Job DescriptionJob Description:Description: The Senior Application Architect role requires extensive knowledge of modern network connectivity, network security, cyber security and internet technologies with demonstrated hands-on experience designing and developing modern networks, network security and cyber security solutions in the Ontario K-12 school board environment. This resource is responsible for, but not limited to:Providing subject matter expertise, advice, consultancy, and training with various network and cyber security architectures and framework such as:Software-defined networking (SDN) and SD-WAN (Software-defined Wide Area Network)Secure Access Service Edge (SASE)MITRE ATT&CK frameworkZero-trust architecture (ZTA)Cloud security architectureVarious vendor specific architectures and frameworks (e.g., Azure Security Architecture, Google infrastructure security, AWS cloud security architecture)NIST Cyber Security Framework v2CIS Controls v8Security Operation (SecOps) practicesProviding subject matter expertise, solution and architecture advice, consultancy, training and implementation guidance with cyber security, network security and network protection solutions, including:Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (ML)Endpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), and Extended Detection and Response (XDR)Cloud-based cyber security solutions, Secure Service Edge (SSE) / SASE, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero-Trust NetworkIdentity security solutions – such as Multi-Factor Authentication (MFA), Passkey, Identity Management (IdM), and Privileged Access Management (PAM)Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)Network access controlIncident Response and Incident Management (IR and IM) systemsAutomated vulnerability and patchingPenetration testing and automated Red TeamingUser and Entity Behaviour Analytics (UEBA)Distributed denial of service (DDoS) protectionOperation Technology (OT) securityProviding subject matter expertise, advice, consultancy, training, and implementation guidance on logging, securing and analysing data, vulnerability scanning and penetration testing, and risk assessments to ensure sound network security architectureProviding subject matter expertise, advice and consultancy on complex cyber security and network security issuesProviding subject matter expertise, advice, consultancy, training and implementation guidance with network operations centre (NOC) and security operations centre (SOC) technologies, services, and equipment including, but not limited to:Security Information and Event Management (SIEM)Security Orchestration, Automation and Response (SOAR)Threat Intelligence(SASESolarWinds NetFlow Traffic AnalyzerNetwork Performance Monitor (NPM) and Network Configuration Management (NCM) ToolsProviding subject matter expertise, advice, consultancy, training and implementation guidance with identity security and authentication solutions and technologies for:Password-based and passwordless authenticationMFACertificate-based authenticationBiometric authenticationStaying abreast of the ever-evolving cyber threat landscape to provide subject matter expertise, guidance and advice on tactical and operational cyber security and network security practicesDeveloping strategic technology roadmaps based on new and emerging cyber security and network security architecture solutions, technology trends and industry analysis.Developing strategic technology roadmaps based on new and emerging network architecture solutions and technology trends and industry analysis, including, but not limited to:Network function virtualization (NFV), Open Network Automation Platform (ONAP), etc.Wi-Fi and cellular broadband adoptionWi-Fi 6 (802.11ax), 802.11ay, Wi-Fi 7 (802.11be)WISP tools, technologies and implementation in Ontario5G (5th generation) mobile data service, spectrum sharing, splicing, etc.Wireless network security practices including authentication and edge securityProviding subject matter expertise, advice, consultancy, training and implementation guidance of network technology solutions, services and equipment including, but not limited to, software-defined networking (SDN) technology:SD-WAN (e.g. Fortinet, Cisco Meraki, Palo Alto, etc.)Emerging SD-Edge such as VMware VeloCloud, Silver Peak, etc.Designing and building network data monitoring and management systemsCreating/updating detailed system documentation and technical specifications for various solutions and architecture, including cyber security, network security, network protection, authentication, SD-WAN, network technology, and NOC and SOC solutionsProviding detailed options analysis, including cost estimates, on cyber security, network security and network architectures.Assessing new and emerging cyber security, network and network security solutions, technology trends and industry analysis, including, but not limited to wireless network security practices such as authentication and edge securityPresenting to senior and executive management and external stakeholders, as neededProvide status and project status reports on all deliverables assigned.Deliver on other duties as assigned. This work involves working in close partnership with sector technical IT leads (e.g., school board IT leads), to develop tailored approaches and implementation plans. To support various stakeholders, the resource must be available to perform hands-on configuration, troubleshooting and training at the client site. The unit manager may assign school board-related work for other initiatives, as required. Requirements Experience and Skill Set Requirements: Must haves: Cyber Security and Network Security:10+ years' knowledge and experience with cyber security, network security and network protection architectures, frameworks, and solutions, including:Software-defined networking (SDN) and SD-WAN (Software-defined Wide Area Network)Secure Access Service Edge (SASE)MITRE ATT&CK framework10+ years hands-on experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation– preferably for Ontario K-12 school boards, including:Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (ML)Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) including Microsoft Sentinel, Splunk, Google Chronicle, and FortiSIEMEndpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), Extended Detection and Response (XDR)Identity Management (IdM), Privileged Access Management and other identity security solutionsAutomated patching solutionsIncident Response (IR) and Incident Management (IM)2+ years demonstrated hands-on experience providing security operations center (SOC) design, architecture and plans including SOC technologies, services, and equipment, but not limited