Description:

The Senior Technology Architect, role requires extensive knowledge of network connectivity, network security, cyber security and internet technologies with demonstrated hands-on experience analyzing, configuring, implementing, and troubleshooting network, network security and cyber security solutions for the Ontario K-12 school board environment. This resource is responsible for, but not limited to:

• Providing subject matter expertise, configuration, troubleshooting, training, and implementation guidance with cyber security, network security and network protection solutions, including:
  
• Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (ML)
  
• Endpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), and Extended Detection and Response (XDR)
  
• Cloud-based cyber security solutions, Secure Service Edge (SSE) / Secure Access Service Edge (SASE) including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero-Trust Network
  
• Identity security solutions – such as Multi-Factor Authentication (MFA), Passkey, Identity Management (IdM), and Privileged Access Management (PAM)
  
• Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)
  
• Network access control
  
• Incident Response and Incident Management (IR and IM) systems
  
• Automated vulnerability and patching
  
• Penetration testing and automated Red Teaming
  
• User and Entity Behaviour Analytics (UEBA)
  
• Distributed denial of service (DDoS) protection
  
• Operation Technology (OT) security
  
• Providing hands-on subject matter expertise troubleshooting and securing software-defined networking (SDN) technology including:
  
• Software-defined wide area network (SD-WAN) including Fortinet, Cisco Meraki, Palo Alto, Fat Pipe, etc.
  
• Emerging SD-Edge such as VMware VeloCloud, Silver Peak, etc
  
• Providing subject matter expertise in the development and delivery of technical training courses on next-generation cyber security solutions, secure networking solutions, and various security products to support boards' cyber resilience efforts
  
• Troubleshooting, providing analysis, and recommending solutions on complex cyber security and network security issues
  
• Performing vulnerability scanning and penetration testing including activities such as preparing test plans, completing the testing analysis, and risk assessments to ensure sound network and security architecture
  
• Staying abreast of the ever-evolving cyber threat landscape to provide subject matter expertise, guidance and advice on tactical and operational cyber security and network security practices
  
• Providing subject matter expertise, analysis, configuration, troubleshooting, and implementation guidance with security operations centre (SOC) technologies, including:
  
• Security Information and Event Management (SIEM)
  
• Security Orchestration, Automation and Response (SOAR)
  
• Threat Intelligence
  
• SASE
  
• SolarWinds NetFlow Traffic Analyzer
  
• Network Performance Monitor (NPM) and Network Configuration Management (NCM) Tools
  
• Providing subject matter expertise, analysis, configuration, troubleshooting, training, and implementation guidance with identity security and authentication solutions and technologies for:
  
• Password-based and passwordless authentication
  
• MFA
  
• Certificate-based authentication
  
• Creating/updating detailed system documentation and technical specifications various solutions and architecture, including cyber security, network security and network protection solutions, and SOC solutions
  
• Assessing new and emerging cyber security solutions and technology trends and industry analysis, including, but not limited to wireless network security practices including authentication and edge security
  
• Presenting to various stakeholders, as needed
  
• Provide status and project status reports on other deliverables assigned.
  
• Deliver on other duties as assigned.
  

This work involves working in close partnership with various government departments, the K-12 education sector, telecommunications providers and network and cyber security technology vendors to develop tailored approaches and implementation plans.

The manager may assign school board-related work for other initiatives, as required.

Experience and Skill Set Requirements:

Must haves:

Cyber Security and Network Security

• 4+ years hands-on experience with cyber security, network security and network protection solutions and technologies – preferably for Ontario K-12 school boards, including:
  
• Next-generation cyber security technologies leveraging artificial intelligence (AI) and machine learning (ML)
  
• Security Information and Event Management (SIEM) including Microsoft Sentinel, Splunk, AlienVault and FortiSiem
  
• Endpoint protection (EPP), Endpoint detection and response (EDR), Extended Detection and Response (XDR) and other endpoint security solutions
  
• Identity Management (IdM) and identity security
  
• Incident Management (IM)
  
• 4+ years' hands-on experience with authentication solutions and technologies – preferably for Ontario K-12 school boards, including:
  
• 2+ years demonstrated hands-on experience providing security operations center (SOC) troubleshooting, support, industry research, products reviews and automation including SOC technologies, services, and equipment, but not limited to:
  

Network Technology

• 2+ years' hands-on experience with software-defined networking (SDN, SD-WAN), in particular, Fortinet, Meraki, Palo Alto, and Aruba – preferably for Ontario K-12 school boards
  
• 2+ years' hands-on experience in data monitoring and management systems, in particular, SolarWinds, FortiManager, and Panorama – preferably for Ontario K-12 school boards
  

Coordination Skills and Experience

Strong communication skills as demonstrated through:

• 3+ years' experience in preparing written materials (e.g., status reports, recommendations, briefing notes)
  
• 3+ years' coordinating complex technical work with multiple IT teams, internal and external to the Ministry
  

Industry Certifications / Relevant Degrees

• Cyber security certification (e.g. CEH, CISSP or CISM)
  

