Enterprise Security Architect
Portland, OR, United States
Vigor Values
Vigor expects all employees to enhance the atmosphere in which they work by living the Vigor Values every day.
Truth: We seek the truth, and we speak the truth
Responsibility: We act on what we know is right
Evolution : We seek mastery, and adapt to a changing world
Love: We care about the people we work with, and the world we live in
POSITION SUMMARY:
As an Enterprise Security Architect you will operate within the Information Security organization, reporting directly to the Information Security Director. To ensure separation of duties between IT and Information Security (IS) you will oversee and provide guidance and mentorship to IT Network Engineers and other IT personnel who are conducting the implementation of the organization's contractual and business-mandated cyber security requirements, improving the company's overall security posture. You will be responsible for providing recommendations related to the overall architecture, network infrastructure design and application of strategy across multiple companies by working closely between the IT and IS teams. You will also focus on post-implementation assessment of network configurations and controls, advising the Information Security Director regarding the operational, compliance and security components of the overall network infrastructure across multiple companies. You will perform high level end-to-end assessments and reviews, from initial setup and configuration to ongoing change management and vetting of newly proposed networking tools. You will ensure responsible personnel have conducted necessary actions under your guidance for all applicable devices, applications and network infrastructure to properly configure and manage these components. You will have knowledge and familiarity of network and security tools and standards (Security Technical Implementation Guides (STIGS), NIST 800-171 and related) in order to provide guidance on initial configurations and recommendations for security tools and network setup.
Responsibilities
Must live the Vigor Values every day
Represent Information Security objectives in organizational initiatives.
Provide functional and empirical analysis and recommendations related to the proper planning, design, installation and implementation of the network architecture and infrastructure that includes: servers, endpoints, network equipment and enterprise applications.
Design Network Topology in order to provide layered security throughout the network. Work with teams to implement and maintain this design.
Responsible for establishing and ensuring compliance through appropriate policies, processes and technology with CMMC, NIST SP 800-171, and Naval Nuclear 801 including collection and storage of compliance evidence.
Thorough understanding of Information security best practices and regulatory requirements within overall infrastructure, across multiple companies
Provide technical expertise for a wide range of Information Security tools, techniques and controls and advise on their incorporation into the IT Technology Roadmap.
Proficient with best practice configuration requirements for firewalls with preferred experience in Cisco and Fortinet.
Identify cyber security deficiencies and risk mitigation strategies, develop and oversee corrective actions through technical and non-technical measures working in conjunction with the appropriate IT manager
Work with Technical Services, Enterprise Applications and End User Support managers to ensure processes are in place to appropriately harden infrastructure server, network and enterprise applications to DISA STIG standards.
Contribute to company's IT and Security policies and procedures.
Oversee Vulnerability management Program.
Provide guidance on the management of Operational Technology (OT) networks
Stay up-to-date with the latest security threats, and make ongoing recommendations for improving our security posture.
Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.
Job Scope
The role operates within general parameters, but must use sound judgment and independent decision making when carrying out job responsibilities. Has the ability to influence existing protocols and modify practices. He/she has the responsibility to oversee the implementation of security measures in line with established government and contract mandated parameters.
Knowledge Skills and Abilities
Broad experience directly applicable to position responsibilities listed above
Experience in implementations of large-scale compliance programs such as NIST 800-171
Experience with public cloud service providers (e.g. Microsoft Azure).
Experience with identity and access management frameworks and protocols, including SAML, OAUTH, and SCIM.
Experience with e-mail security protocols (e.g. SPF, DKIM, DMARC) and controls.
Knowledge of modern adversary tactics, techniques, and procedures.
Experience with Network infrastructure (Cisco, Fortinet)
Understanding of networking concepts (e.g., protocols, topologies, encryption).
Ability to perform technical security assessments of large complex systems.
Ability to design and develop new security control implementations.
Self-motivated and be able to work in a dynamic, changing environment.
Broad understanding of cyber threat mitigation techniques and security technologies including emerging trends.
Possess excellent interpersonal skills to include working with customers, employees, management and security personnel
Requirements
Be a U.S. Citizen
Ability to obtain an Active DoD Secret Clearance
Education and/or Experience
7 years' experience with Bachelor's degree in Computer Science, Engineering or equivalent or 10 years related technical experience (required)
4+ years of work experience in Information Security
Experience contributing to Information Security solutions, scope, and architecture
Significant experience with Information Security technologies, including vulnerability scanning tools, SIEMs, endpoint protection tools, DLP, and IDS/IPS tools
Prefer experience with Tenable.io, ForcePoint, Titus, Titus Illuminate, and Microsoft O365 tools
Certificates, Licenses and Registrations
Must have a current version (or obtain within 120 days of start) at least one of the following DoD 8140 IAT Level III professional certifications:
CASP+ - CompTIA Advanced Security Practitioner
CCNP Security - Cisco Certified Network Professional Security
CISA - Certified Information Systems Auditor
CISSP (Or Associate) - Certified Information Systems Security Professional
GCED - GIAC Certified Enterprise DefenderGCIH - GIAC Certified Incident Handler CCSP - Certified Cloud Security Professional
Our goal is to provide a strong compensation package in support of industrial jobs that matter - to the local economy - and communities in which we operate.
To achieve this goal, Vigor's total compensation philosophy will remain flexible and therefore, subject to periodic review and revision to assure it continues to be sustainable and that is supports the Vigor Code and Culture Values.
Vigor's total compensation philosophy considerations include the following:
Objective is to attract and retain the best performers.
Base pay for positions shall be set slightly below market.
Base pay provided to individuals shall be determined in consideration of market data, internal equity, and overall job performance.
Annual cash compensation, which includes base pay and incentive compensation bonus, shall be target to be above market when the Company's overall financial performance has been positive.
Encourage leadership and competency building by linking career development and individual performance to greater income earnings opportunities.
Employee health, welfare and 401K retirement benefits taken together are above market average provided overall company performance remains positive.
At Vigor we offer a generous benefits package that includes:
Medical RX Dental Vision Life AD&D LTD STD EAP Discretionary bonus Tuition Reimbursement FSA (Medical, Childcare, Transportation) 10 paid holidays PTO 401(k)
Vigor and its wholly owned subsidiaries provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veterans, age, disability or genetics. In addition to federal law requirements, Vigor complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, benefits, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
#J-18808-Ljbffr