RQ07639 - Applications Architect - Senior

Deliverables:

The Senior Application Architect role requires extensive knowledge of modern network technology broadband connectivity industry options network security cyber security and other internet technologies with demonstrated handson experience designing and developing modern networks network security and cyber security solutions in the education sector preferably the Ontario K12 school board environment. This resource is responsible for but not limited to:

• Providing subject matter expertise advice consultancy and training with various network and cyber security architectures and frameworks such as:
  

• Secure Access Service Edge (SASE)
  
• Zerotrust architecture (ZTA)
  
• Cloud security architecture
  
• Softwaredefined networking (SDN) and SDWAN (Softwaredefined Wide Area Network)
  
• MITRE ATT&CK framework MITRE D3FEND and MITRE ATLAS
  
• Various vendor specific architectures and frameworks (e.g. Azure Security Architecture Google infrastructure security AWS cloud security architecture)
  
• NIST Cyber Security Framework (CSF) v2
  
• CIS Controls v8
  
• Security Operation (SecOps) practices
  

• Providing subject matter expertise solution and architecture advice consultancy training and implementation guidance with cyber security network security and network protection solutions including:
  

• Nextgeneration cyber security technologies leveraging automation artificial intelligence (AI) and machine learning (ML)
  
• Endpoint security solutions Endpoint protection (EPP) endpoint detection and response (EDR) and extended detection and response (XDR)
  
• Cloudbased cyber security solutions Secure Service Edge (SSE) / SASE including Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) and ZeroTrust Network
  
• Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)
  
• Network access control
  
• Incident Response and Incident Management (IR and IM) systems
  
• Automated vulnerability and patching
  
• User and Entity Behaviour Analytics (UEBA)
  
• Distributed denial of service (DDoS) protection
  
• Penetration testing and automated Red Teaming
  
• Operation Technology (OT) security
  

• Providing subject matter expertise advice consultancy training and implementation guidance on logging securing and analysing data vulnerability scanning and penetration testing and risk assessments to ensure sound network security architecture
  
• Providing subject matter expertise advice and consultancy on complex cyber security and network security issues
  
• Providing subject matter expertise advice consultancy training and implementation guidance with network operations centre (NOC) and security operations centre (SOC) technologies services and equipment including but not limited to:
  

• Security Information and Event Management (SIEM)
  
• Security Orchestration Automation and Response (SOAR) Response automation solutions leveraging artificial intelligence and machine learning
  
• Threat Intelligence
  
• Network Traffic Analyzer Network Performance Monitoring and Network Configuration Management tools
  

• Providing subject matter expertise advice consultancy training and implementation guidance with identity security and authentication solutions and technologies for:
  

• MultiFactor Authentication (MFA)
  
• Identity Management (IdM)
  
• Privileged Access Management (PAM)
  
• Passwordbased and passwordless/passkey authentication
  
• Certificatebased biometric authentication
  

• Staying abreast of the everevolving cyber threat landscape to provide subject matter expertise guidance and advice on tactical and operational cyber security and network security practices
  
• Developing strategic technology roadmaps based on new and emerging cyber security and network security architecture solutions technology trends and industry analysis.
  
• Developing strategic technology roadmaps based on new and emerging network architecture solutions and technology trends and industry analysis including but not limited to:
  

• Network function virtualization (NFV) Open Network Automation Platform (ONAP) etc.
  
• Latest WiFi (e.g. WiFi 6 (802.11ax) 802.11ay WiFi 7 (802.11be)) and cellular broadband options
  
• Wireless Internet Service Provider (WISP) tools technologies and implementation in Ontario
  
• 5G (5th generation or latest) mobile data service spectrum sharing splicing etc.
  
• Wireless network security practices including authentication and edge security
  

• Providing subject matter expertise advice consultancy training and implementation guidance of network technology solutions services and equipment including but not limited to softwaredefined networking (SDN) technology:
  

• SDWAN (e.g. Fortinet Cisco Meraki Palo Alto etc.)
  
• Emerging SDEdge such as VMware VeloCloud Silver Peak etc.
  

