Cyber Security Architect II

Job Description
Program Background

The Navy Maritime Maintenance Enterprise Solution (NMMES) is a comprehensive Information Technology (IT) toolset supporting NAVSEA's ship maintenance, overhaul, repair, and modernization operations across the U.S. Navy fleet. NMMES encompasses approximately 79 IT systems, applications, networks, and data centers serving over 51,000 users worldwide at Navy Shipyards (NSY), Intermediate Maintenance Facilities (IMF), Regional Maintenance Centers (RMC), Ship Repair Facilities, and Forward Deployed Regional Maintenance Centers. The NMMES Technical Refresh (NMMES-TR) program requires robust cybersecurity architecture to protect these critical enterprise systems, ensure compliance with DoD and DoN Information Assurance requirements, and maintain secure operations across multiple classification levels.

Position Summary

The Cyber Security Architect is a senior-level specialist responsible for designing, developing, engineering, and implementing solutions to Multi-Level Security (MLS) and Information Assurance (IA) requirements. This position conducts security assessments and consulting services, performs risk analyses, and provides technical support for secure software development and integration. The Cyber Security Architect gathers and organizes technical information about mission goals, existing security products, and ongoing programs to develop comprehensive security architectures. This role is considered a top-level contributor/specialist who independently performs complex tasks, provides consultation on complex projects, and may lead and direct the work of others.

Key Responsibilities
Security Architecture and Design

• Design, develop, engineer, and implement solutions to Multi-Level Security (MLS) requirements
• Develop and maintain cybersecurity architecture for enterprise systems and applications
• Gather and organize technical information about organizational mission goals, needs, and existing security products
• Evaluate ongoing programs in the MLS arena and recommend architectural improvements
• Integrate electronic processes and methodologies to resolve total system problems as they relate to Information Assurance requirements
• Design defense-in-depth security solutions that protect the confidentiality, integrity, and availability of systems
• Architect security solutions for cross-domain requirements and system interconnections

Security Assessment and Risk Analysis

• Conduct security assessments and security consulting services for enterprise systems
• Perform risk analyses including comprehensive risk assessments of systems and networks
• Analyze information security requirements and identify gaps in current security posture
• Evaluate security controls for effectiveness in meeting DoD and DoN IA requirements
• Assess vulnerabilities and threats to systems and recommend mitigation strategies
• Review and validate security implementations against established security policies and standards
• Support Risk Management Framework (RMF) activities including security control selection and assessment

Security Products and Solutions

• Apply expert knowledge of security/IA products including PKI, VPN, firewalls, and intrusion detection systems
• Analyze and recommend resolution of security/IA problems based on knowledge of major IA products and services
• Evaluate security product capabilities and limitations for suitability in meeting requirements
• Design and implement PKI solutions for certificate management and secure communications
• Configure and integrate firewalls, IDS/IPS, and network security appliances
• Implement VPN solutions for secure remote access and site-to-site connectivity
• Evaluate emerging security technologies and recommend adoption where appropriate
• Secure Software Development Support
• Provide technical support for secure software development and integration tasks
• Review work products for correctness and adherence to design concepts and user standards
• Ensure security requirements are integrated throughout the software development lifecycle
• Validate that security controls are properly implemented in applications and systems
• Support security testing and evaluation of software products
• Advise development teams on secure coding practices and security architecture patterns

Compliance and Regulatory

• Apply expert knowledge of DoD and DoN Information Assurance rules and regulations
• Ensure systems comply with NIST SP 800-53 security controls and DISA STIGs
• Support Authorization to Operate (ATO) processes and documentation
• Maintain compliance with DoD 8570/8140 cybersecurity workforce requirements
• Interpret and apply DoD cybersecurity policies including DoDI 8510.01 (RMF)
• Support continuous monitoring requirements and security posture reporting

Technical Leadership and Consultation

• Provide consultation on complex cybersecurity projects as a top-level contributor/specialist
• May lead and direct the work of other cybersecurity and IA personnel
• Independently perform a wide variety of complicated security engineering tasks
• Rely on extensive experience and judgment to plan and accomplish goals
• Mentor junior team members on security architecture principles and best practices
• Collaborate with program management, systems engineers, and developers on security requirements
• Brief leadership on security posture, risks, and recommended mitigations

Requirements

Required Qualifications
Education
•Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field (Master's degree preferred)

Experience

• Minimum 5 years of experience in cybersecurity, information assurance, or related field
• Familiarity with a variety of cybersecurity concepts, practices, and procedures
• Demonstrated experience designing and implementing security architectures
• Experience with Multi-Level Security (MLS) environments and solutions
• Experience conducting security assessments and risk analyses
• Knowledge of DoD and DoN Information Assurance rules and regulations
• Hands-on experience with security/IA products including PKI, VPN, firewalls, and intrusion detection systems
• Ability to independently perform complex tasks and provide consultation on complex projects

Clearance
•Active Secret security clearance (minimum); Top Secret clearance preferred

Desired Qualifications

• Master's degree in Cybersecurity, Information Assurance, or related field
• Experience supporting Navy or NAVSEA IT programs
• Experience with cross-domain solutions and guard technologies
• Experience with cloud security architecture (AWS, Azure, DoD Cloud)
• Knowledge of NIST Cybersecurity Framework (CSF) and RMF implementation
• Experience with eMASS and Navy RMF processes
• Experience leading cybersecurity teams or projects
• Knowledge of Zero Trust Architecture principles
• Experience with security automation and orchestration tools
• ISSEP, ISSAP, or ISSE certification

Technical Skills

SecurityArchitecture

Defense-in-Depth, Zero Trust, MLS Architecture,Cross-Domain Solutions, Security Design Patterns

SecurityProducts

PKI/Certificate Management, VPN (IPSec, SSL), Firewalls(Palo Alto, Cisco ASA, Juniper), IDS/IPS (Snort, Suricata)

RiskManagement

RMF, Risk Assessment, Vulnerability Assessment, ThreatModeling, Security Control Assessment

ComplianceFrameworks

NIST SP 800-53, NIST CSF, DISA STIGs, CNSSI 1253, DoDI8510.01, DoDI 8500.01

SecurityTools

ACAS/Nessus, SCAP, SIEM (Splunk, ArcSight), HBSS/ESS,Wireshark, eMASS

NetworkSecurity

Network Segmentation, DMZ Architecture, NAC, 802.1X,Network Access Control

Identity& Access

PKI, CAC/PIV, SAML, LDAP/Active Directory, Multi-FactorAuthentication, Privileged Access Management

Encryption

Data-at-Rest Encryption, Data-in-Transit Encryption, KeyManagement, TLS/SSL, NSA Suite B

CloudSecurity

AWS GovCloud, Azure Government, FedRAMP, Cloud AccessSecurity Broker (CASB)

Core Competencies

• Expert-level analytical and problem-solving skills for complex security challenges
• Strong strategic thinking with ability to develop comprehensive security architectures
• Excellent written and verbal communication skills for technical documentation and executive briefings
• Ability to independently perform complex tasks with minimal supervision
• Leadership capabilities with experience directing and mentoring technical staff
• Deep understanding of IA disciplines and their application to real-world security problems
• Ability to translate complex security requirements into implementable solutions
• Strong collaboration skills for working across technical and program management teams
• Commitment to continuous learning in the rapidly evolving cybersecurity landscape
• Sound judgment in making risk-based decisions and recommendations