RQ07639 - Applications Architect - Senior

Deliverables :

TheSenior Application Architect role requires extensive knowledge ofmodern network technology broadband connectivity industry optionsnetwork security cyber security and other internet technologieswith demonstrated handson experience designing and developingmodern networks network security and cyber security solutions inthe education sector preferably the Ontario K12 school boardenvironment.

This resource is responsible for but not limitedto :

• Providingsubject matter expertise advice consultancy and training withvarious network and cyber security architectures and frameworkssuchas :
• SecureAccess Service Edge(SASE)
• Zerotrustarchitecture(ZTA)
• Cloudsecurityarchitecture
• Softwaredefinednetworking (SDN) and SDWAN (Softwaredefined Wide AreaNetwork)
• MITREATT&CK framework MITRE D3FEND and MITREATLAS
• Variousvendor specific architectures and frameworks (e.g. Azure SecurityArchitecture Google infrastructure security AWS cloud securityarchitecture)
• NISTCyber Security Framework (CSF)v2
• CISControlsv8
• SecurityOperation (SecOps)practices
• Providingsubject matter expertise solution and architecture adviceconsultancy training and implementation guidance with cybersecurity network security and network protection solutionsincluding :
• Nextgenerationcyber security technologies leveraging automation artificialintelligence (AI) and machine learning(ML)
• Endpointsecurity solutions Endpoint protection (EPP) endpoint detection andresponse (EDR) and extended detection and response(XDR)
• Cloudbasedcyber security solutions Secure Service Edge (SSE) / SASE includingSecure Web Gateway (SWG) Cloud Access Security Broker (CASB) andZeroTrustNetwork
• Advancedintrusion prevention systems (IPS) and intrusion detection systems(IDS)
• Networkaccesscontrol
• IncidentResponse and Incident Management (IR and IM)systems
• Automatedvulnerability andpatching
• Userand Entity Behaviour Analytics(UEBA)
• Distributeddenial of service (DDoS)protection
• Penetrationtesting and automated RedTeaming
• OperationTechnology (OT)security
• Providingsubject matter expertise advice consultancy training andimplementation guidance on logging securing and analysing datavulnerability scanning and penetration testing and risk assessmentsto ensure sound network securityarchitecture
• Providingsubject matter expertise advice and consultancy on complex cybersecurity and network securityissues
• Providingsubject matter expertise advice consultancy training andimplementation guidance with network operations centre (NOC) andsecurity operations centre (SOC) technologies services andequipment including but not limitedto :
• SecurityInformation and Event Management(SIEM)
• SecurityOrchestration Automation and Response (SOAR) Response automationsolutions leveraging artificial intelligence and machinelearning
• ThreatIntelligence
• NetworkTraffic Analyzer Network Performance Monitoring and NetworkConfiguration Managementtools
• Providingsubject matter expertise advice consultancy training andimplementation guidance with identity security and authenticationsolutions and technologiesfor :
• MultiFactorAuthentication(MFA)
• IdentityManagement(IdM)
• PrivilegedAccess Management(PAM)
• Passwordbasedand passwordless / passkeyauthentication
• Certificatebasedbiometricauthentication
• Stayingabreast of the everevolving cyber threat landscape to providesubject matter expertise guidance and advice on tactical andoperational cyber security and network securitypractices
• Developingstrategic technology roadmaps based on new and emerging cybersecurity and network security architecture solutions technologytrends and industryanalysis.
• Developingstrategic technology roadmaps based on new and emerging networkarchitecture solutions and technology trends and industry analysisincluding but not limitedto :
• Networkfunction virtualization (NFV) Open Network Automation Platform(ONAP)etc.
• LatestWiFi (e.g. WiFi 6 (802.11ax) 802.11ay WiFi 7 (802.11be)) andcellular broadbandoptions
• WirelessInternet Service Provider (WISP) tools technologies andimplementation inOntario
• 5G(5th generation or latest) mobile data service spectrum sharingsplicingetc.
• Wirelessnetwork security practices including authentication and edgesecurity
• Providingsubject matter expertise advice consultancy training andimplementation guidance of network technology solutions servicesand equipment including but not limited to softwaredefinednetworking (SDN)technology :
• SDWAN(e.g. Fortinet Cisco Meraki Palo Altoetc.)
• EmergingSDEdge such as VMware VeloCloud Silver Peaketc.
• Designingand building network data monitoring and managementsystems
• Creating / updatingdetailed system documentation and technical specifications forvarious solutions and architecture including cyber security networksecurity network protection authentication SDWAN network technologyand NOC and SOCsolutions
• Providingdetailed options analysis including cost estimates on cybersecurity network security and networkarchitectures
• Assessingnew and emerging cyber security network and network securitysolutions technology trends and industry analysis including but notlimited to wireless network security practices such asauthentication and edgesecurity
• Presentingto senior and executive management and external stakeholders asneeded
• Providingstatus and project status reports on all deliverablesassigned.
• Takinga collaborative approach to solution definition development andimplementation with multiple stakeholder groups with differingneeds andexpectations
• Deliveron other duties asassigned.
• Thiswork involves working in close partnership with sector technical ITleads (e.g. school board IT leads) to develop tailored approachesand implementation plans.

