Database Security Architect (2-3 week advisory engagement)

Database Security Architect (Advisory – 2–3 Week Engagement)

Engagement Type: Short-Term Advisory (2–3 Weeks)
Location: Remote (Preference for Northern Virginia-based consultant)
Compensation: Provide candidate expecting rate (competitive market) only on 1099

Engagement Overview

VDOT is seeking a senior-level Database Security Architect for a focused 2–3 week advisory engagement. This consultant will assess existing SQL Server security findings, engage directly with Database Administrators and technical teams, and deliver a pragmatic remediation strategy, security best practices framework, and execution roadmap.

This is not a hands-on build role — this is a strategic advisory engagement requiring technical depth, executive presence, and the ability to translate risk into actionable guidance.

Key Responsibilities

• Analyze and interpret existing SQL Server security assessment findings, vulnerabilities, and audit results
• Conduct working sessions with DBAs and infrastructure/security teams to validate findings and understand operational constraints
• Prioritize risks based on business impact, regulatory considerations, and exploitability
• Develop a clear, phased remediation strategy and implementation roadmap
• Establish SQL Server database security best practices and governance recommendations
• Define role-based access controls (RBAC), encryption standards, patching strategies, logging/monitoring improvements, and hardening guidelines
• Deliver executive-level briefings summarizing risk posture, remediation plan, and recommended investment areas
• Produce well-structured documentation, including:
• Security posture summary
• Gap analysis
• Remediation roadmap (short-, mid-, long-term)
• Policy and best practice recommendations

Required Qualifications

• 10+ years of experience in database architecture and security
• Deep expertise in Microsoft SQL Server security architecture, including:
• Authentication and authorization models
• Transparent Data Encryption (TDE)
• Always Encrypted
• Dynamic Data Masking
• SQL Server auditing and logging
• Patch and vulnerability management
• Experience analyzing vulnerability assessment reports and translating findings into remediation strategy
• Strong understanding of data protection standards, compliance frameworks, and public-sector security environments
• Proven ability to communicate complex technical risk to executives and non-technical stakeholders
• Exceptional writing, documentation, and presentation skills
• Experience working within government or highly regulated environments preferred

Preferred Qualifications

• Experience supporting state or federal agencies
• Familiarity with CJIS, NIST, or similar regulatory frameworks
• Northern Virginia presence (preferred but not required)