ASRC Federal is seeking a highly skilled and experienced Zero Trust Architect to join our dynamic team. The successful candidate will be responsible for the design, implementation, and maturation of our enterprise Zero Trust Architecture (ZTA) in support of Department of War (DoW) missions. This role is critical for building and maintaining robust, identity-centric, and data-focused security solutions that protect critical infrastructure and CUI operating within Impact Level 5 (IL5) environments. The ideal candidate will have a deep understanding of the DoW Zero Trust Strategy and the ability to implement security controls across all 7 Pillars of Zero Trust and a strong background in enterprise cybersecurity architecture, identity and access management (ICAM), network micro-segmentation, and DoD/DoW compliance. This position will support our DCSA Contract based in Quantico VA. Remote flexibility available! Telework offered with a requirement to be onsite up to three (3) days a week at Quantico Marine Corps Base VA. Position Description: The Zero Trust Architect is a critical role responsible for spearheading the transition from traditional perimeter-based security to a comprehensive Zero Trust model. This position focuses on architecting solutions across all Zero Trust pillars (User, Device, Network, Application/Workload, Data, Visibility/Analytics, and Automation/Orchestration) to maintain a strong, assumption-of-breach security posture. The Zero Trust Architect will collaborate with mission owners, cybersecurity professionals, network engineers, and IT staff to build resilient security pipelines, integrate advanced authentication mechanisms, and ensure all architectural decisions adhere to the DoW Zero Trust Strategy and relevant data governance policies. Minimum Requirements: - Bachelor's degree with 10+ years of experience or equivalent in cybersecurity architecture, network engineering, or enterprise IT security. - Deep understanding of the DoW/DoD Zero Trust Strategy, NIST SP 800-207, and CISA Zero Trust Maturity Model. - Active Top-Secret Clearance Required, eligible to be upgraded to TS/SCI. - Must meet 8570 IASAE III certification requirements at the time of hire. (e.g., CISSP-ISSAP, CISSP- ISSEP certification). - Highly desired: Bachelor's Degree, in Cybersecurity, Computer Science, Information Systems Management, or a related field. - Highly desired: Cloud architecture certifications (e.g., AWS Certified Security Specialty, Microsoft Cybersecurity Architect Expert) or enterprise Zero Trust vendor certifications. Responsibilities: - Zero Trust Architecture and Design: - Design and architect scalable, high-performance Zero Trust solutions tailored to DoW mission and technical requirements as identified in DTM 25-003 (Implementing the DoD Zero Trust Strategy) and the DoW Zero Trust Reference Architecture (v2.0) and NIST SP 800-207. - Develop and maintain transition roadmaps to migrate legacy architectures to a Zero Trust framework. - Ensure architectural designs align with IL5 security controls and DoW reference architectures. - Identity, Credential, and Access Management (ICAM): - Design and integrate robust ICAM solutions, enforcing continuous authentication and authorization. - Implement advanced Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) policies. - Ensure secure integration of Multi-Factor Authentication (MFA) and conditional access across all enterprise assets. - Network and Infrastructure Security: - Architect micro-segmentation strategies to limit lateral movement within the network. - Design and deploy Software-Defined Perimeters (SDP) and Secure Access Service Edge (SASE) solutions. - Evaluate and secure multi-cloud and hybrid environments housing mission-critical workloads. - Data Security and Governance: - Implement data-centric security controls, including data discovery, tagging, and categorization for CUI and mission data. - Ensure robust encryption standards are applied to data at rest and data in transit. - Establish data access policies that adhere to the "never trust, always verify" principle. - Visibility, Analytics, and Automation: - Integrate Zero Trust telemetry with enterprise SIEM and continuous monitoring solutions. - Develop architectures that support automated threat response and continuous risk scoring. - Work with SOC analysts to ensure visibility gaps are closed across all endpoints and network segments. - Collaboration and Compliance: - Collaborate with engineering teams to securely integrate applications into the ZTA. - Provide expert-level support and guidance to leadership and technical teams on Zero Trust principles. - Ensure all designs comply with the Risk Management Framework (RMF) and relevant DISA STIGs. - Continuous Improvement: - Stay up-to-date with the latest Zero Trust technologies, DoW policies, and adversary tactics. - Research and evaluate new vendor solutions to enhance enterprise security capabilities. - Document architectural standards, concept of operations (CONOPS), and best practices. Work Environment and Physical Demands: - This is primarily a Telework position with a requirement to be onsite up to three (3) days a week - If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection - Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law. The salary offered will depend on several factors including, but not limited to, relevant experience, skills, education, geographic location, internal equity, business needs, and other factors permitted by law. Posted pay ranges are a general guideline only and are not a guarantee of compensation or salary.