RQ07078 - Applications Architect - Senior

Description :

TheSenior Application Architect role requires extensive knowledge ofmodern network connectivity network security cyber security andinternet technologies with demonstrated handson experiencedesigning and developing modern networks network security and cybersecurity solutions in the Ontario K12 school board environment.

This resource is responsible for but not limitedto :

• Providing subjectmatter expertise advice consultancy and training with variousnetwork and cyber security architectures and framework suchas :
• Softwaredefinednetworking (SDN) and SDWAN (Softwaredefined Wide AreaNetwork)
• Secure Access Service Edge(SASE)
• MITRE ATT&CKframework
• Zerotrust architecture(ZTA)
• Cloud securityarchitecture
• Various vendor specificarchitectures and frameworks (e.g. Azure Security ArchitectureGoogle infrastructure security AWS cloud securityarchitecture)
• NIST Cyber SecurityFramework v2
• CIS Controlsv8
• Security Operation (SecOps)practices
• Providingsubject matter expertise solution and architecture adviceconsultancy training and implementation guidance with cybersecurity network security and network protection solutionsincluding :
• Nextgenerationcyber security technologies leveraging automation artificialintelligence (AI) and machine learning(ML)
• Endpoint security solutionsEndpoint protection (EPP) Endpoint detection and response (EDR) andExtended Detection and Response(XDR)
• Cloudbased cyber securitysolutions Secure Service Edge (SSE) / SASE including Secure WebGateway (SWG) Cloud Access Security Broker (CASB) and ZeroTrustNetwork
• Identity security solutionssuch as MultiFactor Authentication (MFA) Passkey IdentityManagement (IdM) and Privileged Access Management(PAM)
• Advanced intrusion preventionsystems (IPS) and intrusion detection systems(IDS)
• Network accesscontrol
• Incident Response andIncident Management (IR and IM)systems
• Automated vulnerability andpatching
• Penetration testing andautomated Red Teaming
• User andEntity Behaviour Analytics(UEBA)
• Distributed denial of service(DDoS) protection
• OperationTechnology (OT)security
• Providingsubject matter expertise advice consultancy training andimplementation guidance on logging securing and analysing datavulnerability scanning and penetration testing and risk assessmentsto ensure sound network securityarchitecture
• Providing subjectmatter expertise advice and consultancy on complex cyber securityand network securityissues
• Providing subject matterexpertise advice consultancy training and implementation guidancewith network operations centre (NOC) and security operations centre(SOC) technologies services and equipment including but not limitedto :
• Security Informationand Event Management (SIEM)
• SecurityOrchestration Automation and Response(SOAR)
• ThreatIntelligence

SASE

• SolarWindsNetFlow Traffic Analyzer
• NetworkPerformance Monitor (NPM) and Network Configuration Management(NCM) Tools
• Providingsubject matter expertise advice consultancy training andimplementation guidance with identity security and authenticationsolutions and technologiesfor :
• Passwordbased andpasswordlessauthentication
• Certificatebasedauthentication
• Biometricauthentication
• Stayingabreast of the everevolving cyber threat landscape to providesubject matter expertise guidance and advice on tactical andoperational cyber security and network securitypractices
• Developing strategictechnology roadmaps based on new and emerging cyber security andnetwork security architecture solutions technology trends andindustry analysis.
• Developingstrategic technology roadmaps based on new and emerging networkarchitecture solutions and technology trends and industry analysisincluding but not limitedto :
• Network functionvirtualization (NFV) Open Network Automation Platform (ONAP)etc.
• WiFi and cellular broadbandadoption
• WiFi 6 (802.11ax) 802.11ayWiFi 7 (802.11be)
• WISP toolstechnologies and implementation inOntario
• 5G (5th generation) mobiledata service spectrum sharing splicingetc.
• Wireless network securitypractices including authentication and edgesecurity
• Providingsubject matter expertise advice consultancy training andimplementation guidance of network technology solutions servicesand equipment including but not limited to softwaredefinednetworking (SDN)technology :
• SDWAN (e.g.Fortinet Cisco Meraki Palo Altoetc.)
• Emerging SDEdge such as VMwareVeloCloud Silver Peaketc.
• Designing andbuilding network data monitoring and managementsystems
• Creating / updating detailedsystem documentation and technical specifications for varioussolutions and architecture including cyber security networksecurity network protection authentication SDWAN network technologyand NOC and SOC solutions
• Providingdetailed options analysis including cost estimates on cybersecurity network security and networkarchitectures.
• Assessing new andemerging cyber security network and network security solutionstechnology trends and industry analysis including but not limitedto wireless network security practices such as authentication andedge security
• Presenting to seniorand executive management and external stakeholders asneeded
• Provide status and projectstatus reports on all deliverablesassigned.
• Deliver on other duties asassigned.

