Full Job Description
We are seeking a Senior Zero Trust Architect to design, implement, and operate our Secure Service Edge (SSE) and Zero Trust security architecture. This role sits at the intersection of networking, identity, and cloud security, and is responsible for building secure, scalable access models across hybrid and cloud-first environments. The ideal candidate brings deep hands-on expertise across SSE platforms, Microsoft 365/Azure security, identity and access management, and network traffic engineering, with the judgment to troubleshoot complex issues and the communication skills to align technical and business stakeholders.
- Ability to communicate complex concepts to engineers, leadership, and non-technical stakeholders
- Experience working in Agile or DevOps environments
- Strong collaboration across security, networking, cloud, and endpoint teams
- Ability to lead or contribute to architecture decision-making
- Ability to design secure hybrid and cloud-first architectures
- Experience evaluating SSE vendors based on performance, security, integration, and cost
- Strong documentation skills:
- Architecture diagrams
- Runbooks
- SOPs
- Experience supporting PoCs and pilot deployments
ABC
Required Skills and Education
We are looking for Systems Engineer with a minimum of 11 years' relevant experience and a Bachelors' Degree. Candidate must have experience in the following:
Experience in the following are required:
- Experience in regulated environments (FedRAMP, DoD, GCC/GCCH/DoD tenants)
- Certifications:
- Microsoft (AZ-500, SC-300, SC-200)
- Zscaler (ZCCA, ZCSP)
- Cloudflare Zero Trust
- CISSP, CCSP, CCNP Security
- Exposure to:
- Endpoint posture enforcement (Intune, Defender for Endpoint)
- Browser isolation technologies
- API security and SaaS governance
This position will be posted for at least 5 calendar days. The posting will remain active until the position is filled, or a qualified pool of candidates is identified.
Preferred Skills and Education
Desired Skills Include:
- Microsoft Entra ID (Azure AD), including Conditional Access, Identity Protection, and PIM
- Microsoft Global Secure Access (GSA) or similar SSE-native integrations
- Microsoft Defender Suite (Defender for Cloud Apps, Endpoint, Identity, Office)
- Experience integrating third-party SSE platforms with M365 workloads: Exchange Online, SharePoint Online, Teams, OneDrive
- Understanding of Azure networking constructs: VNets, NSGs, Private Endpoints, Virtual WAN
- Familiarity with Azure Firewall, Application Gateway/WAF, and private access models
- TCP/IP, DNS, HTTP/S, TLS inspection, proxy architectures
- Routing (BGP), NAT, VPN (IPSec/SSL), SD-WAN integrations
- Experience with traffic steering methods: PAC files, GRE/IPSec tunnels, agent-based forwarding
- Understanding of secure internet breakout and branch connectivity models
- Ability to troubleshoot latency, packet loss, and SaaS performance issues in cloud-delivered security pipelines
- Zscaler: ZIA/ZPA design, policy implementation, app segmentation
- Microsoft Global Secure Access (Entra): Private & Internet Access, Conditional Access integration
- Cloudflare One: SWG, Zero Trust Access, WARP client, DNS filtering
- Akamai EAA: Secure application publishing, identity integration, traffic optimization