ZERMOUNT POSITION DESCRIPTIONPROGRAM MANAGER - CYBERSECURITY Architecture & EngineeringMILITARY FRIENDLY & PREFERRED - HOH SPONSORSummary: Zermount is seeking a highly capable Program Manager to lead a federal cybersecurity architecture and engineering program supporting enterprise security modernization, Continuous Authorization to Operate (cATO), cloud and hybrid security engineering, DevSecOps enablement, and Emerging Technology and AI Security Engineering and Testing.
This is a leadership role for a Program Manager who can drive delivery across complex cybersecurity workstreams, coordinate technical teams, manage customer expectations, and ensure high-quality contract execution. The Program Manager will serve as a key interface between Government stakeholders, company leadership, cybersecurity engineers, architects, analysts, Agile teams, and mission partners.
The successful candidate does not need to be the hands-on engineer for every technology area, but must be able to understand cybersecurity delivery, manage technical execution, identify risks and dependencies, communicate clearly with senior stakeholders, and ensure deliverables are accurate, timely, and aligned with federal requirements.
This role is ideal for a strong cybersecurity or federal IT/Cybersecurity Program Manager who understands RMF, ATO/cATO, cloud security, DevSecOps, security architecture, and emerging technology risk management, and who can lead teams in a fast-moving customer environment.
Key Responsibilities- Lead day-to-day execution of a federal cybersecurity architecture and engineering program, ensuring work is delivered on schedule, within scope, and in alignment with contract requirements.
- Serve as the primary program interface with Government stakeholders, company leadership, technical teams, subcontractors, and mission partners.
- Manage program scope, staffing, schedule, risks, issues, dependencies, action items, deliverables, and performance reporting.
- Develop and maintain key program management artifacts, including the Integrated Master Schedule (IMS), sprint plans, deliverable tracker, risk register, issue log, action item register, staffing tracker, and status reports.
- Lead cross-functional teams supporting cybersecurity architecture, cloud security, RMF modernization, cATO, DevSecOps, vulnerability management, continuous monitoring, and emerging technology/AI security assessment activities.
- Coordinate the development of cybersecurity architecture recommendations, secure design patterns, implementation roadmaps, SOPs, playbooks, dashboards, briefings, and customer-ready deliverables.
- Support cATO implementation activities, including automated control assessment, control-to-evidence mapping, evidence collection, continuous monitoring, OSCAL-aligned documentation, metrics, dashboards, and authorization-support artifacts.
- Oversee Emerging Technology and AI Security Engineering and Testing activities, including intake, triage, risk-tiering, evidence expectations, decision gates, testing coordination, and risk reporting.
- Ensure emerging technology and AI assessments consider security, privacy, data protection, access control, supply chain risk, logging, monitoring, misuse risk, integration risk, and operational impact.
- Facilitate Agile delivery activities, including backlog refinement, sprint planning, capacity planning, sprint reviews, retrospectives, and recurring team coordination.
- Ensure all work is accurately tracked in the Government-designated project management or Agile tracking tool.
- Prepare and deliver program status updates, executive briefings, meeting minutes, technical summaries, risk reports, and deliverables for Government review.
- Identify risks, blockers, staffing gaps, resource constraints, quality concerns, and schedule impacts early, and recommend practical corrective actions.
- Review deliverables for quality, accuracy, completeness, professionalism, and alignment with customer requirements before submission.
- Support staffing, onboarding, knowledge transfer, team performance, and resource planning.
- Promote a delivery culture focused on accountability, technical quality, customer service, compliance, and mission outcomes.
- The Program Manager may support all tasks areas, other programs and projects as required by the Executive Team, or perform other / similar duties as assigned.
Required Qualifications- 8+ years of relevant experience supporting IT, cybersecurity, cloud, engineering, or federal technology programs.
- 5+ years of experience managing technical projects, cybersecurity projects, or federal IT/cybersecurity delivery teams.