This workinvolves working in close partnership with sector technical ITleads (e.g. school board IT leads) to develop tailored approachesand implementation plans.

To support various stakeholders theresource must be available to perform handson configurationtroubleshooting and training at the clientsite.

The unit manager may assignschool boardrelated work for other initiatives as required.

Requirements

Experienceand Skill SetRequirements :

Musthaves :

CyberSecurity and NetworkSecurity :

• 10years knowledge and experience with cyber security network securityand network protection architectures frameworks and solutionsincluding :
• Softwaredefinednetworking (SDN) and SDWAN (Softwaredefined Wide AreaNetwork)
• Secure Access Service Edge(SASE)
• MITRE ATT&CKframework
• 10 yearshandson experience providing subject matter expertise and leadingimplementation of network security and network protection solutionsand technologies implementation preferably for Ontario K12 schoolboardsincluding :
• Nextgenerationcyber security technologies leveraging automation artificialintelligence (AI) and machine learning(ML)
• Security Information and EventManagement (SIEM) and Security Orchestration Automation andResponse (SOAR) including Microsoft Sentinel Splunk GoogleChronicle and FortiSIEM
• Endpointsecurity solutions Endpoint protection (EPP) Endpoint detection andresponse (EDR) Extended Detection and Response(XDR)
• Identity Management (IdM)Privileged Access Management and other identity securitysolutions
• Automated patchingsolutions
• Incident Response (IR) andIncident Management(IM)
• 2 years demonstratedhandson experience providing security operations center (SOC)design architecture and plans including SOC technologies servicesand equipment but not limitedto :
• SIEM
• SOAR
• SASE

NetworkTechnology

• 5years handson experience with softwaredefined networking (SDN SDWANSDEdge)
• 5 years handson experiencein data and performance monitoring and management systems inparticular SolarWinds FortiManager Meraki Panorama Wiresharkpreferably for Ontario K12 schoolboards

CoordinationSkills and Experience

Strongcommunication skills as demonstrated through :

• 5 years experience ineffectively presenting to management teams and externalstakeholders
• 5 years coordinatingcomplex technical work with multiple IT teams internal and externalto the Ministry

IndustryCertifications / RelevantDegrees

• Relevantsecurity certification required (e.g. CISSP orCISM).
• Postgraduate degree (e.g.M.Sc. and / or Ph.D.) in computer science or engineering ispreferred.

Nicetohave :

PublicSectorExperience :

5years handson experience working with Ontario K12 school boards inparticular with school board networks and networksecurity

Skill SetRequirements :

CyberSecurity and NetworkSecurity :

