Enterprise Cybersecurity Architect

At phia, our goal is to hire talented and passionate team members who desire to grow their skillsets, as well as the reputation of the company with our partners, clients, and stakeholders. We are anticipating growth in the very near future and invite you to explore our career opportunities. In support of future work, we are reviewing resumes for the position of Enterprise Cybersecurity Architect supporting the National Geospatial-Intelligence Agency (NGA) in Springfield, Virginia. This program provides Risk Management Support to identify, research, assess, monitor, and provide knowledge of risks across the NGA enterprise. These services provide the NGA Cybersecurity Risk Executive Function (REF) and DAOs a strategic view of the agency’s risk posture and service to inform AOs during the RMF process.

What You'll Do

Develop and maintain business, systems, and information processes to support enterprise cybersecurity and mission needs; develops information technology (IT) rules and requirements that describe baseline and target cybersecurity architectures.

• Identify and prioritize critical business cybersecurity functions in collaboration with organizational stakeholders.
• Provide cybersecurity advice on project schedule, design concepts or changes.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
• Evaluate architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to system requirements allocating the appropriate cybersecurity services and mechanisms to address any identified gaps.
• Develop enterprise architecture or system components required to meet cybersecurity needs.
• Define system availability (resiliency) based on critical system functions and ensure that system requirements identify appropriate disaster recovery (DR) and continuity of operations (COOP) requirements.
• Provide input to the NIST Risk Management Framework process activities and related documentation (system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Develop a system security context, a preliminary system security Concept of Operations (CONOPS) and define baseline system security requirements in accordance with applicable cybersecurity requirements.
• Document and update as necessary all definition and architecture activities including how the implementation of new systems that interface may impact the cybersecurity posture of the enterprise.

Requirements

Knowledge, Skills, Abilities

• Knowledge of information systems, networks, and security methodologies (OS, protocols, topologies, architectures, cloud, on-premise, classified environments, zero trust, defense in depth, least privilege, etc.).
• Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti- tampering techniques, and requirements).
• Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
• Skill in designing the integration of hardware and software solutions.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
• Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• Ability to execute technology integration processes
• Ability to design micro segmentation, zero trust and least privilege models in enterprise architectures

Education + Experience

• 10 years of relevant cybersecurity risk management experience
• Bachelor’s degree in Computer Science, IT, Cybersecurity, SW Engineering, or related technical degree.
• Qualified candidates must possess the PMP certification, and they must also meet level IAM III DoD 8140 Baseline Certification requirements by possessing the following industry certifications:
  • CISM
    
  • CISSP (or Associate)
  • GSLC

If no degree is held, candidates must hold one of the following industry certifications:

• CCISO
• CISSP-ISEEP
• CISSP-ISSMP

Security Clearance

• This position will require U.S. citizenship and an active DoD TS/SCI security clearance. Must be willing to submit to, and pass, a CI polygraph.

Who You Are

• A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
• Intellectually curious with a genuine desire to learn and advance your career.
• An effective communicator, both verbally and in writing.
• Customer service-oriented and mission-focused.
• Critical thinker with excellent problem-solving skills.

IMPORTANT: This position is subject to Executive Order 14042 and the Safer Federal Workforce Task Force Guidance requiring covered employees to be fully vaccinated against COVID-19. As a condition of employment, the successful candidate will be required to provide proof of full COVID-19 vaccination prior to commencing employment. Prospective or new employees who are unable to be vaccinated due to medical reasons or a sincerely held religious belief may request a reasonable accommodation. This request must be approved prior to the start of employment to the extent a reasonable accommodation is available that does not pose an undue hardship on phia or a direct threat to the candidate or phia’s employees.

Benefits

Who We Are

phia LLC ("phia") is a Northern Virginia-based, 8a certified small business established in 2011 with a focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia values work-life balance and offers the following benefits to full-time employees:

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.