To support various stakeholders theresource must be available to perform handson configurationtroubleshooting and training at the client site.

Therefore theresource must be available to travel same day or overnight inOntario asneeded.

Theunit manager may assign other related board work for other unit orbranch initiatives as required.

Requirements

Experienceand Skill SetRequirements :

MustHaves :

• 10years knowledge and experience with cyber security network securityand network protection architectures frameworks and solutionsincluding SDN andSDWAN
• 10years handson experience providing subject matter expertise andleading implementation of network security and network protectionsolutions and technologies implementation preferably for OntarioK12 school boardsincluding :
• Nextgenerationcyber security technologies leveraging automation AI and machinelearning
• SIEMsuch as MS Sentinel Splunk Google Chronicle AlienVault andFortiSIEM
• Endpointsecurity solutions EPP EDRXDR
• Cybersecurity incident response and managementsystems
• 2years demonstrated handson experience providing SOC designarchitecture and plans including SOC technologies services andequipment.
• 5years handson experience with softwaredefined networking (SDN SDWANSDEdge).
• 5years handson experience in data and performance monitoring andmanagement systems in particular SolarWinds FortiManager MerakiPanorama Wireshark preferably for Ontario K12 schoolboards.
• 10years experience in effectively presenting to management teams andexternalstakeholders.
• 1years coordinating complex technical work with multiple IT teamsinternal and external to the Ministry.
• Relevantsecurity certification required (e.g. CISSP orCISM).
• Postgraduatedegree (e.g. M.Sc. and / or Ph.D.) in computer science orengineering ispreferred.

Nicetohaves :

5years handson experience working with Ontario K12 school boards inparticular with school board networks and networksecurity

Skill SetRequirements :

CyberSecurity and NetworkSecurity :