to:SIEMSOARSASE Network Technology5+ years' hands-on experience with software-defined networking (SDN, SD-WAN, SD-Edge)5+ years' hands-on experience in data and performance monitoring and management systems, in particular, SolarWinds, FortiManager, Meraki, Panorama, Wireshark – preferably for Ontario K-12 school boards Coordination Skills and Experience Strong communication skills as demonstrated through: 5+ years' experience in effectively presenting to management teams and external stakeholders5+ years' coordinating complex technical work with multiple IT teams, internal and external to the Ministry Industry Certifications / Relevant DegreesRelevant security certification required (e.g., CISSP or CISM).Postgraduate degree (e.g., M.Sc. and/or Ph.D.) in computer science or engineering is preferred. Nice-to-have: Public Sector Experience:5+ years' hands-on experience working with Ontario K-12 school boards, in particular with school board networks and network security Skill Set Requirements: Cyber Security and Network Security:10+ years' experience in advanced SD networks and network security – preferably for Ontario K-12 school boards10+ years' knowledge and experience with cyber security, network security and network protection architectures, frameworks, and solutions, including:Software-defined networking (SDN) and SD-WAN (Software-defined Wide Area Network)Secure Access Service Edge (SASE)MITRE ATT&CK frameworkZero-trust architecture (ZTA)Cloud security architectureVarious vendor specific architecture and frameworks (e.g., Azure Security Architecture, Google infrastructure security, AWS cloud security architecture)10+ years hands-on experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation– preferably for Ontario K-12 school boards, including:Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (ML)Next-generation firewalls (specifically Fortinet, Meraki, Palo Alto),Network access control (e.g., HPE Aruba ClearPass, FortiNAC),Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) including Microsoft Sentinel, Splunk, Google Chronicle, and FortiSIEMEndpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), Extended Detection and Response (XDR)Cloud-based cyber security solutions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) ,firewalls, and Zero-Trust Network access as available SASE (such as Zscaler, Netskope, Cisco Umbrella, etc.),Distributed denial of service (DDoS) protection,Advanced intrusion prevention systems (IPS), and intrusion detection systems (IDS)Identity Management (IdM), Privileged Access Management and other identity security solutionsAutomated patching solutionsIncident Response (IR) and Incident Management (IM)Operation Technology (OT) security10 + years hands-on experience providing subject matter expertise and leading implementation of authentication solutions and technologies - preferably for Ontario K-12 school boards, including:Password-based and passwordless authenticationMulti-factor authentication (MFA)Certificate-based authenticationBiometric authentication (e.g., Fast Identity online (FIDO) Universal 2nd Factor (U2F), FIDO2, Google Authenticator, Security Assertion Markup Language (SAML))2+ years demonstrated hands-on experience providing security operations center (SOC) design, architecture and plans including SOC technologies, services, and equipment, but not limited to:SIEMSOARSASEDemonstrated hands-on experience with cyber security industry frameworks such as NIST Cyber Protection Framework and 800 series, CIS Controls v8, COBIT and ISO 27001Knowledge of the new draft NIST Cyber Security Framework v2.0Excellent knowledge of the new and emerging cyber security and network security technology trendsExcellent knowledge and exposure to IoT security issues and data capturing mechanisms Network Technology:10+ years hands-on experience with network infrastructure solutions and technologies including LAN/WAN, VPN, VXLAN, wLAN, fog computing, network function virtualization (NFV), server virtualization, cloud platforms, and hardware (servers, switches, routers, firewalls)5+ years' hands-on experience with software-defined networking (SDN, SD-WAN, SD-Edge)5+ years' hands-on experience with Ontario K-12 school boards' networks (WAN, LAN, Wi-Fi, internet service delivery)5+ years' hands-on experience in data and performance monitoring and management systems, in particular, SolarWinds, FortiManager, Meraki, Panorama, Wireshark – preferably for Ontario K-12 school boards5+ years' hands-on experience with network data traffic awareness, monitoring and analysis tools and technologies, and enterprise tools, including SolarWinds, PRTG (Paessler Router Traffic Grapher) and Wireshark Network Analyzer – preferably for Ontario K-12 school boards5+ years' hands-on experience with data logging mechanisms and technologies including Syslog, IPFix, CSV, CEF and NetFlow – preferably for Ontario K-12 school boardsDemonstrated hands-on experience with developing customized WAN and network architectures for SDN networks to address unique and specific needsExcellent knowledge of the new and emerging network technology trendsDemonstrated experience assessing and evaluating new and emerging network technologies with pilots and proof-of conceptsExperience with telecommunication technologies such as:Data transport technologies including fibre optic cable, coaxial cable, wireless, radio and microwaveNext-generation data transport such as LTE Advanced, DOCSIS C3.1, and 5GTransmission protocols including Multiprotocol Label Switching (MPLS), Virtual Private LAN Service (VPLS), TCP/IP (Transmission Control Protocol/Internet Protocol) and tunneling Coordination Skills and Experience: Strong communication skills as demonstrated through: 5+ years' experience in effectively presenting to management teams and external stakeholders5+ years' experience in preparing written materials (e.g., status reports, recommendations, briefing notes) 5+ years' coordinating complex technical work with multiple IT teams, internal and external to the Ministry Industry Certifications / Relevant Degrees:Relevant network certifications or equivalent work experienceRelevant security certification required (e.g., CISSP or CISM).Computer Science, engineering or other relevant degree is required.Postgraduate degree (e.g., M.Sc. and/or Ph.D.) in computer science or engineering is preferred. Public Sector Experience:Knowledge of Government of Ontario standards (e.g., GO-ITS) and relevant policies and legislation5+ years' hands-on experience working with Ontario K-12 school boards, in particular with school board networks and network securityHands-on experience providing design, development and delivery of technical training courses to Ontario K-12 school boards