- Experience managing complex cybersecurity, cloud, enterprise IT, or security engineering programs in a federal contracting environment.
- Experience managing program schedules, staffing, risks, issues, deliverables, status reporting, quality reviews, and client communications.
- Working knowledge of RMF, ATO, cATO, FISMA, NIST guidance, security assessments, and federal cybersecurity requirements.
- Experience coordinating technical teams across cybersecurity architecture, cloud security, infrastructure, application security, identity, DevSecOps, vulnerability management, GRC, or enterprise architecture workstreams.
- Experience leading work in Agile environments, including Scrum or Kanban, backlog refinement, sprint planning, team coordination, and retrospectives.
- Strong ability to communicate with senior Government stakeholders, technical teams, executives, and non-technical audiences.
- Strong writing skills with the ability to produce clear status reports, meeting minutes, briefings, plans, procedures, and decision-support materials.
- Strong organizational, analytical, problem-solving, and leadership skills.
- Ability to manage multiple priorities, shifting deadlines, complex dependencies, and customer-facing issues.
- Ability to operate with sound judgment, personal accountability, professionalism, and limited supervision.
Technical KnowledgeStrong candidates should have familiarity with several of the following areas:
- Cybersecurity architecture and security engineering
- RMF, ATO, cATO, FISMA, NIST SP 800-37, NIST SP 800-53, and NIST SP 800-53A
- Cloud security architecture, shared responsibility models, and hybrid/multi-cloud environments
- AWS security services such as Security Hub, Config, GuardDuty, CloudTrail, CloudWatch, IAM, KMS, Lambda, or similar services
- Azure security services such as Entra ID, Key Vault, Azure Policy, Defender for Cloud, Monitor, Log Analytics, or similar services
- DevSecOps, CI/CD security, automated security scanning, evidence automation, SBOM, SAST, DAST, SCA, IaC scanning, and container security
- Vulnerability management, configuration management, continuous monitoring, security telemetry, and SIEM/SOC integration
- Identity, Credential, and Access Management, including Okta, Microsoft Entra ID, or similar identity platforms
- CMDB, asset inventory, GRC workflows, inherited controls, common controls, and evidence repositories
- Zero Trust, SCRM, ICAM, SASE, CASB, SWG, TIC 3.0, and enterprise security operations concepts
- Emerging technology and AI security risk evaluation, including intake, triage, testing, evidence collection, and decision-support processes
Preferred Qualifications- Experience supporting federal civilian, defense, intelligence, or highly regulated cybersecurity programs.
- Experience managing cybersecurity architecture, cATO, RMF automation, GRC integration, cloud security modernization, or DevSecOps programs.
- Experience supporting automated control assessment, control-to-evidence mapping, continuous monitoring dashboards, common controls, inherited controls, or OSCAL-aligned documentation.
- Experience supporting AI, machine learning, generative AI, automation, or emerging technology security assessments.
- Experience helping develop or manage intake forms, triage rubrics, risk-tiering models, testing playbooks, decision gates, or evidence requirements.
- Experience with tools such as Microsoft Project, Rally, Microsoft 365, Confluence, ServiceNow, Archer, JCAM, RegScale, AWS Audit Manager, Tenable, Splunk, QRadar, Axonius, Prisma Cloud, Okta, Microsoft Defender, or similar platforms.
Education - Bachelor's degree or higher in computer science, Information Technology, Information Security, Management, Business Administration, or similar fields.
Certifications- PMP - required
- Agile/Scrum Master - required
- ITIL - preferred
- At least one of the following is required: CISSP; CISM; CISA; AWS, Azure, or GCP Solution Architect; or similar certification approved by Management
ClearanceWork Location and Core Hours- Primary Location Primary locations are Arlington and Alexandria, VA. Remote work is authorized. Occasional travel to the primary locations will be required.
- Hours: 6:00 am ET - 6:00 pm ET.
