Director of Security Architecture

Arlington, Virginia

Local Only

Full Time

$150k - $200k

Director of Security Architecture

The Director of Security Architecture is responsible for selecting, designing, and implementing critical technologies that enable digital security, physical security, and risk teams to execute their missions efficiently. The Director owns all security-related tools and technologies used by the Firm, ensures that they interoperate coherently, and works with the teams that use them to make sure that they are fit for purpose. The Director also ensures that the computing environment for employees is well-engineered, so that it produces secure outcomes by default, while imposing the smallest possible tax on productivity. This role is highly technical and not operations oriented.

The company is located in the D.C. Metro Area and will be remote, but the candidate must be located in the D.C. Area.

What You Will Be Doing:
  • Selects critical technologies that support the missions of the Digital Security Operations, Physical Security Operations, and Risk Operations teams. These technologies include those used for:
  • Building secure computing enclaves to protect highly sensitive data.
  • Protecting desktops, servers, and infrastructure from attack with appropriate defensive technologies.
  • Providing visibility into the security state of servers, desktops, mobile devices, applications, databases, and infrastructure.
  • Detecting security events by collecting and analyzing security logs and related telemetry from servers, desktops, mobile devices, applications, databases, and infrastructure.
  • Responding to security, privacy, and workplace incidents efficiently.
  • Recovering from attack with minimal disruption to operations.
  • Documents the design and interoperations of the critical security technologies described above to ensure that they are rational; in-depth or deliberately de-conflicted as appropriate to the situation; cost effective and coherent; and that they work together harmoniously.
  • Selects vendors of critical technology, in consultation with security and technology process owners, including the Digital Security Operations, Physical Security Operations, Risk Operations, Information Technology Services, Information Resource Services, and Practice Services and Support teams.
  • Oversees implementation of critical technologies by Covington technology asset or process owners, cloud vendors, contractors, or managed services providers, as appropriate.
  • Maintains the Firm’s technical standards for event logging, collection, analysis, and alerting.
  • Defines and maintains and the Cybersecurity Five Year Plan for future-proofing the Firm against unknown threats.
  • Defines, hires, and retains the talent necessary to ensure that all the responsibilities described above are suitably staffed.
  • Perform other duties as assigned.
Required Skills & Experience:
  • Bachelor's degree required; advanced degree and CISSP certification preferred.
  • Requires 15+ years' experience in cybersecurity, with 10+ years’ experience running security architecture programs, SIEM rationalization initiatives, endpoint agent collapse programs, or other cyber transformation projects.
  • Expert working knowledge of SIEM, MDR, E/XDR tools, Windows desktop and server security tools and topics, Azure security, Windows Event logging, syslog, and related telematics topics.
  • Exceptional interpersonal skills: success in the role requires the ability to influence and persuade.
  • Excellent written and oral communication skills.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.

Posted by: Ashton Corbett