SECURITY ARCHITECTURE & ENGINEERING SME

Zermount Inc. is seeking a Cybersecurity Architect & Engineer SME who can create government solutions that will withstand even the most complex of IT and Cyber threats. The SME will support a federal clients enterprise cybersecurity and Continuous Authorization to Operate (cATO) initiative(s). The SME provides technical expertise architectural recommendations and engineering oversight across hybrid environments (onprem cloud and Cloud). The role focuses on designing secure enterprise architectures engineering automated control assessments and evidence pipelines and operationalizing zero trust and cATO capabilities.
You will coordinate with a dynamic team of thought leaders and experts to determine the right tools and methods to translate your clients IT needs and future goals into a plan that delivers secure and efficient solutions. You will assist the client through a critical approach to innovative solutions design suggesting alternatives and tweaking capabilities to maintain a balance between security and mission needs. The candidate must have experience in delivering measurable improvements in security posture automation and compliance maturity.

DUTIES AND RESPONSIBILITIES

• Develop maintain and evolve the Enterprise Security Reference Architecture (ESRA).
• Provide architectural input to the organizations Cybersecurity Roadmap and Strategy addressing: o Continuous ATO (cATO) and automated control testing maturity.
  • Cloud security standards compliance and improvements to ATO timelines.
  • Cloud monitoring detection response and security operations.
  • Privacy continuous monitoring and vulnerability assessment modernization.
  • Integration of security scanning into cloud pipelines.
  • Implementation of EO 14028 (ZTA) and SCRM requirements.

• Architect and implement continuous monitoring pipelines for automated evidence collection (SIEM XDR scanners cloud APIs CI/CD).
• Develop and manage OSCAL profiles inheritance models and evidence data contracts.
• Integrate telemetry and evidence into AOgrade dashboards.
• Support ATO intake assessment workflows and vulnerability scanning processes.
• Conduct RMFaligned security reviews for compliance and best practices.
• Develop security architectural patterns that expedite ATO by premeeting control requirements.
• Collaborate with the Cybersecurity Authorizations & Compliance Branch to design systems supporting cATO reduce ATO processing times provide datacall responses and participate in working groups.
• Design and deploy native cloud security services across AWS Azure and Google Cloud.
• Lead the development of enterprise cloud security blueprints including security in InfrastructureasCode (IaC) templates.
• Conduct proofsofvalue for cloudnative COTS thirdparty or opensource security tools.
• Provide security architecture input for DevSecOps strategy including vulnerability scanning automated assessments and implementation of security controls.
• Conduct requirementsgathering sessions and cATO currentstate assessments.
• Recommend security requirements architectural direction and support testing for enterprise initiatives such as: cATO automated assessments ZTA SASE CASB SWG TIC 3.0 ICAM CMDB etc.
• Collaborate with operational teams to improve cloud security monitoring including ingestion and analysis of API application database and flow logs into SIEM platforms.
• Support development of cloud event analysis and alert tuning to increase detection fidelity.
• Identify vulnerabilities across the SDLC and help contain minimize and remediate associated risks.
• Provide system engineering and architectural design support including:
  • Studies and analyses of operational changes; Endtoend architecture tradeoff assessments
  • Development of strategic and tactical plans; Evaluation of new program requirements
  • Research and assessment of new technologies for operational enhancement

• Conduct architectural risk assessments threat modeling and secure design reviews.
• Support backlog refinement sprint planning capacity planning and retrospectives.
• Ensure teams deliver highvalue increments meeting the Definition of Done.
• Facilitate stakeholder collaboration as needed.

REQUIREMENTS

• High level of attention to detail needs minimal guidance effective verbal and written communications.
• Adept at both the strategic and operational/technical level.
• Able to adapt to new and changing requirements / priorities and manage work accordingly.
• At least 5 years (preferred 10 years) of network systems applications experience in areas such as:
  • LAN/WAN WAF/CDN/DDOS Network Firewalls IDS/IPS Virtualization hypervisor security container security Application development serverless security microservices CICD.
• At least 5 years of designing and/or implementing security in Cloud environments (AWS and Azure; GCP is also preferred but not required). Operational experience with the following is preferred.
  • Multi-Cloud Hybrid Cloud IaaS PaaS SaaS shared responsibility model.
  • AWS Security Hub Audit Manager Config. Guard Duty CloudTrail CloudWatch Lambda.
  • Azure E3/E5 AD Blob Azure Security Center Key Vault SSE Monitor Log Analytics Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF CSF FISMA and Fedramp.
• Knowledge of ZTA and SASE Framework ICAM (OKTA) CWPP SOC Operations Vulnerability Threat Management and Compliance.

EDUCATION

Candidate must have a Bachelor of Science (or higher) in one of the following:

• Engineering Computer Science Information Technology (IT) Cybersecurity or a similar technical field.

The resume may reference another major so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering systems administration information systems security software development security systems engineering information systems or IT.

CERTIFICATIONS

The candidate must have a: Certified Information Systems Security Professional (CISSP) and

At least one of the following or equivalent:

• Certified Cloud Security Professional (CCSP) AWS Certified Solutions Architect Associate AWS Certified Security Specialist Microsoft Azure Solutions ArchitectGoogle Professional Cloud Architect.

CLEARANCE

• Minimum Background Investigation

LOCATION

• Hybrid - Primary location is Alexandria VA. Remote work is authorized.
  • Occasional travel to the primary location may be required.

Required Experience:

Staff IC