Application Architect

Software-defined networking (SDN) and SD-WAN (Software-defined Wide Area Network)

Secure Access Service Edge (SASE)

MITRE Telecommunication&CK framework

Zero-trust architecture (ZTA)

Cloud security architecture

Various vendor specific architectures and frameworks (e.g., Azure Security Architecture, Google infrastructure security, AWS cloud security architecture)

NIST Cyber Security Framework v2

CIS Controls v8

Security Operation (SecOps) practices

Providing subject matter expertise, solution and architecture advice, consultancy, training and implementation guidance with cyber security, network security and network protection solutions, including:

Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (Client)

Endpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), and Extended Detection and Response (XDR)

Cloud-based cyber security solutions, Secure Service Edge (SSE) / SASE, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero-Trust Network

Identity security solutions – such as Multi-Factor Authentication (MFA), Passkey, Identity Management (IdM), and Privileged Access Management (PAM)

Advanced intrusion prevention systems (IPS) and intrusion detection systems (IDS)

Network access control

Incident Response and Incident Management (IR and IM) systems

Automated vulnerability and patching

Penetration testing and automated Red Teaming

User and Entity Behaviour Analytics (UEBA)

Distributed denial of service (DDoS) protection

Operation Technology (OT) security

Providing subject matter expertise, advice, consultancy, training, and implementation guidance on logging, securing and analysing data, vulnerability scanning and penetration testing, and risk assessments to ensure sound network security architecture

Providing subject matter expertise, advice and consultancy on complex cyber security and network security issues

Providing subject matter expertise, advice, consultancy, training and implementation guidance with network operations centre (NOC) and security operations centre (SOC) technologies, services, and equipment including, but not limited to:

Security Information and Event Management (SIEM)

Security Orchestration, Automation and Response (SOAR)

Threat Intelligence

(SASE

SolarWinds NetFlow Traffic Analyzer

Network Performance Monitor (NPM) and Network Configuration Management (NCM) Tools

Providing subject matter expertise, advice, consultancy, training and implementation guidance with identity security and authentication solutions and technologies for:

Password-based and passwordless authentication

MFA

Certificate-based authentication

Biometric authentication

Staying abreast of the ever-evolving cyber threat landscape to provide subject matter expertise, guidance and advice on tactical and operational cyber security and network security practices

Developing strategic technology roadmaps based on new and emerging cyber security and network security architecture solutions, technology trends and industry analysis.

Developing strategic technology roadmaps based on new and emerging network architecture solutions and technology trends and industry analysis, including, but not limited to:

Network function virtualization (NFV), Open Network Automation Platform (ONAP), etc.

Wi-Fi and cellular broadband adoption

Wi-Fi 6 (802.11ax), 802.11ay, Wi-Fi 7 (802.11be)

WISP tools, technologies and implementation in Ontario

5G (5th generation) mobile data service, spectrum sharing, splicing, etc.

Wireless network security practices including authentication and edge security

Providing subject matter expertise, advice, consultancy, training and implementation guidance of network technology solutions, services and equipment including, but not limited to, software-defined networking (SDN) technology:

SD-WAN (e.g. Fortinet, Cisco Meraki, Palo Alto, etc.)

Emerging SD-Edge such as VMware VeloCloud, Silver Peak, etc.

Cyber Security and Network Security

10+ years’ experience in advanced SD networks and network security – preferably for Ontario K-12 school boards

10+ years’ knowledge and experience with cyber security, network security and network protection architectures, frameworks, and solutions, including:

Software-defined networking (SDN) and SD-WAN (Software-defined Wide Area Network)

Secure Access Service Edge (SASE)

MITRE Telecommunication&CK framework

Zero-trust architecture (ZTA)

Cloud security architecture

Various vendor specific architecture and frameworks (e.g., Azure Security Architecture, Google infrastructure security, AWS cloud security architecture)

10+ years hands-on experience providing subject matter expertise and leading implementation of network security and network protection solutions and technologies implementation– preferably for Ontario K-12 school boards, including:

Next-generation cyber security technologies leveraging automation, artificial intelligence (AI) and machine learning (Client)

