Cybersecurity Architect
This role is the technical design authority on the contract. The Cybersecurity Architect owns the architectural direction for Zero Trust implementation across the hybrid environment, leads the development of Continuous Authorization to Operate (cATO) capabilities to accelerate and automate the current ATO process, and provides hands-on engineering leadership supporting network security, cloud security, and compliance.
The right candidate brings deep cybersecurity architecture experience, hands-on engineering capability, and the credibility to operate across both technical working groups and executivelevel discussions with government leadership and authorizing officials.
Du es and Responsibilities
- Develop and maintain Enterprise Security Architecture (ESA), cybersecurity roadmap in alignment with EO 14028 implementa on priori es: Zero Trust, Supply Chain Risk Management (SCRM), cri cal so ware security, and secure cloud adop on.
- Design and lead implementa on of Zero Trust Architecture (ZTA) across the hybrid environment spanning on-premises infrastructure and cloud services, aligned with NIST SP 800-207 and the Federal Zero Trust Strategy (OMB M-22-09)
- Research and evaluate emerging security capabili es - including AI/ML-assisted detec on and automa on for applicability to the agency requirements and poten al Zermount service development.
- Lead architecture and implementa on of cATO capability replacing periodic assessment snapshots with automated, real- me security control monitoring and evidence collec on.
- Plans & conducts Proof of Concept (PoC) deployments within the client enterprise and/or in external vendor environments.
- Understands & evaluates business, technical & functional requirements, translating mission goals & operational directives into actionable recommendations.
- Understand requirements, use cases, implementation challenges, client road maps & operational pain points.
- Designs solutions for existing & ongoing implementations & supports implementation efforts. This includes tool evaluation, adoption, implementation & phase-out; system integration development and implementation; and feature/content development.
- Assist in developing schedules, work breakdown structures (WBS's) & project schedules with the Technical Project Manager.
- Collaborates with internal & external teams & ensures client & NIST compliance.
- Serves as a technical leadership role and provides services as a cross functional team member supporting other Task Areas as required.
QUALIFICATIONS:
- High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
- Equally adept at strategic planning and operational/technical level.
- Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
- At least 10 years of hands-on technical IT and cybersecurity experience. To include experience with:
- LAN/WAN, WAF/CDN/DDoS, Network Firewalls, IDS/IPS, inline decryption. o Experience with NIST RMF, FedRAMP, FISMA, and NIST SP 800-53 control implementation. o Experience with SIEM platforms (Splunk preferred) - log architecture, ingestion design, detection tuning.
- Virtualization, hypervisor, and container security. o Application development, serverless security, microservices, CI/CD.
- Designing and/or implementing security in Cloud (AWS required, Azure or GCP optional): Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model. AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
EDUCATION:
- A minimum of a Bachelor of Science in one of the following: Computer Science, Engineering, Information Technology, Cybersecurity or similar field. Years of experience will be taken into consideration, in place of a degree.
CERTIFICATIONS:
- One or more industry-recognized cybersecurity certifications aligned with DoD 8570/8140 IAM Level III or IAT Level III baseline requirements.
Ideal candidate would also have:
- Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect Associate, AWS Certified Security-Specialty.
CLEARANCE:
- Must be able to obtain and maintain a Public Trust background investigation.
LOCATION:
- This is a primarily remote position. Candidates must be able to travel occasionally to Zermount headquarters and customer sites based on program needs, meetings, workshops, and deployment activities.
HOURS OF OPERATION:
- Business Hours: 7:00 am EST - 7:00 pm EST | Core Hours: 8:00 am - 4:00pm EST