Nice-to-have:

Public Sector Experience:

· 4+ years' hands-on experience working with Ontario K-12 school boards, in particular with school board networks and network security

Skill Set Requirements:

Cyber Security and Network Security:

• 5+ years' experience in network security on advanced SD networks – preferably for Ontario K-12 school boards
  
• 4+ years hands-on experience with cyber security, network security and network protection solutions and technologies – preferably for Ontario K-12 school boards, including:
  
• Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (ML)
  
• Next-generation firewalls (specifically Fortinet, Meraki, Palo Alto),
  
• Network access control (e.g., HPE Aruba ClearPass, FortiNAC),
  
• Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) including Microsoft Sentinel, Splunk, Google Chronicle, and FortiSIEM
  
• Endpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), Extended Detection and Response (XDR)
  
• Cloud-based cyber security solutions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero-Trust Network access as available SASE (such as Zscaler, Netskope, Cisco Umbrella, etc.),
  
• Distributed denial of service (DDoS) protection,
  
• Advanced intrusion prevention systems (IPS), and intrusion detection systems (IDS)
  
• Identity Management (IdM), Privileged Access Management and other identity security solutions
  
• Automated patching solutions
  
• Incident Response (IR) and Incident Management (IM)
  
• Operation Technology (OT) security
  
• 4+ years' hands-on experience with authentication solutions and technologies – preferably for Ontario K-12 school boards, including:
  
• Password-based and passwordless authentication
  
• Multi-factor authentication (MFA)
  
• Certificate-based authentication
  
• Biometric authentication (e.g., Fast Identity online (FIDO) Universal 2nd Factor (U2F), FIDO2, Google Authenticator, Security Assertion Markup Language (SAML))
  
• 2+ years demonstrated hands-on experience providing security operations center (SOC) troubleshooting, support, industry research, products reviews and automation including SOC technologies, services, and equipment, but not limited to:
  
• SIEM
  
• SOAR
  
• SASE
  
• Demonstrated hands-on experience with cyber security industry frameworks such as NIST Cyber Protection Framework and 800 series, CIS Controls v8, COBIT and ISO 27001
  
• Knowledge of the new draft NIST Cyber Security Framework v2.0
  
• Demonstrated experience assessing and evaluating new and emerging network technologies with pilots and proof-of-concepts
  
• Excellent knowledge and exposure to IoT cyber security issues and data capturing mechanism
  

Network Technology:

• 3+ years' hands-on experience with network infrastructure solutions and technologies including LAN/WAN, VPN, VLAN, and hardware (servers, switches, routers, firewalls)
  
• 2+ years' hands-on experience with Ontario K-12 school boards' networks (WAN, LAN, Wi-Fi, internet service delivery)
  
• 2+ years' hands-on experience with software-defined networking (SDN, SD-WAN), in particular, Fortinet, Meraki, Palo Alto, and Aruba – preferably for Ontario K-12 school boards
  
• 2+ years' hands-on experience in data monitoring and management systems, in particular, SolarWinds, FortiManager, and Panorama – preferably for Ontario K-12 school boards
  
• 2+ years' hands-on experience with network data traffic awareness, monitoring and analysis tools and technologies, including SolarWinds, PRTG (Paessler Router Traffic Grapher), and Wireshark Network Analyzer – preferably for Ontario K-12 school boards
  
• 2+ years' hands-on experience with data logging mechanisms and technologies including Syslog, IPFix and NetFlow – preferably for Ontario K-12 school boards
  
• 2+ years' hands-on experience configuring, troubleshooting, and administering network protocols such as MPLS, VPLS, and VLAN Trunking Protocol (VTP)
  
• Hands-on experience performing network load testing, testing analysis, and risk assessments to ensure sound network architecture – preferably for Ontario K-12 school boards
  
• Providing subject matter expertise for the design, development and delivery of technical training courses and demonstrations on SDN, NTDM, NG-SEC architecture and products to support Ontario K-12 school boards' broadband modernization implementations
  
• Demonstrated experience assessing and evaluating new and emerging network technologies with pilots and proof-of-concepts
  

Coordination Skills and Experience:

Strong communication skills as demonstrated through:

• 3+ years' experience in effectively presenting to management teams and external stakeholders
  
• 3+ years' experience in preparing written materials (e.g., status reports, recommendations, briefing notes)
  
• 3+ years' coordinating complex technical work with multiple IT teams, internal and external to the Ministry
  

Industry Certifications / Relevant Degrees:

• Relevant vendor certifications or equivalent work experience
  
• Postgraduate degree (e.g., M.Sc. and/or Ph.D.) in computer science or engineering preferred
  
• Cyber security certification (e.g., CEH, CISSP or CISM)
  

Public Sector Experience:

• Knowledge of Government of Ontario standards (e.g., GO-ITS) and relevant policies and legislation
  
• 4+ years' hands-on experience working with Ontario K-12 school boards, in particular with school board networks and network security
  
• Hands-on experience providing support, troubleshooting, and delivery of technical training courses to Ontario K-12 school boards