• 10years experience in advanced SD networks and network securitypreferably for Ontario K12 schoolboards.
• 10years knowledge and experience with cyber security network securityand network protection architectures frameworks and solutionsincluding :
• Softwaredefinednetworking (SDN) and SDWAN (Softwaredefined Wide AreaNetwork)
• SecureAccess Service Edge(SASE)
• Zerotrustarchitecture(ZTA)
• Cloudsecurityarchitecture
• MITREATT&CK framework MITRE D3FEND and MITREATLAS
• Variousvendor specific architectures and frameworks (e.g. Azure SecurityArchitecture Google infrastructure security AWS cloud securityarchitecture)
• 10years handson experience providing subject matter expertise andleading implementation of network security and network protectionsolutions and technologies implementation preferably for OntarioK12 school boardsincluding :
• Nextgenerationcyber security technologies leveraging automation artificialintelligence (AI) and machine learning(ML)
• Nextgenerationfirewalls (e.g. Fortinet Meraki PaloAlto)
• Networkaccess control (e.g. HPE Aruba ClearPassFortiNAC)
• SecurityInformation and Event Management (SIEM) such as Microsoft SentinelSplunk Google Chronicle AlienVault andFortiSIEM
• SecurityOrchestration Automation and Response(SOAR)
• Endpointsecurity solutions Endpoint protection (EPP) endpoint detection andresponse (EDR) extended detection and response(XDR)
• Cloudbasedcyber security solutions such as Secure Web Gateway (SWG) CloudAccess Security Broker (CASB) firewalls and ZeroTrust Networkaccess as available SASE (such as Zscaler Netskope Cisco Umbrellaetc.)
• Distributeddenial of service (DDoS)protection
• Advancedintrusion prevention systems (IPS) and intrusion detection systems(IDS)
• Networkaccesscontrol
• Cybersecurity incident response and managementsystems
• Automatedvulnerability andpatching
• Userand Entity Behaviour Analytics(UEBA)
• Distributeddenial of service (DDoS)protection
• Penetrationtesting and automated RedTeaming
• OperationTechnology (OT)security
• 10years handson experience providing subject matter expertise andleading implementation of authentication solutions and technologiespreferably for Ontario K12 school boardsincluding :
• MultiFactorAuthentication(MFA)
• IdentityManagement(IdM)
• PrivilegedAccess Management(PAM)
• Passwordbasedand passwordless / passkeyauthentication
• Certificatebasedbiometricauthentication
• 2years demonstrated handson experience providing security operationscenter (SOC) design architecture and plans including SOCtechnologies services and equipment but not limitedto :
• SecurityInformation and Event Management(SIEM)
• SecurityOrchestration Automation and Response (SOAR)
• SecureAccess Service Edge(SASE)
• Demonstratedhandson experience with cyber security industry frameworks such asNIST Cybersecurity Framework (CSF) and 800 series CIS Controls v8COBIT and ISO27001.
• Excellentknowledge of the new and emerging cyber security and networksecurity technologytrends.
• Excellentknowledge and exposure to IoT security issues and data capturingmechanisms.

NetworkTechnology :

• 10years handson experience with network infrastructure solutions andtechnologies including LAN / WAN VPN VXLAN wLAN fog computing networkfunction virtualization (NFV) server virtualization cloud platformsand hardware (servers switches routersfirewalls).
• 5years handson experience with softwaredefined networking (SDN SDWANSDEdge).
• 5years handson experience with Ontario K12 school boards networks(WAN LAN WiFi internet servicedelivery).
• 5years handson experience in data and performance monitoring andmanagement systems in particular SolarWinds FortiManager MerakiPanorama Wireshark preferably for Ontario K12 schoolboards.
• 5years handson experience with network data traffic awarenessmonitoring and analysis tools and technologies and enterprise toolsincluding SolarWinds PRTG (Paessler Router Traffic Grapher) andWireshark Network Analyzer preferably for Ontario K12 schoolboards.
• 5years handson experience with data logging mechanisms andtechnologies including Syslog IPFix CSV CEF and NetFlow preferablyfor Ontario K12 schoolboards.
• Demonstratedhandson experience with developing customized WAN and networkarchitectures for SDN networks to address unique and specificneeds.
• Excellentknowledge of the new and emerging network technologytrends.
• Demonstratedexperience assessing and evaluating new and emerging networktechnologies with pilots and proofofconcepts.
• Experiencewith telecommunication technologies suchas :
• Datatransport technologies including fibre optic cable coaxial cablewireless radio andmicrowave
• Nextgenerationdata transport such as LTE Advanced DOCSIS C3.1 and5G
• Transmissionprotocols including Multiprotocol Label Switching (MPLS) VirtualPrivate LAN Service (VPLS) TCP / IP (Transmission ControlProtocol / Internet Protocol) andtunneling

Coordination Skills andExperience :

Strongcommunication skills as demonstrated through :

• 10 yearsexperience in effectively presenting to management teams andexternalstakeholders.
• 5years experience in preparing written materials (e.g. statusreports recommendations briefingnotes).
• 1years coordinating complex technical work with multiple IT teamsinternal and external to the Ministry.