• 10years experience in advanced SD networks and network securitypreferably for Ontario K12 schoolboards
• 10 years knowledge andexperience with cyber security network security and networkprotection architectures frameworks and solutionsincluding :
• Softwaredefinednetworking (SDN) and SDWAN (Softwaredefined Wide AreaNetwork)
• Secure Access Service Edge(SASE)
• MITRE ATT&CKframework
• Zerotrust architecture(ZTA)
• Cloud securityarchitecture
• Various vendor specificarchitecture and frameworks (e.g. Azure Security ArchitectureGoogle infrastructure security AWS cloud securityarchitecture)
• 10 yearshandson experience providing subject matter expertise and leadingimplementation of network security and network protection solutionsand technologies implementation preferably for Ontario K12 schoolboardsincluding :
• Nextgenerationcyber security technologies leveraging automation artificialintelligence (AI) and machine learning(ML)
• Nextgeneration firewalls(specifically Fortinet Meraki PaloAlto)
• Network access control (e.g.HPE Aruba ClearPassFortiNAC)
• Security Information andEvent Management (SIEM) and Security Orchestration Automation andResponse (SOAR) including Microsoft Sentinel Splunk GoogleChronicle and FortiSIEM
• Endpointsecurity solutions Endpoint protection (EPP) Endpoint detection andresponse (EDR) Extended Detection and Response(XDR)
• Cloudbased cyber securitysolutions such as Secure Web Gateway (SWG) Cloud Access SecurityBroker (CASB) firewalls and ZeroTrust Network access as availableSASE (such as Zscaler Netskope Cisco Umbrellaetc.)
• Distributed denial of service(DDoS) protection
• Advanced intrusionprevention systems (IPS) and intrusion detection systems(IDS)
• Identity Management (IdM)Privileged Access Management and other identity securitysolutions
• Automated patchingsolutions
• Incident Response (IR) andIncident Management (IM)
• OperationTechnology (OT)security
• 10 years handsonexperience providing subject matter expertise and leadingimplementation of authentication solutions and technologiespreferably for Ontario K12 school boardsincluding :
• Passwordbasedand passwordlessauthentication
• Multifactorauthentication(MFA)
• Certificatebasedauthentication
• Biometricauthentication (e.g. Fast Identity online (FIDO) Universal 2ndFactor (U2F) FIDO2 Google Authenticator Security Assertion MarkupLanguage (SAML))
• 2 yearsdemonstrated handson experience providing security operationscenter (SOC) design architecture and plans including SOCtechnologies services and equipment but not limitedto :
• SIEM
• SOAR
• SASE
• Demonstratedhandson experience with cyber security industry frameworks such asNIST Cyber Protection Framework and 800 series CIS Controls v8COBIT and ISO27001
• Knowledge of the newdraft NIST Cyber Security Frameworkv2.0
• Excellent knowledgeof the new and emerging cyber security and network securitytechnology trends
• Excellentknowledge and exposure to IoT security issues and data capturingmechanisms

NetworkTechnology :

• 10years handson experience with network infrastructure solutions andtechnologies including LAN / WAN VPN VXLAN wLAN fog computing networkfunction virtualization (NFV) server virtualization cloud platformsand hardware (servers switches routersfirewalls)
• 5 years handsonexperience with softwaredefined networking (SDN SDWANSDEdge)
• 5 years handson experiencewith Ontario K12 school boards networks (WAN LAN WiFi internetservice delivery)
• 5 years handsonexperience in data and performance monitoring and managementsystems in particular SolarWinds FortiManager Meraki PanoramaWireshark preferably for Ontario K12 schoolboards
• 5 years handson experiencewith network data traffic awareness monitoring and analysis toolsand technologies and enterprise tools including SolarWinds PRTG(Paessler Router Traffic Grapher) and Wireshark Network Analyzerpreferably for Ontario K12 schoolboards
• 5 years handson experiencewith data logging mechanisms and technologies including SyslogIPFix CSV CEF and NetFlow preferably for Ontario K12 schoolboards
• Demonstrated handsonexperience with developing customized WAN and network architecturesfor SDN networks to address unique and specificneeds
• Excellent knowledge of the newand emerging network technologytrends
• Demonstrated experienceassessing and evaluating new and emerging network technologies withpilots and proofofconcepts
• Experience withtelecommunication technologies suchas :
• Data transporttechnologies including fibre optic cable coaxial cable wirelessradio and microwave
• Nextgenerationdata transport such as LTE Advanced DOCSIS C3.1 and5G
• Transmission protocols includingMultiprotocol Label Switching (MPLS) Virtual Private LAN Service(VPLS) TCP / IP (Transmission Control Protocol / Internet Protocol) andtunneling

CoordinationSkills andExperience :

Strongcommunication skills as demonstrated through :

• 5 years experience ineffectively presenting to management teams and externalstakeholders
• 5 years experience inpreparing written materials (e.g. status reports recommendationsbriefing notes)
• 5 yearscoordinating complex technical work with multiple IT teams internaland external to the Ministry

Industry Certifications / RelevantDegrees :

• Relevantnetwork certifications or equivalent workexperience
• Relevant securitycertification required (e.g. CISSP orCISM).
• Computer Science engineeringor other relevant degree isrequired.
• Postgraduate degree (e.g.M.Sc. and / or Ph.D.) in computer science or engineering ispreferred.

