Overview:
LMI is seeking a Cybersecurity Architect to support LMI’s leading-edge, technology-enabled mission. In this fast-paced and matrixed environment, this position will develop cybersecurity requirements and solutions to ensure LMI’s technology meets all our risk and compliance requirements and will communicate our posture to stakeholders and customers.
This position will report to LMI’s Chief Information Security Officer (CISO) and support various initiatives across LMI’s matrixed environment. This position will work remotely. The successful candidate will work collaboratively in a fast-paced environment with cross-functional teams under the Chief Technology Officer (CTO), Chief Information Security Officer (CISO), Service Lines, Enterprise Technology Services (ETS), Growth, developers, and business stakeholders to ensure cohesive success across LMI.
LMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established as a private, not-for-profit organization in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We operate completely free of political and commercial bias, and we are entirely aligned with the goals of our clients. Our clients value our specialized services in logistics, intelligence, homeland security, health care, and energy and environment markets. We believe government can make a difference, and we seek talented, hardworking people who share that conviction. We offer a generous compensation package with excellent benefits that start the first day of employment. Business casual dress, flex time, and tuition reimbursement are a few of our many work-life benefits available to our employees.
Responsibilities:
The Cybersecurity Architect will be primarily responsible for identifying relevant cybersecurity requirements, performing research, performing risk assessments, developing solutions to controls and requirements, writing and compiling security authorization documents and implementation statements, and ensuring continual cybersecurity compliance on LMI’s internal software and solution development efforts throughout the System/Software Development Lifecycle (SDLC). These requirements may include all applicable Federal regulations, statutes, and standards, as well as requirements from LMI’s CISO. Examples of key sources of these requirements include the following:
-
Executive Order 13556 (CUI)
-
NIST SP 800-171 (CMMC)
-
NIST SP 800-37 and 800-53 (FISMA RMF)
-
NIST SP 800-30 (risk assessment)
-
Federal Risk and Authorization Management Program (FedRAMP)
-
DFARS 252.204-7012 / -7019 / -7020, / -7021
-
DoDI 8510.01 (DoD’s Risk Management Framework)
-
LMI’s System Security Plan (SSP)
-
OWASP Top 10 - 2021
-
NIST AI RMF
-
Executive Order 13960 and 14110 (AI)
-
OWASP - AI Exchange standards, guides, and tools
-
DISA STIGs and DoD Cloud Computing Security Requirements Guide (CC SRG)
-
CIS Benchmarks
-
FIPS 140-2- and 140-3-validated products and implementation guides
-
NIST SP 800-161, Cybersecurity Supply Chain Risk Management (C-SCRM)
-
NIST SP 800-218 (Secure Software Development Framework (SSDF))
Additional responsibilities include the following:
-
Representing LMI cybersecurity posture and architecture to current and future customers
-
Developing cybersecurity architecture diagrams, network diagrams, and other technical documentation
-
Applying primary responsibilities above to cloud environments
-
Applying primary responsibilities above to applications and DevSecOps processes
-
Reviewing, developing remediation plans, and validating remediation for vulnerability scans/testing of hosts, networks, application stacks, static code, web applications, open-source applications
-
Support LMI cybersecurity projects, such as Zero Trust Network Architecture (ZTNA) and Secure Services Edge (SSE), Cybersecurity Supply Chain Risk Management (C-SCRM), and Secure Software Development Framework (SSDF)
-
Where appropriate, use LMI’s GRC Tool to manage control implementation and compliance of assigned systems and applications
-
Ensure LMI-owned/controlled technology is integrated with LMI’s cybersecurity stack and toolset and that supporting infrastructure meets requirements
-
Develop LMI Enterprise security architecture standards and related guidance
-
Review, developing remediation plans, and validating remediation for secure configuration requirements from applicable sources
-
Work with LMI GRC Lead to develop POA&Ms, as required
-
Work with LMI Vulnerability Management Lead to ensure all technology is being tested for vulnerabilities
-
Other related duties, as assigned
Qualifications:
- Able to attain and maintain US Secret or Top Secret clearance
-
Currently holds active CISSP, CISM, GSLC, C|CISO certification, or similar senior-level, cybersecurity certification
-
Additional related certifications, such as PMP, CEH, CIPP, SANS, technology-specific, or others, preferred
-
Excellent verbal and written communications skills
-
Self-starter mindset, taking proactive initiative to ensure defined outcomes are achieved
-
Resourceful ability to research new concepts or detailed technical elements
-
Masters degree; or Bachelor’s Degree with commensurate years of experience
Experience
-
10 years of experience as a Cybersecurity Architect or Engineer, ISSO, ISSM, or Security Controls Assessor in Federal environment under NIST 800-53 and NIST Risk Management Framework, NIST SP 800-171 (CMMC), FedRAMP, or similar Federal framework
-
Successful leadership or substantial participation in receiving an Authority to Operation (ATO) from a Federal Authorizing Official
-
Experience developing implementation statements and solutions for System Security Plans
-
Experience successfully supporting a corporate security environment under NIST SP 800-171, FedRAMP, ISO 27001, or similar industrial frameworks preferred
-
Successful in highly collaborative work environments
-
Successful experience as an individual contributor with strong self-motivation, goal-orientation, and task management
-
Successful experience using GRC tools to manage compliance, perform self-assessments or audits, upload artifacts, and perform continuous monitoring
-
Experience performing risk assessments on changes, vulnerabilities, new systems/projects, and data governance