CISA Security Architect


This role ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.

Personnel performing this role may unofficially or alternatively be called:

  • Information Assurance (IA) Architect
  • Information Security Architect
  • Security Solutions Architect
  • Cybersecurity Architect

 

Category: Securely Provision
Specialty Area: Systems Architecture

 

Core Tasks

  • Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to government organizations (e.g., UNCLASSIFIED, SECRET, and TOP SECRET). (T0071)
  • Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. (T0082)
  • Employ secure configuration management processes. (T0084)
  • Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines. (T0090)
  • Identify and prioritize critical business functions in collaboration with organizational stakeholders. (T0108)
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. (T0177)
  • Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. (T0268)
  • Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents. (T0328)
  • Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately. (T0484)

Core Competencies

  • Business Continuity
  • Client Relationship Management
  • Computer Network Defense
  • Computers and Electronics
  • Data Analysis
  • Enterprise Architecture
  • Information Technology Assessment
  • Mathematical Reasoning
  • Risk Management
  • Systems Integration
  • Technology Awareness
  • Telecommunications

Core Knowledge, Skills and Abilities (KSAs)

  • Knowledge of business continuity and disaster recovery continuity of operations plans. (K0026)
  • Ability to serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls. (A0148)
  • Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). (K0202)
  • Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). (K0030)
  • Knowledge of microprocessors. (K0055)
  • Knowledge of industry-standard and organizationally accepted analysis principles and methods. (K0043)
  • Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) (K0291)
  • Ability to design architectures and frameworks. (A0061)
  • Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. (S0027)
  • Knowledge of computer algorithms. (K0015)
  • Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). (K0264)
  • Knowledge of installation, integration, and optimization of system components. (K0035)
  • Knowledge of human-computer interaction principles. (K0036)
  • Knowledge of remote access technology concepts. (K0071)
  • Knowledge of communication methods, principles, and concepts that support the network infrastructure. (K0010)

How to Apply

To apply for this work role, submit an application to one or more of CISA's vacancy announcements. Please ensure your resume has been updated to reflect your demonstrated experience performing the above tasks and describe your exposure to the listed competencies.

  1. Assign the appropriate Task ID and/or Core KSA ID to each experience statement in your resume. Task and KSA IDs are listed in parenthesis at the end of each bullet above.
     
  2. You must also include demonstrated experience on the four required competencies:
  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

Was this document helpful?  Yes  |  Somewhat  |  No