Public SectorExperience :

• Knowledgeof Government of Ontario standards (e.g. GOITS) and relevantpolicies and legislation
• 5 yearshandson experience working with Ontario K12 school boards inparticular with school board networks and networksecurity
• Handson experienceproviding design development and delivery of technical trainingcourses to Ontario K12 school boards

Experience and Skill Set Requirements : Must haves : Cyber Securityand Network Security : 10+ years knowledge and experience with cybersecurity, network security and network protection architectures,frameworks, and solutions, including : Software-defined networking(SDN) and SD-WAN (Software-defined Wide Area Network) Secure AccessService Edge (SASE) MITRE ATT&CK framework 10+ years hands-onexperience providing subject matter expertise and leadingimplementation of network security and network protection solutionsand technologies implementation preferably for Ontario K-12 schoolboards, including : Next-generation cyber security technologiesleveraging automation, artificial intelligence (AI) and machinelearning (ML) Security Information and Event Management (SIEM) andSecurity Orchestration, Automation and Response (SOAR) includingMicrosoft Sentinel, Splunk, Google Chronicle, and FortiSIEMEndpoint security solutions - Endpoint protection (EPP), Endpointdetection and response (EDR), Extended Detection and Response (XDR)Identity Management (IdM), Privileged Access Management and otheridentity security solutions Automated patching solutions IncidentResponse (IR) and Incident Management (IM) 2+ years demonstratedhands-on experience providing security operations center (SOC)design, architecture and plans including SOC technologies,services, and equipment, but not limited to : SIEM SOAR SASE NetworkTechnology 5+ years hands-on experience with software-definednetworking (SDN, SD-WAN, SD-Edge) 5+ years hands-on experience indata and performance monitoring and management systems, inparticular, SolarWinds, FortiManager, Meraki, Panorama, Wiresharkpreferably for Ontario K-12 school boards Coordination Skills andExperience Strong communication skills as demonstrated through : 5+years experience in effectively presenting to management teams andexternal stakeholders 5+ years coordinating complex technical workwith multiple IT teams, internal and external to the MinistryIndustry Certifications / Relevant Degrees Relevant securitycertification required (e.

g., CISSP or CISM). Postgraduate degree(e.g., M.Sc. and / or Ph.D.) in computer science or engineering ispreferred. Nice-to-have : Public Sector Experience : 5+ yearshands-on experience working with Ontario K-12 school boards, inparticular with school board networks and network security SkillSet Requirements : Cyber Security and Network Security : 10+ yearsexperience in advanced SD networks and network security preferablyfor Ontario K-12 school boards 10+ years knowledge and experiencewith cyber security, network security and network protectionarchitectures, frameworks, and solutions, including : Software-defined networking (SDN) and SD-WAN (Software-defined WideArea Network) Secure Access Service Edge (SASE) MITRE ATT&CKframework Zero-trust architecture (ZTA) Cloud security architectureVarious vendor specific architecture and frameworks (e.

g., AzureSecurity Architecture, Google infrastructure security, AWS cloudsecurity architecture) 10+ years hands-on experience providingsubject matter expertise and leading implementation of networksecurity and network protection solutions and technologiesimplementation preferably for Ontario K-12 school boards,including : Next-generation cyber security technologies leveragingautomation, artificial intelligence (AI) and machine learning (ML)Next-generation firewalls (specifically Fortinet, Meraki, PaloAlto), Network access control (e.

g., HPE Aruba ClearPass,FortiNAC), Security Information and Event Management (SIEM) andSecurity Orchestration, Automation and Response (SOAR) includingMicrosoft Sentinel, Splunk, Google Chronicle, and FortiSIEMEndpoint security solutions - Endpoint protection (EPP), Endpointdetection and response (EDR), Extended Detection and Response (XDR)Cloud-based cyber security solutions such as Secure Web Gateway(SWG), Cloud Access Security Broker (CASB) ,firewalls, andZero-Trust Network access as available SASE (such as Zscaler,Netskope, Cisco Umbrella, etc.

