Enterprise Architect Principal - Military OneSource (FedRAMP)

Location: This position will work a hybrid model (remote and in office one day per week). Ideal candidates will live within 50 miles of one of our Pulse Point locations in Indianapolis, IN, Richmond, VA, Norfolk, VA, Atlanta, GA or Mason, OH.

The Enterprise Architect Principal - Military OneSource (FedRAMP) partners across the enterprise in driving security alignment with business objectives and delivering C-Suite level presentations to build a holistic view of the organization’s strategy, processes, information, and technical assets to ensure business and IT alignment. Will drive and deliver comprehensive security solutions for the AWS GovCloud environment, designing the base set of architectures that comprise both the third-party and cloud-native technologies required for foundational security design.

How you will make an impact:

• Collaborates across enterprise organizations to create comprehensive security solutions, integrations, and reference architectures for security patterns that align to FedRAMP High and DoD IL 4/5 requirements.

• Creates and delivers C-Suite level presentations.

• Recommends updates to cloud security governance strategy based on NIST, Federal Government, and regulatory requirements.

• Provides security-focused solution guidance to business and IT partners and participates in broader information security governance.

• Works with business units to translate business strategy into discrete capabilities and helps to identify security capability gaps in systems.

• Provides strategic and tactical security control recommendations, operational security blueprints and roadmaps, reference architectures for security patterns, and general security technology/application assessments.

• Collaborates with enterprise teams and ensures that implementation components (main architecture, solution architecture, and technical architecture) align with architecture strategies.

• Participates in the Cloud Governance processes and community of practice.

• Proposes opportunities to improve security outcomes and reduces risks based on targeted or continuous assessments and evolving threat drivers.

• Defines, communicates, and drives security controls matrix design and implementation, and monitors compliance to enterprise-level security standards.

• Designs, analyzes, and implements testing plans to ensure security guardrails cannot be compromised.

• Establishes strategic vendor relationships for security products and services.

• Develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements.

• Recommends new technologies for domains based upon business value drivers and return on investment.

• Establishes overall systems architecture vision and ensures specific components are appropriately designed and leveraged.

• Maintains enterprise level blueprints.

• Monitors usage of architectural components and assumes responsibility for reuse.

• Drives system migration based upon roadmaps defined in enterprise and domain blueprints.

• Leads architecture strategy and vision for enterprise.

• Ensures blueprints are refreshed as needs emerge or in accordance to plan of record changes.

• Provides continuous consulting services and direction in projects and architectures.

• Champions and responsible for enterprise level technology and architectural standards, guidelines, principles, frameworks, and reference models.

Minimum Requirements:

• Requires an BA/BS degree in Information Technology, Computer Science or related field of study and a minimum of 8 years of experience in architecture/design in relevant technology disciplines; or any combination of education and experience, which would provide an equivalent background.

• U.S. Citizenship is required for this position as it will support the Department of Defense Military OneSource program.

Preferred Skills, Capabilities and Experiences:

• Experience architecting Cloud solutions in alignment with FedRAMP High and DoD IL 4/5 design requirements as well as expertise in FedRAMP 3PAO security assessments strongly preferred.

• Experience as an authorized and accredited FedRAMP 3PAO assessor, with expertise in preparing Readiness Assessment Reports (RAR), Security Assessment Plans (SAP), and Security Assessment Reports (SAR) strongly preferred.

• Expertise in ISO/IEC 17020 and in FedRAMP and DoD security standards strongly preferred.

• Experience with legal/regulatory requirements such as PCI-DSS, HIPAA, NIST, FISMA, etc. strongly preferred.

• Experience in automated integration with ticketing and asset management systems strongly preferred.

• Security certifications with a specific focus on AWS Cloud professional certifications as well as CISSP, CCSP, and other advanced technical security certifications strongly preferred.

• 5+ years of experience in Information Security-focused efforts, with demonstrated ability to distill complex security problems and drive toward creative solutions while complying with enterprise policies strongly preferred .

• Experience in implementing DevOps automation with Terraform and Ansible following Infrastructure as Code (IaC) concept strongly preferred.

• Strong knowledge on CI/CD processes and tools strongly preferred.

• Experience deploying, configuring, and automating CI/CD Release pipeline with CI/CD tools such as Jenkins, Bamboo, Git, Maven/Gradle, Sonar, Artifactory, Jira, Checkmarx, RabbitMQ preferred.

• Common DevOps scripting languages (Python, BASH, Node.JS, etc.) preferred.

• Experience in centralized controls and reporting for security-focused logging and monitoring, with a focus on Splunk/SIEM integration preferred.

• Web services experience with REST, JSON, YAML, SOAP/XML preferred.

• Strong understanding of Cloud Security governance, including but not limited to Organization Policies, Assured Workloads, and Security Command Center Premium preferred.

• Experience with the Mitre ATT&CK framework and detection logic driven by threat intelligence preferred.

• Highly proficient with Palo Alto/Panorama and general network security expertise, with a focus on both the web content filtering, IDS/IPS, and OFAC Geoblock capabilities that Palo Alto offers for ingress points as well as Istio and mutual TLS authentication with SPIFFE Spire preferred.

• Experience with VPC Service Controls, and able to identify and configure for use cases related to GKE workloads preferred.

• Experience with workload identity federation, specifically as required for service accounts, with strong knowledge of service account controls, vaulting, and best practices preferred.

• Demonstrated ability to communicate clearly with all constituents, serving as a mentor and SME preferred.

• Experience with automated security validation and event-driven automation preferred.

• Clear understanding of overall systems architecture and how to leverage specific components preferred.

• Understanding of Cloud infrastructure environments and the challenges associated with enterprise integration, with demonstrated ability to grasp and contribute to big-picture strategy preferred.

This job is assigned to an entity that conducts government business, the applicant and incumbent fall under a `sensitive position' work designation and is subject to additional requirements beyond those associates outside Government Business Divisions. Requirements include, but are not limited to, obtaining and maintaining a 'Secret level security clearance', which entails more stringent and frequent background checks, segregation of duties principles, role specific training, monitoring of daily job functions, and sensitive data handling instructions. Associates in these jobs must follow the specific policies, procedures, guidelines, etc. as stated by the Government Business Division in which they are employed.