Industry Certifications / RelevantDegrees :

• Relevantnetwork certifications or equivalent workexperience.
• Relevantsecurity certification required (e.g. CISSP orCISM).
• ComputerScience engineering or other relevant degree isrequired.
• Postgraduatedegree (e.g. M.Sc. and / or Ph.D.) in computer science or engineeringispreferred.

PublicSectorExperience :

• Knowledgeof Government of Ontario standards (e.g. GOITS) and relevantpolicies andlegislation.
• 5years handson experience working with Ontario K12 school boards inparticular with school board networks and networksecurity.
• Handsonexperience providing design development and delivery of technicaltraining courses to Ontario K12 schoolboards.

Experience and Skill Set Requirements : Must Haves : 10+ yearsknowledge and experience with cyber security, network security andnetwork protection architectures, frameworks, and solutions,including SDN and SD-WAN 10+ years hands-on experience providingsubject matter expertise and leading implementation of networksecurity and network protection solutions and technologiesimplementation preferably for Ontario K-12 school boards,including : Next-generation cyber security technologies leveragingautomation, AI and machine learning SIEM such as MS Sentinel,Splunk, Google Chronicle, AlienVault, and FortiSIEM Endpointsecurity solutions EPP, EDR, XDR Cyber security incident responseand management systems IdM PAM 2+ years demonstrated hands-onexperience providing SOC design, architecture and plans includingSOC technologies, services, and equipment.

5+ years hands-onexperience with software-defined networking (SDN, SD-WAN, SD-Edge).5+ years hands-on experience in data and performance monitoring andmanagement systems, in particular, SolarWinds, FortiManager,Meraki, Panorama, Wireshark preferably for Ontario K-12 schoolboards.

10+ years experience in effectively presenting tomanagement teams and external stakeholders. 1+ years coordinatingcomplex technical work with multiple IT teams, internal andexternal to the Ministry.

Relevant security certification required(e.g., CISSP or CISM). Postgraduate degree (e.g., M.Sc. and / orPh.D.) in computer science or engineering is preferred.

Nice-to-haves : 5+ years hands-on experience working with OntarioK-12 school boards, in particular with school board networks andnetwork security Skill Set Requirements : Cyber Security and NetworkSecurity : 10+ years experience in advanced SD networks and networksecurity preferably for Ontario K-12 school boards.

10+ yearsknowledge and experience with cyber security, network security andnetwork protection architectures, frameworks, and solutions,including : Software-defined networking (SDN) and SD-WAN(Software-defined Wide Area Network) Secure Access Service Edge(SASE) Zero-trust architecture (ZTA) Cloud security architectureMITRE ATT&CK framework, MITRE D3FEND and MITRE ATLAS Variousvendor specific architectures and frameworks (e.

g., Azure SecurityArchitecture, Google infrastructure security, AWS cloud securityarchitecture) 10+ years hands-on experience providing subjectmatter expertise and leading implementation of network security andnetwork protection solutions and technologies implementationpreferably for Ontario K-12 school boards, including : Next-generation cyber security technologies leveraging automation,artificial intelligence (AI) and machine learning (ML)Next-generation firewalls (e.

g., Fortinet, Meraki, Palo Alto)Network access control (e.g., HPE Aruba ClearPass, FortiNAC)Security Information and Event Management (SIEM) such as MicrosoftSentinel, Splunk, Google Chronicle, AlienVault, and FortiSIEMSecurity Orchestration, Automation and Response (SOAR) Endpointsecurity solutions - Endpoint protection (EPP), endpoint detectionand response (EDR), extended detection and response (XDR)Cloud-based cyber security solutions such as Secure Web Gateway(SWG), Cloud Access Security Broker (CASB), firewalls, andZero-Trust Network access as available SASE (such as Zscaler,Netskope, Cisco Umbrella, etc.