• Designing and building network data monitoring and management systems
  
• Creating/updating detailed system documentation and technical specifications for various solutions and architecture including cyber security network security network protection authentication SDWAN network technology and NOC and SOC solutions
  
• Providing detailed options analysis including cost estimates on cyber security network security and network architectures
  
• Assessing new and emerging cyber security network and network security solutions technology trends and industry analysis including but not limited to wireless network security practices such as authentication and edge security
  
• Presenting to senior and executive management and external stakeholders as needed
  
• Providing status and project status reports on all deliverables assigned.
  
• Taking a collaborative approach to solution definition development and implementation with multiple stakeholder groups with differing needs and expectations
  
• Deliver on other duties as assigned.
  
• This work involves working in close partnership with sector technical IT leads (e.g. school board IT leads) to develop tailored approaches and implementation plans. To support various stakeholders the resource must be available to perform handson configuration troubleshooting and training at the client site. Therefore the resource must be available to travel same day or overnight in Ontario as needed.
  
• The unit manager may assign other related board work for other unit or branch initiatives as required.
  

Requirements

Experience and Skill Set Requirements:

Must Haves:

• 10 years knowledge and experience with cyber security network security and network protection architectures frameworks and solutions including SDN and SDWAN
  
• 10 years handson experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation preferably for Ontario K12 school boards including:
  

• Nextgeneration cyber security technologies leveraging automation AI and machine learning
  
• SIEM such as MS Sentinel Splunk Google Chronicle AlienVault and FortiSIEM
  
• Endpoint security solutions EPP EDR XDR
  
• Cyber security incident response and management systems
  
• IdM
  
• PAM
  

• 2 years demonstrated handson experience providing SOC design architecture and plans including SOC technologies services and equipment.
  
• 5 years handson experience with softwaredefined networking (SDN SDWAN SDEdge).
  
• 5 years handson experience in data and performance monitoring and management systems in particular SolarWinds FortiManager Meraki Panorama Wireshark preferably for Ontario K12 school boards.
  
• 10 years experience in effectively presenting to management teams and external stakeholders.
  
• 1 years coordinating complex technical work with multiple IT teams internal and external to the Ministry.
  
• Relevant security certification required (e.g. CISSP or CISM).
  
• Postgraduate degree (e.g. M.Sc. and/or Ph.D.) in computer science or engineering is preferred.
  

Nicetohaves:

• 5 years handson experience working with Ontario K12 school boards in particular with school board networks and network security
  

Skill Set Requirements:

Cyber Security and Network Security:

• 10 years experience in advanced SD networks and network security preferably for Ontario K12 school boards.
  
• 10 years knowledge and experience with cyber security network security and network protection architectures frameworks and solutions including:
  

• Softwaredefined networking (SDN) and SDWAN (Softwaredefined Wide Area Network)
  
• Secure Access Service Edge (SASE)
  
• Zerotrust architecture (ZTA)
  
• Cloud security architecture
  
• MITRE ATT&CK framework MITRE D3FEND and MITRE ATLAS
  
• Various vendor specific architectures and frameworks (e.g. Azure Security Architecture Google infrastructure security AWS cloud security architecture)
  

• 10 years handson experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation preferably for Ontario K12 school boards including:
  

• Nextgeneration cyber security technologies leveraging automation artificial intelligence (AI) and machine learning (ML)
  
• Nextgeneration firewalls (e.g. Fortinet Meraki Palo Alto)
  
• Network access control (e.g. HPE Aruba ClearPass FortiNAC)
  
• Security Information and Event Management (SIEM) such as Microsoft Sentinel Splunk Google Chronicle AlienVault and FortiSIEM
  
• Security Orchestration Automation and Response (SOAR)
  
• Endpoint security solutions Endpoint protection (EPP) endpoint detection and response (EDR) extended detection and response (XDR)
  
• Cloudbased cyber security solutions such as Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) firewalls and ZeroTrust Network access as available SASE (such as Zscaler Netskope Cisco Umbrella etc.)
  
