Designation
| Key Personnel
|
GSA MAS Labor Category
| Security Architect
|
Level of Effort
| 1.0 FTE (1,880 hours per period), all five performance periods
|
Location / Hours
| Remote-first; periodic on-site in Bethesda, MD; core hours 7:00 a.m.?6:00 p.m. ET M?F plus emergency after-hours
|
Clearance
| Tier 2 Public Trust (MBI-5B) ? must obtain and maintain
|
Key Personnel Conditions
Key Personnel designation under HHSAR 352.237-75 (RFQ Section G.3). A signed Letter of Commitment is required at quote submission (RFQ L.6.1, Factor 3, as amended). The incumbent may not be diverted or replaced without Contracting Officer written consent for the life of the task order (Base plus four option periods, through August 2031). U.S. work authorization and the ability to obtain and maintain a Tier 2 (Public Trust / MBI-5B) background investigation are required (RFQ H.11.11). Performance is remote-first with periodic on-site presence at NIH facilities in Bethesda, MD for meetings, exercises, and incident response (SOW Section 7). Core coverage hours are 7:00 a.m. to 6:00 p.m. ET, Monday through Friday, with emergency after-hours availability (RFQ F.5).
Role Summary
Technical authority for the NIH/OD-OIT security architecture and owner of the program's most visible engineering deliverables: the Baseline Zero Trust Security Architecture Reference Documents (due 90 days after award) and the Data Center Privileged Access Standard Operating Procedure (due 60 days after development of the Zero Trust privileged access architecture).
Leads the design, documentation, and implementation of Zero Trust security solutions across on-premises and cloud environments in accordance with OMB Memorandum M-22-09, and provides strategic thought leadership to the OD CISO on security engineering, emerging threats, and modernization.
Key Responsibilities
? Develop, document, and drive Government approval of Zero Trust reference architectures and security patterns for cloud and on-premises systems; define the maturity roadmap across the five Zero Trust pillars (identity, devices, networks, applications/workloads, data).
? Architect privileged access controls (PAM, formalized RDP/SSH access points) and author the Privileged Access SOP; align enforcement with Zero Trust policy goals.
? Provide senior engineering direction across the contractor-managed security stack ? SIEM, EDR, next-generation firewall, WAF, DLP, PAM, IDS/IPS, and cloud security ? including gap identification, tool optimization, and the System Administration and Engineering Gaps Remediation Reports.
? Support enhanced incident response capability design within Zero Trust architectures; advise Tier 2/3 forensics and SOC engineering on detection and containment patterns.
? Contribute architecture input to RMF authorization boundaries, FedRAMP package reviews, and C-SCRM third-party risk assessments; brief executives and produce decision-quality architecture artifacts.