IMPORTANT NOTES:
- The client may exercise its option(s) to extend the Statement of Work (SOW) beyond October 5, 2027, provided that the Master Service Agreement is extended. Any such extension shall be on the same terms, conditions, and covenants contained as those contained in the SOW.
**This procurement will include the option to extend the end date of the contract if there are unused effort days and no change to the ceiling amount, if the need arises.
***This contract will require the consultant to work up to 2 days per week in the office and the remaining days working remotely.
****Travel Requirements – The resource must be available to travel the same day or overnight in Ontario, as required. For this role, travel to school board locations across the province will be required. Travel expenses will be reimbursed according to the Ontario Travel, Meal and Hospitality Expenses Directive.
The Senior Technology Architect role requires deep knowledge, expertise, and experience in in cyber security solutions, security operations (SecOps) solutions and practices, automation and artificial intelligence (AI) in cyber security, managed security services, and next-generation network security. The resource also requires hands-on experience in analyzing, configuring, implementing, and troubleshooting cyber security models, automation solutions and threat detection, particularly within the education sector, preferably in the Ontario K–12 school board environment.
This resource is responsible for, but not limited to:
- Leading operational cyber defense guidance, incident coordination, monitoring maturity, and integration with MSS/MDR providers, including:
- Threat monitoring, detection, and analysis across network, endpoint, identity, and cloud environments
- Incident response coordination, escalation management, and root cause analysis
- Security operations centre (SOC) coordination and operational alignment
- Establishing and enhancing cyber operational readiness (playbooks, processes, response validation)
- MSS onboarding, integration, and service adoption across boards
- Delivering solution guidance, technical training, and implementation support for next-generation network and security technologies, including:
- Security Service Edge (SSE) / Secure Access Service Edge (SASE), including integration of network and security functions such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Architecture (ZTNA), and Firewall-as-a-Service (FWaaS)
- SD-WAN (Software-Defined Wide Area Network) and SDN (Software-Defined Networking)
- Identity and access management (passwordless, password-based, certificate-based, and multi-factor authentication (MFA))
- Endpoint security (Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR))
- Advanced threat protection (Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Network Access Control (NAC), and Distributed Denial-of-Service (DDoS) protection)
- AI/ML-enabled monitoring, analytics, and automation
- Incident Response (IR) and Incident Management (IM)
- Vulnerability management and patching automation
- Penetration testing and automated red teaming
- Operational Technology (OT) security
- Providing technical guidance, solution delivery, training, and implementation support for hybrid cyber security operating models integrating internal teams and Managed Security Service Providers (MSSPs), including:
- MSS strategy, onboarding, optimization and performance management
- Alignment and integration of Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), EDR/XDR, and threat intelligence platforms
- School board MSS readiness, transition planning, and governance models
- Security operations architecture, threat detection, incident response, and automation workflows
- Governance, risk, and compliance in hybrid (in-house and outsourced) environments
- Providing subject matter expertise in Network Operations Centre (NOC) and Security Operations Centre (SOC) technologies and tools, including SIEM, SOAR, and network monitoring and management platforms
- Managing and optimizing SecOps platforms (SIEM, SOAR, EDR/XDR, CASB, IDR, vulnerability management), including:
- Telemetry ingestion, log normalization, and real-time correlation
- Development and maintenance of detection use cases
- Integration of threat intelligence into detection workflows
- Maintenance of security content (rules, dashboards, playbooks)
- Leading incident investigation and response activities, including deep-dive analysis, root cause determination, and facilitation of cyber exercises to validate readiness
- Conducting baseline reviews, vulnerability triage, and collaborating with MSSPs to track and validate remediation efforts
- Driving MSS service optimization, including operational reporting, performance metrics, and continuous improvement initiatives
- Delivering training, operational guidance, and stakeholder engagement across boards, including threat response workflows, defensive posture validation, and cross-board threat sharing
- Presenting technical findings, risk insights, and strategic recommendations to senior leadership and external stakeholders
- Providing regular status updates and reporting on assigned deliverables, milestones, and performance metrics
- Applying collaborative approach to solution definition, development, and implementation with multiple stakeholder groups with differing needs and expectations.
- Aligning with industry and legislative advancements at the federal, provincial/local level (e.g., Enhancing Digital Security and Trust Act, 2024 (EDSTA)).
- Delivering on other duties as assigned.
This work involves working in close partnership with various government departments, the K-12 education sector, telecommunications providers, and network and cyber security technology vendors to develop tailored approaches and implementation plans. To support various stakeholders, the resource must be available to perform hands-on configuration, troubleshooting and training at the client site. Therefore, the resource must be available to travel same day or overnight in Ontario, as needed.
The unit manager may assign other related board work for other unit or branch initiatives, as required.