• Distributed denial of service (DDoS) protection
  
• Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)
  
• Network access control
  
• Cyber security incident response and management systems
  
• Automated vulnerability and patching
  
• User and Entity Behaviour Analytics (UEBA)
  
• Distributed denial of service (DDoS) protection
  
• Penetration testing and automated Red Teaming
  
• Operation Technology (OT) security
  

• 10 years handson experience providing subject matter expertise and leading implementation of authentication solutions and technologies preferably for Ontario K12 school boards including:
  

• MultiFactor Authentication (MFA)
  
• Identity Management (IdM)
  
• Privileged Access Management (PAM)
  
• Passwordbased and passwordless/passkey authentication
  
• Certificatebased biometric authentication
  

• 2 years demonstrated handson experience providing security operations center (SOC) design architecture and plans including SOC technologies services and equipment but not limited to:
  

• Security Information and Event Management (SIEM)
  
• Security Orchestration Automation and Response (SOAR)
  
• Secure Access Service Edge (SASE)
  

• .Demonstrated handson experience with cyber security industry frameworks such as NIST Cybersecurity Framework (CSF) and 800 series CIS Controls v8 COBIT and ISO 27001.
  
• Excellent knowledge of the new and emerging cyber security and network security technology trends.
  
• Excellent knowledge and exposure to IoT security issues and data capturing mechanisms.
  

Network Technology:

• 10 years handson experience with network infrastructure solutions and technologies including LAN/WAN VPN VXLAN wLAN fog computing network function virtualization (NFV) server virtualization cloud platforms and hardware (servers switches routers firewalls).
  
• 5 years handson experience with softwaredefined networking (SDN SDWAN SDEdge).
  
• 5 years handson experience with Ontario K12 school boards networks (WAN LAN WiFi internet service delivery).
  
• 5 years handson experience in data and performance monitoring and management systems in particular SolarWinds FortiManager Meraki Panorama Wireshark preferably for Ontario K12 school boards.
  
• 5 years handson experience with network data traffic awareness monitoring and analysis tools and technologies and enterprise tools including SolarWinds PRTG (Paessler Router Traffic Grapher) and Wireshark Network Analyzer preferably for Ontario K12 school boards.
  
• 5 years handson experience with data logging mechanisms and technologies including Syslog IPFix CSV CEF and NetFlow preferably for Ontario K12 school boards.
  
• Demonstrated handson experience with developing customized WAN and network architectures for SDN networks to address unique and specific needs.
  
• Excellent knowledge of the new and emerging network technology trends.
  
• Demonstrated experience assessing and evaluating new and emerging network technologies with pilots and proofof concepts.
  
• Experience with telecommunication technologies such as:
  

• Data transport technologies including fibre optic cable coaxial cable wireless radio and microwave
  
• Nextgeneration data transport such as LTE Advanced DOCSIS C3.1 and 5G
  
• Transmission protocols including Multiprotocol Label Switching (MPLS) Virtual Private LAN Service (VPLS) TCP/IP (Transmission Control Protocol/Internet Protocol) and tunneling
  

Coordination Skills and Experience:

Strong communication skills as demonstrated through:

• 10 years experience in effectively presenting to management teams and external stakeholders.
  
• 5 years experience in preparing written materials (e.g. status reports recommendations briefing notes).
  
• 1 years coordinating complex technical work with multiple IT teams internal and external to the Ministry.
  

Industry Certifications / Relevant Degrees:

• Relevant network certifications or equivalent work experience.
  
• Relevant security certification required (e.g. CISSP or CISM).
  
• Computer Science engineering or other relevant degree is required.
  
• Postgraduate degree (e.g. M.Sc. and/or Ph.D.) in computer science or engineering is preferred.
  

Public Sector Experience:

• Knowledge of Government of Ontario standards (e.g. GOITS) and relevant policies and legislation.
  
• 5 years handson experience working with Ontario K12 school boards in particular with school board networks and network security.
  
• Handson experience providing design development and delivery of technical training courses to Ontario K12 school boards.