Find More Than 25415+ Job Vacancy

Purpose

Understands existing application architectures including associated product vendors, application requirements, configurable settings, application interfaces, associated data flows, compatibility and interoperability risks. This role understands current architectures and develops potential new and/or augmented architecture focusing on areas such as privileged user access, identities and access, data classification, etc.
Supports cyber assurance audits and assessments and delivers and ensures security of new functionality. Ensures only secure, trusted code is implemented, that gold images are managed, that PKI and key management strategies are properly designed and implemented, and that recovery mechanisms are architected and properly implemented. Develops workflows and user roles for role-based security and determines required user access to networks and devices.
Develops application concepts and works on the capabilities needed for all phases of the development life cycle; translates technology and environmental conditions (e.g., law and regulation) into application architecture and security designs and processes. Ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of application architecture.

Responsibilities

• Design modeling and building use cases (e.g., unified modeling language).
• Apply best-practice methods, standards, and approaches for describing, analyzing, and documenting Avangrid's application architecture.
• Optimize application architecture to meet performance requirements.
• Execute application integration processes and build application architectures and frameworks.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Define and prioritize essential application capabilities or business functions required for partial or full system restoration after a catastrophic failure event.
• Define appropriate levels of application availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.
• Develop/integrate cybersecurity designs for applications with multilevel security requirements.
• Ensure that acquired or developed application(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
• Perform security reviews, identify gaps in application architecture, support risk management.
• Support activities requiring costs, design concepts/ changes to the application architecture.
• Provide input on application security requirements to be included in statements of work and other appropriate procurement documents.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Define and document how the implementation of a new application or new interfaces between applications impacts the security posture of the current environment.
• Analyze application architectures, allocate security services, and select security mechanisms.
• Develop an application security context, a preliminary applications security Concept of Operations (CONOPS), and define baseline applications security requirements in accordance with applicable cybersecurity requirements.
• Evaluate applications architectures to determine adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
• Analyze user needs and requirements to plan application architecture.
• Develop application architecture and/or components required to meet user needs.
• Document and update as necessary all application definition and architecture activities.
• Determine the protection needs (i.e., security controls) for the application architecture and document appropriately.

Competencies

Skills and Requirements

Experience Required:

• Knowledge of installation, integration, and optimization of applications and components.
• Database systems.
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Knowledge of application management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Knowledge of confidentiality, integrity, and availability requirements.
• Knowledge of multi-level security systems and cross domain solutions.
• Knowledge of application protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).

Mobility Information

Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country