Distributed denial of service(DDoS) protection Advanced intrusion prevention systems (IPS) andintrusion detection systems (IDS) Network access control Cybersecurity incident response and management systems Automatedvulnerability and patching User and Entity Behaviour Analytics(UEBA) Distributed denial of service (DDoS) protection Penetrationtesting and automated Red Teaming Operation Technology (OT)security 10 + years hands-on experience providing subject matterexpertise and leading implementation of authentication solutionsand technologies - preferably for Ontario K-12 school boards,including : Multi-Factor Authentication (MFA) Identity Management(IdM) Privileged Access Management (PAM) Password-based andpasswordless / passkey authentication Certificate-based, biometricauthentication 2+ years demonstrated hands-on experience providingsecurity operations center (SOC) design, architecture and plansincluding SOC technologies, services, and equipment, but notlimited to : Security Information and Event Management (SIEM)Security Orchestration, Automation and Response (SOAR) SecureAccess Service Edge (SASE) .

Demonstrated hands-on experience withcyber security industry frameworks such as NIST CybersecurityFramework (CSF) and 800 series, CIS Controls v8, COBIT and ISO27001.

Excellent knowledge of the new and emerging cyber securityand network security technology trends. Excellent knowledge andexposure to IoT security issues and data capturing mechanisms.

Network Technology : 10+ years hands-on experience with networkinfrastructure solutions and technologies including LAN / WAN, VPN,VXLAN, wLAN, fog computing, network function virtualization (NFV),server virtualization, cloud platforms, and hardware (servers,switches, routers, firewalls).

5+ years hands-on experience withsoftware-defined networking (SDN, SD-WAN, SD-Edge). 5+ yearshands-on experience with Ontario K-12 school boards networks (WAN,LAN, Wi-Fi, internet service delivery).

5+ years hands-onexperience in data and performance monitoring and managementsystems, in particular, SolarWinds, FortiManager, Meraki, Panorama,Wireshark preferably for Ontario K-12 school boards.

5+ yearshands-on experience with network data traffic awareness, monitoringand analysis tools and technologies, and enterprise tools,including SolarWinds, PRTG (Paessler Router Traffic Grapher) andWireshark Network Analyzer preferably for Ontario K-12 schoolboards.

5+ years hands-on experience with data logging mechanismsand technologies including Syslog, IPFix, CSV, CEF and NetFlowpreferably for Ontario K-12 school boards.

Demonstrated hands-onexperience with developing customized WAN and network architecturesfor SDN networks to address unique and specific needs.

Excellentknowledge of the new and emerging network technology trends.Demonstrated experience assessing and evaluating new and emergingnetwork technologies with pilots and proof-of concepts.

Experiencewith telecommunication technologies such as : Data transporttechnologies including fibre optic cable, coaxial cable, wireless,radio and microwave Next-generation data transport such as LTEAdvanced, DOCSIS C3.

1, and 5G Transmission protocols includingMultiprotocol Label Switching (MPLS), Virtual Private LAN Service(VPLS), TCP / IP (Transmission Control Protocol / Internet Protocol)and tunneling Coordination Skills and Experience : Strongcommunication skills as demonstrated through : 10+ years experiencein effectively presenting to management teams and externalstakeholders.

5+ years experience in preparing written materials(e.g., status reports, recommendations, briefing notes). 1+ yearscoordinating complex technical work with multiple IT teams,internal and external to the Ministry.

Industry Certifications / Relevant Degrees : Relevant network certifications or equivalentwork experience. Relevant security certification required (e.

g.,CISSP or CISM). Computer Science, engineering or other relevantdegree is required. Postgraduate degree (e.g., M.Sc. and / or Ph.

D.)in computer science or engineering is preferred. Public SectorExperience : Knowledge of Government of Ontario standards (e.

g.,GO-ITS) and relevant policies and legislation. 5+ years hands-onexperience working with Ontario K-12 school boards, in particularwith school board networks and network security.

Hands-onexperience providing design, development and delivery of technicaltraining courses to Ontario K-12 school boards.