Security Infrastructure Support Security Architect - NIH

Security Infrastructure Support Security Architect Overview cFocus Software is seeking an experienced Security Infrastructure Support Security Architect to design, develop, and implement enterprise security architectures across complex hybrid environments in support of a federal agency.

The Security Architect will lead the design of secure systems and integrations, ensuring alignment with federal cybersecurity frameworks, best practices, and compliance requirements.

This position requires extensive technical experience in infrastructure architecture, cybersecurity engineering, SIEM administration, and DevSecOps practices.

This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area.

Some telework flexibility may be available depending on mission requirements.   Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.

Responsibilities The Security Infrastructure Support Security Architect shall perform duties that include, but are not limited to :

• Architect, design, and oversee implementation of secure infrastructure solutions for hybrid (on-premises and cloud) environments.
• Develop and maintain enterprise security architecture documentation, including diagrams, roadmaps, and standards.
• Lead the integration and configuration of cybersecurity tools, including Security Information and Event Management (SIEM) platforms, across enterprise systems.
• Collaborate with federal stakeholders, system owners, and technical teams to ensure alignment with cybersecurity frameworks and agency objectives.
• Provide expert guidance on cloud security design, migration, hardening, and cost optimization for environments including AWS, Azure, and O365.
• Implement DevSecOps practices, embedding security automation, secure code, and compliance validation throughout the build, test, and deployment lifecycle.
• Design and maintain secure virtualization and infrastructure management solutions to enhance availability and resiliency.
• Automate infrastructure and security processes through advanced scripting and tool development, primarily in Python.
• Support compliance with federal cybersecurity frameworks such as FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, and CDM.
• Conduct architecture reviews, threat modeling, and risk assessments to identify and mitigate vulnerabilities in enterprise systems.
• Develop and maintain policies, standards, and procedures for enterprise infrastructure and security architecture.
• Oversee infrastructure management activities including server patching, vulnerability remediation, and endpoint protection.
• Provide mentorship and technical leadership to engineering teams, fostering a collaborative and innovative technical environment.
• Coordinate with third-party vendors and cross-functional teams to deliver integrated security solutions.
• Deliver detailed reports, presentations, and executive-level briefings on security architecture design, risk management, and compliance posture.
• Required Qualifications Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred). 10+ years of experience architecting, designing, installing, maintaining, and supporting complex Enterprise IT systems.
• At least 5+ years of experience at the Senior Engineer level or higher. 5+ years of specific experience with cybersecurity tools or SIEM implementation and administration.
• Experience working within hybrid infrastructure environments (on-premises and cloud).
• Strong verbal and written communication skills for explaining complex security concepts to technical and non-technical stakeholders, including executive-level reporting.
• Deep knowledge of cloud security concepts, services, best practices, and operations (AWS, Azure, O365), including migration, security hardening, and cost optimization.
• Understanding and experience with core virtualization technologies and best practices.
• Extensive experience with DevSecOps practices, ensuring secure code and automation are integrated throughout build, test, and deployment processes.
• Strong scripting skills, particularly in Python, for automation and tool development.
• Experience managing a variety of enterprise cybersecurity tools, including SIEM platforms across hybrid environments.
• Hands-on experience with federal cybersecurity compliance frameworks (FISMA, NIST SP 800-53, NIST SP 800-92, OMB M-21-31, CDM).
• Proficiency in infrastructure management, including Windows / Linux servers, patching, vulnerability remediation, network appliances, and endpoint security.
• Strong problem-solving and analytical abilities for identifying and addressing complex security issues and developing innovative solutions.
• Strong understanding of risk management, data protection, and access control methods to ensure appropriate security control selection.
• Experience working with third-party vendors, cross-functional teams, and mentoring team members.
• Preferred Qualifications Experience designing secure architectures for DHS or other federal agencies.

Certifications such as CISSP, CISM, AWS Certified Security – Specialty, or Microsoft Certified :

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.