Security Architect

Location:

Reston, VA – Tech Sur HQ Office (3x/week)

Salary: DOE + full benefits

Clearance:
Active Public Trust

Company Overview

Tech Sur Solutions is a digital services company whose mission is to enable digital transformation for our customers to improve quality and efficiency. Based in the DC metropolitan area, Tech Sur specializes in advanced cloud services, modernization for both IT structures and applications, leveraging Agile development, and Data Analytics. Since we were formed in August of 2016, we have supported multiple impactful and exciting government programs.

Job Description

We are seeking skilled Security Architect to support a civilian federal agency by engineering, implementing, and operating enterprise and cloud security controls. The role will leverage your skills in identity-centric security, Zero Trust Architecture, and public key–based authentication, while also supporting vulnerability management, patching, incident response, and federal compliance requirements.

Key Responsibilities:

• Design and implement secure architecture solutions across cloud, on Prem, and hybrid environments.
• Develop security standards, policies, and technical guidelines aligned with organizational and regulatory requirements.
• Conduct architecture reviews, threat modeling, and risk assessments for new and existing systems.
• Collaborate with engineering, Dev Ops, and product teams to ensure security requirements are integrated into system designs.
• Implement, and operate ICAM solutions, including identity lifecycle management, authentication, authorization, and access governance.
• Implement Zero Trust Architecture in alignment with NIST SP 800-207, emphasizing continuous verification, least privilege, and identity-based access.
• Deploy and support SASE / SSE capabilities, including ZTNA, Secure Web Gateway, CASB, and Firewall-as-a-Service.
• Support PIV smart card and certificate-based authentication across users, devices, applications, and cloud environments.
• Operate, and maintain PKI and certificate management services, including certificate issuance, renewal, revocation, and automation.
• Engineer and secure cloud environments (AWS, Azure, or GCP), focusing on identity, networking, logging, and secure configurations.
• Perform vulnerability scanning, risk prioritization, and coordination of remediation activities.
• Support patch management efforts by validating system configurations and verifying remediation of security findings.
• Monitor security and identity events using SIEM and related tools; investigate and respond to security incidents.
• Participate in incident response activities, including alert triage, investigation, containment, eradication, and recovery.
• Develop and maintain incident response playbooks, runbooks, and post-incident documentation.
• Develop and maintain security engineering documentation, standards, and operational runbooks.
• Collaborate with IT, cloud, and application teams to integrate security controls into system designs and CICD pipelines.
• Provide compliance and audit support, including technical evidence for ATO, continuous monitoring, and remediation activities.

Required Skills

• Strong knowledge of network security, application security, and cloud security architecture.
• Hands-on experience with major cloud platforms (AWS, Azure, or Google Cloud) and their native security services.
• Expertise in security frameworks such as NIST, ISO 27001, CIS Benchmarks, OWASP, and Zero Trust.
• Proficiency with identity and access management (IAM), SSO, MFA, and federation technologies.
• Solid understanding of encryption, PKI, firewalls, WAFs, SIEM, EDR, and vulnerability management tools.
• Proven experience in identifying and remediating vulnerabilities in both Linux and Windows environments with a strong understanding of compliance requirements.
• Proficiency in using security tools such as Nessus, ORCA, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and other vulnerability scanning tools.
• Familiarity with Red Hat Satellite server, WSUS, IBM Big Fix or other similar toolsets.
• Knowledge of scripting languages such as Python, Bash, Power Shell, Ansible for automation of security remediation tasks.
• Excelle…