Cybersecurity Architect

Description

The Leidos Digital Modernization Sector is currently pursuing a new opportunity and is seeking a Cybersecurity Architect to work in Tampa, FL to play a crucial role in a landmark Zero Trust (ZT) surge initiative for our client. This is an exciting opportunity to use your experience helping the U.S. Special Operations Command (USSOCOM) Enterprise Development, Application, and Training (EDAT) mission. In this mission we are focused on providing innovative, data-driven solutions and enterprise architecture enhancements to enable seamless operations across USSOCOM's global network. The program emphasizes rapid development and deployment of technologies to enhance the mobility and readiness of Special Operations Forces (SOF) in both combat and non-combat scenarios. Key tasks include program management, application development, training support, and technology integration to maintain USSOCOM's operational edge. The EDAT program underscores agility and adaptability, ensuring SOF professionals have access to the information and tools they need to meet evolving mission requirements.

• Design and develop comprehensive Zero Trust architectures for USSOCOM's Greenfield (SOCRATES) and Brownfield (SOFNET-U/S) IT environments, ensuring alignment with the 7-week initial surge timeline for Iplan development and supporting long-term ZT objectives.
• Translate strategic ZT goals, DoD CIO ZT PfMO's 91 target activities (FY27) and 61 advanced activities (FY33), and operational requirements into detailed architectural blueprints, security controls, and technical specifications.
• Leverage outputs from ZT assessment tools (e.g., Leidos ZTRL) and frameworks (e.g., CACI ZT Playbook) to inform architectural decisions, identify gaps, and propose remediation strategies.
• Develop and document the protection needs (i.e., security controls) for information systems and networks, ensuring secure configuration management processes are employed.
• Design architectures and frameworks for systems and networks with multilevel security requirements, considering the processing of multiple data classification levels (e.g., Unclassified, Secret, Top Secret).
• Perform security reviews of existing and proposed architectures, identify gaps in security posture, and develop security risk management plans and mitigation strategies.
• Ensure that acquired or developed systems and architectures are consistent with USSOCOM's cybersecurity architecture guidelines and ZT principles.
• Define and document how the implementation of new systems or interfaces impacts the security posture of the current environment.
• Collaborate closely with the Project Manager, Cyber Engineers, Systems Engineers, and Network Engineers to ensure architectural designs are feasible, implementable, and integrated effectively.
• Provide expert technical guidance and recommendations on ZT technologies, security tools, and architectural best practices.
• Document and address USSOCOM's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition and system development lifecycles.
• Develop system security context, preliminary system security CONOPS, and define baseline system security requirements in accordance with applicable cybersecurity mandates.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements.
• Support the development of the Bill of Materials (BOM) by providing detailed specifications for architectural components.

• Bachelor of Science (BS) degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related field and 8+ years of applicable experience, additional years of experience will be accepted in lieu of a degree.
• Security Clearance: Active Top Secret clearance with the ability to obtain an SCI.
• A minimum of ten (8+) years of progressive experience in cybersecurity, with a strong emphasis on security architecture, design, and engineering.

• CompTIA Advanced Security Practitioner (CASP+) OR Security+ CE (or higher CompTIA) OR Red Hat Certified Specialist in Security: Linux

• Expertise in designing and implementing Zero Trust Architectures (ZTA) within complex enterprise environments, preferably DoD.
• Deep understanding of cybersecurity principles (confidentiality, integrity, availability, authentication, non-repudiation) and organizational security requirements.
• Proven ability to design architectures and frameworks, applying network security architecture concepts including topology, protocols, components, and defense-in-depth principles.
• Skill in applying cybersecurity methods such as firewalls, demilitarized zones (DMZs), encryption, intrusion detection/prevention systems (IDPS), and security information and event management (SIEM).
• Comprehensive knowledge of computer networking concepts and protocols (TCP/IP, DNS, DHCP, etc.) and network security methodologies.
• In-depth knowledge of risk management processes (e.g., methods for assessing and mitigating risk, RMF), and skill in performing security reviews and identifying architectural gaps.
• Skill in determining how a security system should work (including resilience and dependability) and how changes in conditions, operations, or the environment will affect outcomes.
• Ability to translate operational requirements into protection needs (i.e., security controls) and integrate organizational goals into the architecture.
• Knowledge of cloud computing service models (SaaS, IaaS, PaaS), deployment models (private, public, hybrid), and associated security considerations.
• Familiarity with secure configuration management processes and systems security engineering.
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Understanding of cyber threats, vulnerabilities, and the operational impacts of cybersecurity lapses.
• Knowledge of authentication, authorization, and access control methods (e.g., PKI, MFA).
• Familiarity with encryption algorithms and cryptographic key management concepts.
• Ability to document and update all definition and architecture activities effectively.
• Strong analytical and problem-solving skills, with the ability to think strategically and develop innovative solutions.
• Excellent communication and interpersonal skills, with the ability to articulate complex architectural concepts to technical and non-technical stakeholders.
• Experience with USSOCOM, SOF environments, or other DoD agencies is a significant advantage.

• GIAC Defensible Security Architecture (GDSA).
• Other relevant high-level Cyber Architect certifications (e.g., CISSP-ISSAP, CCIE Security, CNDA) are highly valued.
• Experience supporting DoD or USSOCOM environments is highly preferred.
• Conditional Alternative (one of the following may be considered with strong architectural experience):
• Microsoft Certified: Security Operations Analyst Associate (SC-200).
• AWS Certified Security - Specialty.