Cybersecurity Architect

Description:
Onsite in Tustin, CA

Our client seeks an experienced Security Architect with prior experience in law enforcement, government, or public safety IT environments and familiarity with CJIS, NIST, FedRAMP, or state compliance frameworks.

Due to federal security clearance requirements, applicant must be a United States Citizen or Permanent Resident. This is a contract to hire opportunity. Applicants must be willing and able to work on a w2 basis and convert to FTE following contract duration. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.

Rate: $80.00 to $90.00/hr. w2

Responsibilities:
Responsibilities

• Design, implement, and maintain Palo Alto Networks next-generation firewalls, Panorama, and related security services including WildFire, Threat Prevention, URL Filtering, and Anti-Virus.
• Develop and enforce security policies, rule sets, and network zone segmentation aligned to Zero Trust across the enterprise.
• Serve as the top-tier subject matter expert for Palo Alto security engineering, configuration, and troubleshooting.
• Architect and optimize secure remote access solutions using enterprise VPN technologies such as Palo Alto GlobalProtect with least privilege and MFA controls.
• Develop and enforce wireless security policies for corporate and guest networks, including segmentation, secure authentication, and encryption.
• Design and implement secure DNS architectures leveraging DNSSEC or private DNS services.
• Lead design and tuning of the enterprise SIEM, including device log integration, correlation rules, alerts, dashboards, and reporting.
• Develop, maintain, and test the Incident Response Plan and playbooks, and lead technical response across the incident lifecycle.
• Conduct post-incident reviews to identify architectural gaps and define short- and long-term security enhancements.
• Ensure security architectures, policies, and procedures comply with CJIS and other applicable mandates.
• Create and maintain enterprise security standards, control baselines, and reference architectures.
• Conduct regular security assessments, identify control deficiencies, and define remediation strategies.
• Plan, coordinate, and implement security measures to regulate access and prevent unauthorized modification, destruction, or disclosure of information.
• Evaluate and recommend new and emerging security products and technologies.
• Develop and interpret security policies and procedures and support security awareness and technology training.

Experience Requirements:
Experience Requirements

• 7+ years of relevant industry experience with security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Professional experience providing expert technical leadership in a SOC or similar cybersecurity services organization.
• Strong hands-on understanding of Palo Alto Networks architecture, NGFWs, intrusion prevention systems, and associated security products.
• Experience with network security design, deployment, maintenance, and troubleshooting.
• Experience leading SIEM design, log onboarding, correlation development, and tuning.
• Experience developing and executing incident response plans and playbooks.
• Experience supporting users and collaborating across teams with strong communication and interpersonal skills.
• Project management capability with the ability to manage multiple projects and meet deadlines under pressure.
• Ability to work independently and as part of a team, including flexible hours, weekends, overnight, and overtime as requested.
• Consistent implementation of security solutions and experience with infrastructure or application-level vulnerability testing and auditing.

Education Requirements:
Education Requirements

• BS in Cybersecurity or related technical field with 7+ years of relevant experience, or MS with 5+ years, or PhD with 4+ years.
• Certification: CISSP or GIAC Reverse Engineering Malware (GREM) or similar.
• Bachelor's degree in a technical field such as computer science, computer engineering, or related field.