Sr. Cybersecurity Architect

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field required; Master’s degree preferred
• Minimum of 7 years of progressive experience in cybersecurity engineering, security architecture, or cyber risk management
• At least 5 years of experience supporting federal security programs; CMS or HHS experience strongly preferred
• Demonstrated expertise in Zero Trust Architecture, including familiarity with the CISA Zero Trust Maturity Model and federal implementation strategies
• Strong experience in attack surface management, threat intelligence integration, and risk-informed security decision-making
• In-depth knowledge of Cyber Risk Management frameworks, including NIST RMF and NIST Cybersecurity Framework (CSF)
• Proven experience conducting threat, vulnerability, and impact assessments and translating findings into actionable enterprise-level recommendations
• Demonstrated experience performing security architecture reviews and supporting system integration efforts
• Proficiency in SQL for developing and executing complex queries against enterprise cybersecurity data sources to extract, analyze, and validate risk and operational metrics
• Working knowledge of scripting or programming languages (e.g., Python, PowerShell, Bash, or similar) to support data analysis, automation, and security process improvement initiatives
• Strong analytical, documentation, and executive-level reporting skills, with the ability to communicate complex technical risks to non-technical stakeholders
• Ability to manage multiple operational workstreams and strategic initiatives concurrently in a dynamic federal environment
• One or more of the following relevant industry certifications required, such as CISSP, CISM, CCSP, AWS or Azure Security Specialty, or equivalent cloud and security architecture certifications

Nice To Haves

• Experience leveraging federal cybersecurity data platforms and reporting tools (e.g., Tableau, SDL) preferred

Responsibilities

• Serve as a senior technical advisor supporting security and privacy initiatives across emerging technology, cyber risk management, Zero Trust, and cybersecurity readiness efforts
• Research, evaluate, and provide strategic recommendations on emerging technologies (e.g., AI/ML, advanced encryption, cloud-native security, automation) to improve the security and privacy posture of the Marketplace
• Assess potential risks, operational impacts, and innovation opportunities associated with new technologies, ensuring alignment with enterprise strategy and mission objectives
• Support Proofs of Concept (PoC) initiatives by incorporating threat intelligence and attack surface analysis, conducting risk assessments (threat, vulnerability, impact), and advising on integration with existing security capabilities
• Examine business, mission, and user practices that contribute to attack surface exposure and recommend holistic risk reduction strategies beyond technical tooling
• Analyze threat trends targeting the enterprise, contextualizing risks within business operations and mission impact
• Evaluate cybersecurity posture using enterprise data sources to identify trends in vulnerabilities, unsupported technologies, findings management, and attack surface risks
• Compare current cybersecurity capabilities against industry best practices and recommend improvements to strengthen overall risk posture
• Develop and execute SQL queries against enterprise cybersecurity data sources to extract, analyze, and validate risk data (e.g., vulnerabilities, unsupported software, findings management metrics), ensuring data-driven decision-making and accurate reporting
• Manage and support ongoing cyber operational activities, including attack surface analysis, cyber risk management processes, and coordination implementing new or enhanced capabilities
• Provide Zero Trust subject matter expertise aligned with enterprise strategy and the CISA Zero Trust Maturity Model, supporting maturation across identity, device, network, application, and data security domains
• Assess system architectures for risk and recommend integration of innovative security approaches throughout the system development lifecycle
• Collaborate with internal teams and stakeholders to advance Zero Trust implementation and ensure continuous monitoring aligns with organizational risk requirements
• Support cybersecurity readiness activities during high-risk operational periods, including tabletop exercise development, threat actor analysis, and stakeholder coordination
• Facilitate cross-organizational security forums and stakeholder engagements to enhance visibility, collaboration, and proactive risk mitigation across the Marketplace environment