e.g., CCSP, CRISC).