Technical Architect (Network & Cybersecurity) - State of New York

Description

The Technical Architect (Network & Cybersecurity) provides enterprise-level technical architecture support to Suffolk County’s Department of Information Technology (DoIT).

This role focuses on designing, assessing, and documenting the County’s enterprise network and security architecture, identifying vulnerabilities, and ensuring alignment with modern cybersecurity frameworks. The Technical Architect will work alongside infrastructure teams to review firewall configurations, optimize data flow security, and enhance defense-in-depth across on-premises and cloud systems.

Key Responsibilities

• Serve as the lead enterprise technical architect supporting Suffolk County’s cybersecurity modernization and network architecture initiatives. 
• Evaluate, design, and document the County’s network topology, firewall rulesets, and security zones, ensuring adherence to best practices. 
• Conduct gap analyses on existing infrastructure and identify opportunities for enhanced segmentation, redundancy, and resiliency. 
• Review and validate firewall policies, interface configurations, and VPN architectures for compliance with County and industry standards. 
• Develop and maintain network and data flow diagrams, system architecture documentation, and configuration baselines. 
• Collaborate with the Security SME to align technical controls with NIST 800-53 and other cybersecurity frameworks. 
• Support cloud and hybrid infrastructure security, including Microsoft Azure, AWS, and other hosted platforms. 
• Provide technical expertise during incident response investigations, assisting with root cause analysis and remediation planning. 
• Recommend hardware, software, and process improvements to strengthen the County’s security posture. 
• Prepare detailed architecture reports and deliverables for DoIT management and County leadership. 

Requirements

• Bachelor’s Degree in Computer Science, Network Engineering, or Information Systems (Master’s preferred). 
• 8+ years of experience designing, implementing, or managing enterprise IT architectures, including network and cybersecurity solutions. 
• Proven expertise in firewall management (Cisco, Palo Alto, Fortinet, Check Point) and network segmentation design. 
• Strong understanding of security architecture principles, encryption, access control, and authentication systems. 
• Experience developing architecture documentation, diagrams, and data flow charts using tools like Visio, Lucidchart, or Draw.io. 
• Familiarity with NIST, CIS, ISO, and DoD STIGs standards for secure configuration management. 
• Strong written and verbal communication skills — able to produce executive-level documentation and technical reports. 

Preferred Certifications

• CCNP Security, CCIE, or equivalent advanced network credential 
• CISSP, CASP+, or CompTIA Advanced Security Practitioner 
• Azure or AWS Certified Solutions Architect 
• TOGAF or SABSA Architecture Certification