Cybersecurity Architect

LMI is seeking a Cybersecurity Architect to support LMI's leading-edge, technology-enabled mission. In this fast-paced and matrixed environment, this position will develop cybersecurity requirements and solutions to ensure LMI's technology meets all our risk and compliance requirements and will communicate our posture to stakeholders and customers.

This position will report to LMI's Chief Information Security Officer (CISO) and support various initiatives across LMI's environment. The successful candidate will work collaboratively in a fast-paced environment with cross-functional teams under the Chief Technology Officer (CTO), Chief Information Security Officer (CISO), Service Lines, Enterprise Technology Services (ETS), development teams, and business stakeholders to ensure cohesive success across LMI.

At LMI, we're creating innovative solutions to transform emerging needs into extraordinary impacts at The New Speed of Possible. With an emphasis on agile development and human-centered design, we enable agencies to experience solutions faster and conquer their toughest challenges sooner.

The Cybersecurity Architect will be primarily responsible for identifying relevant cybersecurity requirements, performing research, performing risk assessments, developing solutions to controls and requirements, writing and compiling security authorization documents and implementation statements, and ensuring continual cybersecurity compliance on LMI's internal software and solution development efforts throughout the System/Software Development Lifecycle (SDLC). These requirements may include all applicable Federal regulations, statutes, and standards, as well as requirements from LMI's CISO. Additional responsibilities include the following:

Representing LMI cybersecurity posture and architecture to current and future customers
• Developing cybersecurity architecture diagrams, network diagrams, and other technical documentation
• Applying primary responsibilities above to cloud environments
• Applying primary responsibilities above to applications and DevSecOps processes
• Reviewing, developing remediation plans, and validating remediation for vulnerability scans/testing of hosts, networks, application stacks, static code, web applications, open-source applications
• Where appropriate, use LMI's GRC Tool to manage control implementation and compliance of assigned systems and applications
• Ensure LMI-owned/controlled technology is integrated with LMI's cybersecurity stack and toolset and that supporting infrastructure meets requirements
• Review, developing remediation plans, and validating remediation for secure configuration requirements from applicable sources
• Work with LMI GRC Lead to develop POA&Ms, as required
• Work with LMI Vulnerability Management Lead to ensure all technology is being tested for vulnerabilities

• Able to attain and maintain US Secret or Top Secret clearance
• Currently holds active CISSP, CISM, CSSLP,CDP, CSA CCSK, C|CISO certification, or similar senior-level, cybersecurity certification
• Additional related certifications, such as PMP, SANS, technology-specific, or others, preferred
• Excellent verbal and written communications skills
• Self-starter mindset, taking proactive initiative to ensure defined outcomes are achieved
• Resourceful ability to research new concepts or detailed technical elements
• Masters degree; or Bachelor's Degree with commensurate years of experience

Experience

• 10 years of experience as a Cybersecurity Architect or Engineer, ISSO, ISSM, or Security Controls Assessor in Federal environment under NIST 800-53 and NIST Risk Management Framework, NIST SP 800-171 (CMMC), FedRAMP, or similar Federal framework
• Experience successfully supporting a corporate security environment under NIST SP 800-171, FedRAMP, ISO 27001, or similar industrial frameworks preferred
• Successful in highly collaborative work environments
• Successful experience as an individual contributor with strong self-motivation, goal-orientation, and task management
• Successful experience using GRC tools to manage compliance, perform self-assessments or audits, upload artifacts, and perform continuous monitoring Experience performing risk assessments on changes, vulnerabilities, new systems/projects, and data governance