Jobs · Engineering

SECURITY ARCHITECTURE & ENGINEERING SME

Zermount, Inc. · Arlington, VA · 3 wk ago
RemoteRemoteEngineeringFull-time

About the role

Zermount Inc. is seeking a Cybersecurity Architect & Engineer SME to support a federal client's enterprise cybersecurity and Continuous Authorization to Operate (cATO) initiative(s).

Responsibilities

  • Develop, maintain, and evolve the Enterprise Security Reference Architecture (ESRA).
  • Provide architectural input to the organization's Cybersecurity Roadmap and Strategy, addressing:
    • Continuous ATO (cATO) and automated control testing maturity.
    • Cloud security standards, compliance, and improvements to ATO timelines.
    • Cloud monitoring, detection, response, and security operations.
    • Privacy, continuous monitoring, and vulnerability assessment modernization.
    • Integration of security scanning into cloud pipelines.
    • Implementation of EO 14028 (ZTA) and SCRM requirements.
    • Architect and implement continuous monitoring pipelines for automated evidence collection (SIEM, XDR, scanners, cloud APIs, CI/CD).
    • Develop and manage OSCAL profiles, inheritance models, and evidence data contracts.
    • Integrate telemetry and evidence into AO-grade dashboards.
    • Support ATO intake, assessment workflows, and vulnerability scanning processes.
    • Develop security architectural patterns that expedite ATO by pre-meeting control requirements.
    • Collaborate with the Cybersecurity Authorizations & Compliance Branch to design systems supporting cATO, reduce ATO processing times, provide data-call responses, and participate in working groups.
    • Design and deploy native cloud security services across AWS, Azure, and Google Cloud.
    • Lead the development of enterprise cloud security blueprints, including security in Infrastructure-as-Code (IaC) templates.
    • Conduct proofs-of-value for cloud-native, COTS, third-party, or open-source security tools.
    • Provide security architecture input for DevSecOps strategy, including vulnerability scanning, automated assessments, and implementation of security controls.
    • Conduct requirements-gathering sessions and cATO current-state assessments.
    • Recommend security requirements, architectural direction, and support testing for enterprise initiatives such as: cATO, automated assessments, ZTA, SASE, CASB, SWG, TIC 3.0, ICAM, CMDB, etc.
    • Collaborate with operational teams to improve cloud security monitoring, including ingestion and analysis of API, application, database, and flow logs into SIEM platforms.
    • Support development of cloud event analysis and alert tuning to increase detection fidelity.
    • Identify vulnerabilities across the SDLC and help contain, minimize, and remediate associated risks.
    • Provide system engineering and architectural design support, including:
      • Studies and analyses of operational changes;
      • End-to-end architecture trade-off assessments;
      • Development of strategic and tactical plans;
      • Evaluation of new program requirements;
      • Research and assessment of new technologies for operational enhancement.
    • Ensure teams deliver high-value increments meeting the Definition of Done.
    • Facilitate stakeholder collaboration as needed.

Requirements

  • High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
  • Adept at both the strategic and operational/technical level.
  • Able to adapt to new and changing requirements / priorities and manage work accordingly.
  • At least 5 years (preferred 10 years) of network, systems, applications experience, in areas such as: LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS, Virtualization, hypervisor security, container security, Application development, serverless security, microservices, CICD.
  • At least 5 years of designing and/or implementing security in Cloud environments (AWS and Azure; GCP is also preferred but not required).
  • Operational experience with the following is preferred:
    • Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
    • AWS Security Hub, Audit Manager, Config., Guard Duty, CloudTrail, CloudWatch, Lambda.
    • Azure E3/E5, AD, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
  • Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
  • Knowledge of ZTA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
  • The candidate must have a: Certified Information Systems Security Professional (CISSP), and At least one of the following, or equivalent: Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect Associate, AWS Certified Security Specialist, Microsoft Azure Solutions Architect,Google Professional Cloud Architect.
  • Minimum Background Investigation.

Location

Hybrid - Primary location is Alexandria, VA. Remote work is authorized. Occasional travel to the primary location may be required.

Similar jobs

Architecture SME

Bechtel CorporationUnited States· Yesterday
RemoteArt & Creativeapply on jobs.bechtel.com

Cyber Security (SME)

Diné Development CorporationDayton, OH· 3 mo ago
Engineeringapply on ddc-dine-careers.icims.com