Next-generation firewalls (specifically Fortinet, Meraki, Palo Alto),

Network access control (e.g., HPE Aruba ClearPass, FortiNAC),

Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) including Microsoft Sentinel, Splunk, Google Chronicle, and FortiSIEM

Endpoint security solutions - Endpoint protection (EPP), Endpoint detection and response (EDR), Extended Detection and Response (XDR)

Cloud-based cyber security solutions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) ,firewalls, and Zero-Trust Network access as available SASE (such as Zscaler, Netskope, Cisco Umbrella, etc.),

Distributed denial of service (DDoS) protection,

Advanced intrusion prevention systems (IPS), and intrusion detection systems (IDS)

Identity Management (IdM), Privileged Access Management and other identity security solutions

Automated patching solutions

Incident Response (IR) and Incident Management (IM)

Operation Technology (OT) security

10 + years hands-on experience providing subject matter expertise and leading implementation of authentication solutions and technologies - preferably for Ontario K-12 school boards, including:

Password-based and passwordless authentication

Multi-factor authentication (MFA)

Certificate-based authentication

Biometric authentication (e.g., Fast Identity online (FIDO) Universal 2nd Factor (U2F), FIDO2, Google Authenticator, Security Assertion Markup Language (SAML))

2+ years demonstrated hands-on experience providing security operations center (SOC) design, architecture and plans including SOC technologies, services, and equipment, but not limited to:

SIEM

SOAR

SASE

Demonstrated hands-on experience with cyber security industry frameworks such as NIST Cyber Protection Framework and 800 series, CIS Controls v8, COBIT and ISO 27001

Knowledge of the new draft NIST Cyber Security Framework v2.0

Excellent knowledge of the new and emerging cyber security and network security technology trends

Excellent knowledge and exposure to IoT security issues and data capturing mechanisms

Network Technology

10+ years hands-on experience with network infrastructure solutions and technologies including LAN/WAN, VPN, VXLAN, wLAN, fog computing, network function virtualization (NFV), server virtualization, cloud platforms, and hardware (servers, switches, routers, firewalls)

5+ years’ hands-on experience with software-defined networking (SDN, SD-WAN, SD-Edge)

5+ years’ hands-on experience with Ontario K-12 school boards’ networks (WAN, LAN, Wi-Fi, internet service delivery)

5+ years’ hands-on experience in data and performance monitoring and management systems, in particular, SolarWinds, FortiManager, Meraki, Panorama, Wireshark – preferably for Ontario K-12 school boards

5+ years’ hands-on experience with network data traffic awareness, monitoring and analysis tools and technologies, and enterprise tools, including SolarWinds, PRTG (Paessler Router Traffic Grapher) and Wireshark Network Analyzer – preferably for Ontario K-12 school boards

5+ years’ hands-on experience with data logging mechanisms and technologies including Syslog, IPFix, CSV, CEF and NetFlow – preferably for Ontario K-12 school boards

Demonstrated hands-on experience with developing customized WAN and network architectures for SDN networks to address unique and specific needs

Excellent knowledge of the new and emerging network technology trends

Demonstrated experience assessing and evaluating new and emerging network technologies with pilots and proof-of concepts

Experience with telecommunication technologies such as:

Data transport technologies including fibre optic cable, coaxial cable, wireless, radio and microwave

Next-generation data transport such as LTE Advanced, DOCSIS C3.1, and 5G

Transmission protocols including Multiprotocol Label Switching (MPLS), Virtual Private LAN Service (VPLS), TCP/IP (Transmission Control Protocol/Internet Protocol) and tunneling

Coordination Skills and Experience

Strong communication skills as demonstrated through:

5+ years’ experience in effectively presenting to management teams and external stakeholders

5+ years’ experience in preparing written materials (e.g., status reports, recommendations, briefing notes)

5+ years’ coordinating complex technical work with multiple IT teams, internal and external to the Ministry

Industry Certifications / Relevant Degrees

Relevant network certifications or equivalent work experience

Relevant security certification required (e.g., CISSP or CISM).

Computer Science, engineering or other relevant degree is required.

Postgraduate degree (e.g., M.Sc. and/or Ph.D.) in computer science or engineering is preferred