Distributed denial of service(DDoS) protection, Advanced intrusion prevention systems (IPS), andintrusion detection systems (IDS) Identity Management (IdM),Privileged Access Management and other identity security solutionsAutomated patching solutions Incident Response (IR) and IncidentManagement (IM) Operation Technology (OT) security 10 + yearshands-on experience providing subject matter expertise and leadingimplementation of authentication solutions and technologies -preferably for Ontario K-12 school boards, including : Password-based and passwordless authentication Multi-factorauthentication (MFA) Certificate-based authentication Biometricauthentication (e.

g., Fast Identity online (FIDO) Universal 2ndFactor (U2F), FIDO2, Google Authenticator, Security AssertionMarkup Language (SAML)) 2+ years demonstrated hands-on experienceproviding security operations center (SOC) design, architecture andplans including SOC technologies, services, and equipment, but notlimited to : SIEM SOAR SASE Demonstrated hands-on experience withcyber security industry frameworks such as NIST Cyber ProtectionFramework and 800 series, CIS Controls v8, COBIT and ISO 27001Knowledge of the new draft NIST Cyber Security Framework v2.

0Excellent knowledge of the new and emerging cyber security andnetwork security technology trends Excellent knowledge and exposureto IoT security issues and data capturing mechanisms NetworkTechnology : 10+ years hands-on experience with networkinfrastructure solutions and technologies including LAN / WAN, VPN,VXLAN, wLAN, fog computing, network function virtualization (NFV),server virtualization, cloud platforms, and hardware (servers,switches, routers, firewalls) 5+ years hands-on experience withsoftware-defined networking (SDN, SD-WAN, SD-Edge) 5+ yearshands-on experience with Ontario K-12 school boards networks (WAN,LAN, Wi-Fi, internet service delivery) 5+ years hands-on experiencein data and performance monitoring and management systems, inparticular, SolarWinds, FortiManager, Meraki, Panorama, Wiresharkpreferably for Ontario K-12 school boards 5+ years hands-onexperience with network data traffic awareness, monitoring andanalysis tools and technologies, and enterprise tools, includingSolarWinds, PRTG (Paessler Router Traffic Grapher) and WiresharkNetwork Analyzer preferably for Ontario K-12 school boards 5+ yearshands-on experience with data logging mechanisms and technologiesincluding Syslog, IPFix, CSV, CEF and NetFlow preferably forOntario K-12 school boards Demonstrated hands-on experience withdeveloping customized WAN and network architectures for SDNnetworks to address unique and specific needs Excellent knowledgeof the new and emerging network technology trends Demonstratedexperience assessing and evaluating new and emerging networktechnologies with pilots and proof-of concepts Experience withtelecommunication technologies such as : Data transport technologiesincluding fibre optic cable, coaxial cable, wireless, radio andmicrowave Next-generation data transport such as LTE Advanced,DOCSIS C3.

1, and 5G Transmission protocols including MultiprotocolLabel Switching (MPLS), Virtual Private LAN Service (VPLS), TCP / IP(Transmission Control Protocol / Internet Protocol) and tunnelingCoordination Skills and Experience : Strong communication skills asdemonstrated through : 5+ years experience in effectively presentingto management teams and external stakeholders 5+ years experiencein preparing written materials (e.

g., status reports,recommendations, briefing notes) 5+ years coordinating complextechnical work with multiple IT teams, internal and external to theMinistry Industry Certifications / Relevant Degrees : Relevantnetwork certifications or equivalent work experience Relevantsecurity certification required (e.

g., CISSP or CISM). ComputerScience, engineering or other relevant degree is required.Postgraduate degree (e.g., M.Sc. and / or Ph.

D.) in computer scienceor engineering is preferred. Public Sector Experience : Knowledge ofGovernment of Ontario standards (e.

g., GO-ITS) and relevantpolicies and legislation 5+ years hands-on experience working withOntario K-12 school boards, in particular with school boardnetworks and network security Hands-on experience providing design,development and delivery of technical training courses to OntarioK-12 school boards