Security Architect - Mostly Remote at Mechanicsburg, Pennsylvania, USA |
Email: [email protected] |
From: Sandeep Maraganti, Msys Inc [email protected] Reply to: [email protected] Title: Security Architect - Mostly Remote Location: Mechanicsburg, PA, USA Length: Long term Restriction: W2 or C2C Send resume to: [email protected] Description: *** Very long term project Long term usually goes for 3+ years*** Webcam interview *** *** Mostly Remote *** *** 37.5 hours per week *** This position requires an in-depth background check, including fingerprinting Meeting on Site in Mechanicsburg as needed. No more than 2x per month. implement Multi Factor Authentication (MFA) solutions for the Criminal Justice Information Services (CJIS) in Pennsylvania. The project consists of two (2) major tasks. First is to determine and deploy a CJIS compliant MFA solution. Second is to address a CJIS compliant approach for address machine registration and identification. The project involves integrating various technologies and services, including Azure, Microsoft Entra, Active Directory (AD), Commonwealth Public Key Infrastructure (PKI), AD certificate services, Commonwealth applications, IBM Secure Verify and potentially a Card Management System (CMS). Position: Functional Architect Will be responsible for designing, implementing, and overseeing the FIDO (Fast Identity Online) authentication framework within the project. The architect will work closely with the project team to ensure the successful architecture and integration approach of FIDO based MFA solutions into the existing infrastructure and Public Safety applications. Responsibilities: Architectural Design: Develop a comprehensive architectural design for the integration of FIDO based MFA solutions with the existing systems, including Azure, Microsoft Entra, AD, Commonwealth PKI, certificate services, and Commonwealth applications. Technology Evaluation: Evaluate FIDO2 security keys, smartcards, and Windows Hello for Business as potential authenticators to meet the CJIS Security Policy requirements. Compliance Assurance: Ensure that the FIDO based MFA solutions comply with the CJIS Security Policy, CJIS Requirements Companion Document, NIST SP 80063 guidelines, and other relevant regulatory requirements. Integration and Testing: Oversee the integration of FIDO based MFA solutions with the existing infrastructure, conduct thorough testing, and ensure seamless interoperability. Documentation and Training: Prepare detailed technical documentation, guidelines, and training materials for the implementation and maintenance of FIDO based MFA solutions. This includes working with solutions architects, designers, and developers within public safety. Requirements: Experience: Proven experience in designing and implementing FIDO based authentication solutions, preferably in the context of CJIS compliance. Proven experience and working knowledge of unified endpoint identification, registration, and authentication, preferably in the context of CJIS compliance. Technical Expertise: In depth knowledge of FIDO2 security keys, smartcards, Windows Hello for Business, and their integration with Azure, Entra, AD, and other relevant systems. Regulatory Knowledge: Familiarity with CJIS Security Policy, NIST SP 80063 guidelines, and other relevant regulatory frameworks. Communication Skills: Strong communication and collaboration skills to work effectively with cross functional teams and stakeholders. Deliverables: Comprehensive architectural design for FIDO based MFA and device registration and integration which starts with workstation CJIS MFA secured logon and moves towards CJIS MFA security at the application(s). Phased approach and timeline for achieving the full architectural design. The first focus should address the FIDO2 MFA with users starting with the Pennsylvania State Police and rolling out to the other Public Safety Deliver Center Agencies. The second focus should address machine registration and identification. Evaluation report on FIDO2 security keys, smartcards, and Windows Hello for Business. Evaluation report on machine registration process and existing repositories Microsoft Intunes, Workspace One, and AD. Application integration guidance and compliance assessment documentation for integrating the FIDO security solution. This document will be used solutions developers and application support configuring third party hosted applications and solutions. Integrated and tested FIDO based MFA solutions including a break glass solution. Technical documentation and training materials. Timeline: The Functional Architect will be engaged to complete the architectural design, phased implementation approach, and documentation to assist architects and solutions team with the implementation of the CJIS MFA and end point solution. Conclusion: The Functional Architect will play a crucial role in ensuring the successful implementation of multi factor authentication solutions for the CJIS project in Pennsylvania, contributing to the security and compliance of the Commonwealths criminal justice information systems. Citations: The CJIS Security Policyv5.9.2 introduced important revisions in Section 5.6 Identification and Authentication (IA) and Section 5.15 System and Information Integrity (SI)among other changes. Of particular significance to law enforcement and criminal justice agencies using cloud services for the transmission, storage, or processing of CJI are the updated multi factor authentication (MFA) requirements for identification and authentication of organizational users. Microsoft Entra ID supports both authenticator and verifier NIST SP 80063B AAL3requirements, including the underlying FIPS 140 validation requirements. Microsoft Entra ID support for NIST SP 80063B AAL3 exceeds the CJIS Security Policy MFA requirements. In Microsofts continuous effort to provide resources and guidance to agencies to help them meet their CJIS regulatory requirements, Microsoft collaborated with CJIS Security Analyst and Subject Matter Expert of the CJIS ACE Division at Diverse Computing and former CJIS Information Security Officer (ISO). Required Skills: Experience with architecture design 10 Years Experience with security engineering/architecture (PKI, MFA etc.) 7 Years Experience with technical evaluation 10 Years Experience with technical documentation (materials for evaluation, implementation, guidelines, policy, and the like) 5 Years Desired Skills: Relevant experience is needed for this Functional Architect 3 position 20 Years Familiarity of CJIS, FBI policy and work with law enforcement a plus Familiarity of Commonwealth of Pennsylvania or other state governments, and local government a plus Keywords: active directory wtwo Idaho Iowa Pennsylvania Security Architect - Mostly Remote [email protected] |
[email protected] View all |
Thu Aug 01 23:18:00 UTC 2024 |