SECURITY ARCHITECTURE & ENGINEERING SME

Zermount, Inc

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Engineering, Computer Science, IT, Cybersecurity, or related field.
  • 5-10 years of experience in network, systems, and applications security.
  • 5 years of cloud security design/implementation experience (AWS, Azure, GCP preferred).
  • Experience with DevSecOps strategy and architecture in accordance with security frameworks (RMF, CSF, FISMA, FedRAMP).
  • Knowledge of Zero Trust Architecture (ZTA), SASE Framework, ICAM, and vulnerability management.

Responsibilities

  • Develop and evolve Enterprise Security Reference Architecture (ESRA).
  • Provide architectural input for organization’s Cybersecurity Roadmap and Strategy.
  • Architect and implement continuous monitoring pipelines for automated evidence collection.
  • Support ATO intake and vulnerability scanning processes.
  • Conduct RMF-aligned security reviews for compliance and best practices.
  • Design and deploy native cloud security services across major cloud platforms.
  • Collaborate with teams to improve cloud security monitoring and alert tuning.

Benefits

  • Hybrid work environment with authorized remote work.
  • Opportunities for professional growth and development.
  • Access to innovative projects with federal entities.
  • Collaboration with thought leaders and experts in the field.
Full Job Description
Cybersecurity Architecture & Engineering Technical SME
SUMMARY

The SME will support a federal client's enterprise cybersecurity and Continuous Authorization to Operate (cATO) initiative(s). The SME provides technical expertise, architectural recommendations, and engineering oversight across hybrid environments (on-prem, cloud, and Cloud). The role focuses on designing secure enterprise architectures, engineering automated control assessments and evidence pipelines, and operationalizing zero trust and cATO capabilities.

You will coordinate with a dynamic team of thought leaders and experts to determine the right tools and methods to translate your client's IT needs and future goals into a plan that delivers secure and efficient solutions. You will assist the client through a critical approach to innovative solutions design, suggesting alternatives and tweaking capabilities to maintain a balance between security and mission needs. The candidate must have experience in delivering measurable improvements in security posture, automation, and compliance maturity.

DUTIES AND RESPONSIBILITIES
  • Develop, maintain, and evolve the Enterprise Security Reference Architecture (ESRA).
  • Provide architectural input to the organization's Cybersecurity Roadmap and Strategy, addressing:
    • Continuous ATO (cATO) and automated control testing maturity. o Cloud security standards, compliance, and improvements to ATO timelines.
    • Cloud monitoring, detection, response, and security operations. o Privacy, continuous monitoring, and vulnerability assessment modernization. o Integration of security scanning into cloud pipelines.
    • Implementation of EO 14028 (ZTA) and SCRM requirements.
  • Architect and implement continuous monitoring pipelines for automated evidence collection (SIEM, XDR, scanners, cloud APIs, CI/CD).
  • Develop and manage OSCAL profiles, inheritance models, and evidence data contracts.
  • Integrate telemetry and evidence into AO-grade dashboards.
  • Support ATO intake, assessment workflows, and vulnerability scanning processes.
  • Conduct RMF-aligned security reviews for compliance and best practices.
  • Develop security architectural patterns that expedite ATO by pre-meeting control requirements.
  • Collaborate with the Cybersecurity Authorizations & Compliance Branch to design systems supporting cATO, reduce ATO processing times, provide data-call responses, and participate in working groups.
  • Design and deploy native cloud security services across AWS, Azure, and Google Cloud.
  • Lead the development of enterprise cloud security blueprints, including security in Infrastructure-as-Code (IaC) templates.
  • Conduct proofs-of-value for cloud-native, COTS, third-party, or open-source security tools.
  • Provide security architecture input for DevSecOps strategy, including vulnerability scanning, automated assessments, and implementation of security controls.
  • Conduct requirements-gathering sessions and cATO current-state assessments.
  • Recommend security requirements, architectural direction, and support testing for enterprise initiatives such as: cATO, automated assessments, ZTA, SASE, CASB, SWG, TIC 3.0, ICAM, CMDB, etc.
  • Collaborate with operational teams to improve cloud security monitoring, including ingestion and analysis of API, application, database, and flow logs into SIEM platforms.
  • Support development of cloud event analysis and alert tuning to increase detection fidelity.
  • Identify vulnerabilities across the SDLC and help contain, minimize, and remediate associated risks.
  • Provide system engineering and architectural design support, including: o Studies and analyses of operational changes; End-to-end architecture trade-off assessments o Development of strategic and tactical plans; Evaluation of new program requirements o Research and assessment of new technologies for operational enhancement
  • Conduct architectural risk assessments, threat modeling, and secure design reviews.
  • Support backlog refinement, sprint planning, capacity planning, and retrospectives.
  • Ensure teams deliver high-value increments meeting the Definition of Done.
  • Facilitate stakeholder collaboration as needed.
  • REQUIREMENTS
    • High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
    • Adept at both the strategic and operational/technical level.
    • Able to adapt to new and changing requirements / priorities and manage work accordingly.
    • At least 5 years (preferred 10 years) of network, systems, applications experience, in areas such as:
      • LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS, Virtualization, hypervisor security, container security, Application development, serverless security, microservices, CICD.
    • At least 5 years of designing and/or implementing security in Cloud environments (AWS and Azure; GCP is also preferred but not required). Operational experience with the following is preferred.
      • Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model. o AWS Security Hub, Audit Manager, Config., Guard Duty, CloudTrail, CloudWatch, Lambda.
      • Azure E3/E5, AD, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
    • Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
    • Knowledge of ZTA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
    EDUCATION
    Candidate must have a Bachelor of Science (or higher) in one of the following:
    • Engineering, Computer Science, Information Technology (IT), Cybersecurity, or a similar technical field. The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or IT.
    CERTIFICATIONS
    The candidate must have a: Certified Information Systems Security Professional (CISSP), and At least one of the following, or equivalent:
    • Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect Associate, AWS Certified Security Specialist, Microsoft Azure Solutions Architect,Google Professional Cloud Architect.

    CLEARANCE
    • Minimum Background Investigation
    LOCATION
    • Hybrid - Primary location is Alexandria, VA. Remote work is authorized. o Occasional travel to the primary location may be required.

Similar Jobs

More Jobs at Zermount, Inc

More Information Technology Jobs

Find similar SECURITY ARCHITECTURE & ENGINEERING SME jobs: