Aleut Federal
Zero Trust Architect
The Zero Trust Architect is a strategic leader responsible for securing the information infrastructure supporting the Distributed Common Ground System (DCGS) and STATEFARM programs. This role leads the design, implementation, and sustainment of a robust Zero Trust Architecture (ZTA) in compliance with the Department of Defense Zero Trust Reference Architecture, OMB Memorandum M-22-09, and NIST 800-207. The architect conducts comprehensive assessments of system security postures, identifies vulnerabilities, and implements identity-centric access controls across all layers of the enterprise. They establish and manage a centralized, policy-driven control plane that enforces secure access, role-based permissions, and continuous verification of users, devices, and data transactions. This includes integration of secure LANs, WANs, VPNs, firewalls, and identity management systems to ensure dynamic and adaptive enforcement. Essential Job Functions Provide a blend of technical expertise, strategic mindset, and effective communication skills to drive security transformations successfully. Design and implement Zero Trust Engineering solutions in accordance with DAF Zero Trust Strategy 1.0, OMB M-22-09, and NIST 800-207. Establish a centralized policy-driven Zero Trust Control Plane to manage user/device authentication, authorization, and access control. Ensure the architecture supports modularity, vendor neutrality, and ease of change management to accommodate evolving mission needs. Define and apply continuous risk scoring methodologies for adaptive access decisions and vulnerability prioritization. Enable continuous monitoring of access control effectiveness through quantitative metrics and telemetry. Integrate secure LANs, WANs, VPNs, firewalls, and endpoint protection tools to support ZTA enforcement across all environments. Oversee the implementation of automation tools that streamline vulnerability data ingestion, scoring, and remediation. Supervise the development and approval of installation requirements and configurations for all related network and endpoint security components. Collaborate with the Information Security Specialist to validate ZTA effectiveness through testing, exercises, and real-time monitoring. Lead post-incident forensics and root cause analysis to ensure rapid containment, mitigation, and capture lessons learned to reduce future system compromise. Guide configuration baselines and system hardening strategies aligned with RMF controls and mission risk profiles. Conduct rigorous system testing, security drills, and continuous monitoring to validate enforcement and effectiveness of controls and provide in-depth post-incident analysis in response to any breaches or anomalies. Identify risk management practices, create incident response procedures/planning, and champion a cybersecurity-aware culture through staff training, technical mentorship, and stakeholder engagement. Develop timelines and execution of security upgrades to ensure operational resilience. Evaluate existing system security postures, identifying areas of vulnerability, and implementing robust, identity-centric access controls across all network layers. Establish a centralized policy-based control plane, ensuring compliance with secure access, authentication protocols, and role-based permissions across all systems and environments. Identify key criteria to establish a secure, compliant, and mission-ready cybersecurity posture for critical ISR operations. Education/Training Required: Bachelor's Degree in Cybersecurity, Information Assurance, Computer Science, or related field. Preferred: Master's Degree in Cybersecurity Architecture, Network Security, or Systems Engineering. Required Certification: IAT Level III (e.g., CISSP, CASP+) upon hire. Preferred Certifications: Certified Zero Trust Strategist, CISM, CCSP, or SANS GIAC certifications. Experience Minimum 7 years of cybersecurity experience with 3+ years focused on Zero Trust implementations. Experience applying RMF security controls and integrating automated vulnerability and risk management frameworks. Strong background in identity and access management, role-based access control, and secure authentication protocols. Demonstrated ability to lead enterprise-scale security modernization efforts. Familiarity with Department of Defense cybersecurity policies and network architectures. Skills/Abilities Proficient in Zero Trust tools and methodologies, including authentication, authorization, micro-segmentation, and telemetry-based decision-making. Ability to implement modular, flexible, and vendor-agnostic solutions in secure IT environments. Strong analytical and leadership skills to translate high-level requirements into secure, functional architectures. Proficiency with network protocols, firewalls, identity services, and automation tools. Excellent communication skills for interfacing with technical teams, stakeholders, and mission owners. In-depth knowledge of firewalls, VPNs, intrusion detection systems (IDS), and intrusion prevention systems (IPS). Familiarity with software-defined networking (SDN) and micro-segmentation. Expertise in designing and implementing Identity & Access Management (IAM) systems, including multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC). Knowledge of identity frameworks like SAML, OAuth, and OpenID Connect. Understanding of concepts like "least privilege access," continuous authentication, and device security posture. Experience with securing workloads in multi-cloud environments (AWS, Azure, GCP) and hybrid setups. Knowledge of endpoint protection solutions and secure software development practices. Work with IT, DevOps, and cybersecurity teams to design and implement policies. Engage with stakeholders to align security practices across the organization. Handle challenges in integrating Zero Trust solutions without disrupting mission operations. Explain complex security concepts to non-technical stakeholders. Provide training and awareness sessions on Zero Trust principles. Physical Demands Must be able to sit or stand for extended periods. Must be able to use a computer and related equipment for prolonged periods. Able to lift 40 lbs. and support system installations and de-installations as necessary. Work Environment This is an Onsite position that requires work to be performed onsite at a government location in Warner Robins, GA. Working indoors in an office environment. Special Requirements Must be able to pass pre-employment background screening. Must possess and be able to maintain a Top Secret with SCI eligibility clearance. Must be able to be cleared for base or site access. Must be a US Citizen. Must be available for a flexible work schedule to include nights, weekends, and holidays. Must hold a current IAT Level II CompTIA Security + certification (or equivalent) Must possess a current U.S. Passport Includes CONUS and OCONUS travel (10-20%) to government facilities for integration, testing, or collaboration. Salary/Rate Range $145K-$170K We are accepting ongoing applications for this position. Aleut offers the following benefits to eligible employees: Health insurance Dental/Vision insurance Paid Time Off Short- and Long-Term Disability Life insurance 401k and match At Aleut, our culture thrives on diversity, inclusion, and collaboration. By integrating diverse perspectives, we open up new possibilities, foster innovation, and fully harness our team's potential. We are committed to creating an environment where every employee feels valued, included, and inspired to grow and find purpose. Join us and be part of a culture that celebrates differences and belonging for everyone, without regard to race, color, religion, or belief, national, social, or ethnic origin, genetic information, sex, sexual orientation, gender identity and/or expression pregnancy, reproductive health decision, familial responsibilities, marital status, age, physical, mental, or sensory
The Zero Trust Architect is a strategic leader responsible for securing the information infrastructure supporting the Distributed Common Ground System (DCGS) and STATEFARM programs. This role leads the design, implementation, and sustainment of a robust Zero Trust Architecture (ZTA) in compliance with the Department of Defense Zero Trust Reference Architecture, OMB Memorandum M-22-09, and NIST 800-207. The architect conducts comprehensive assessments of system security postures, identifies vulnerabilities, and implements identity-centric access controls across all layers of the enterprise. They establish and manage a centralized, policy-driven control plane that enforces secure access, role-based permissions, and continuous verification of users, devices, and data transactions. This includes integration of secure LANs, WANs, VPNs, firewalls, and identity management systems to ensure dynamic and adaptive enforcement. Essential Job Functions Provide a blend of technical expertise, strategic mindset, and effective communication skills to drive security transformations successfully. Design and implement Zero Trust Engineering solutions in accordance with DAF Zero Trust Strategy 1.0, OMB M-22-09, and NIST 800-207. Establish a centralized policy-driven Zero Trust Control Plane to manage user/device authentication, authorization, and access control. Ensure the architecture supports modularity, vendor neutrality, and ease of change management to accommodate evolving mission needs. Define and apply continuous risk scoring methodologies for adaptive access decisions and vulnerability prioritization. Enable continuous monitoring of access control effectiveness through quantitative metrics and telemetry. Integrate secure LANs, WANs, VPNs, firewalls, and endpoint protection tools to support ZTA enforcement across all environments. Oversee the implementation of automation tools that streamline vulnerability data ingestion, scoring, and remediation. Supervise the development and approval of installation requirements and configurations for all related network and endpoint security components. Collaborate with the Information Security Specialist to validate ZTA effectiveness through testing, exercises, and real-time monitoring. Lead post-incident forensics and root cause analysis to ensure rapid containment, mitigation, and capture lessons learned to reduce future system compromise. Guide configuration baselines and system hardening strategies aligned with RMF controls and mission risk profiles. Conduct rigorous system testing, security drills, and continuous monitoring to validate enforcement and effectiveness of controls and provide in-depth post-incident analysis in response to any breaches or anomalies. Identify risk management practices, create incident response procedures/planning, and champion a cybersecurity-aware culture through staff training, technical mentorship, and stakeholder engagement. Develop timelines and execution of security upgrades to ensure operational resilience. Evaluate existing system security postures, identifying areas of vulnerability, and implementing robust, identity-centric access controls across all network layers. Establish a centralized policy-based control plane, ensuring compliance with secure access, authentication protocols, and role-based permissions across all systems and environments. Identify key criteria to establish a secure, compliant, and mission-ready cybersecurity posture for critical ISR operations. Education/Training Required: Bachelor's Degree in Cybersecurity, Information Assurance, Computer Science, or related field. Preferred: Master's Degree in Cybersecurity Architecture, Network Security, or Systems Engineering. Required Certification: IAT Level III (e.g., CISSP, CASP+) upon hire. Preferred Certifications: Certified Zero Trust Strategist, CISM, CCSP, or SANS GIAC certifications. Experience Minimum 7 years of cybersecurity experience with 3+ years focused on Zero Trust implementations. Experience applying RMF security controls and integrating automated vulnerability and risk management frameworks. Strong background in identity and access management, role-based access control, and secure authentication protocols. Demonstrated ability to lead enterprise-scale security modernization efforts. Familiarity with Department of Defense cybersecurity policies and network architectures. Skills/Abilities Proficient in Zero Trust tools and methodologies, including authentication, authorization, micro-segmentation, and telemetry-based decision-making. Ability to implement modular, flexible, and vendor-agnostic solutions in secure IT environments. Strong analytical and leadership skills to translate high-level requirements into secure, functional architectures. Proficiency with network protocols, firewalls, identity services, and automation tools. Excellent communication skills for interfacing with technical teams, stakeholders, and mission owners. In-depth knowledge of firewalls, VPNs, intrusion detection systems (IDS), and intrusion prevention systems (IPS). Familiarity with software-defined networking (SDN) and micro-segmentation. Expertise in designing and implementing Identity & Access Management (IAM) systems, including multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC). Knowledge of identity frameworks like SAML, OAuth, and OpenID Connect. Understanding of concepts like "least privilege access," continuous authentication, and device security posture. Experience with securing workloads in multi-cloud environments (AWS, Azure, GCP) and hybrid setups. Knowledge of endpoint protection solutions and secure software development practices. Work with IT, DevOps, and cybersecurity teams to design and implement policies. Engage with stakeholders to align security practices across the organization. Handle challenges in integrating Zero Trust solutions without disrupting mission operations. Explain complex security concepts to non-technical stakeholders. Provide training and awareness sessions on Zero Trust principles. Physical Demands Must be able to sit or stand for extended periods. Must be able to use a computer and related equipment for prolonged periods. Able to lift 40 lbs. and support system installations and de-installations as necessary. Work Environment This is an Onsite position that requires work to be performed onsite at a government location in Warner Robins, GA. Working indoors in an office environment. Special Requirements Must be able to pass pre-employment background screening. Must possess and be able to maintain a Top Secret with SCI eligibility clearance. Must be able to be cleared for base or site access. Must be a US Citizen. Must be available for a flexible work schedule to include nights, weekends, and holidays. Must hold a current IAT Level II CompTIA Security + certification (or equivalent) Must possess a current U.S. Passport Includes CONUS and OCONUS travel (10-20%) to government facilities for integration, testing, or collaboration. Salary/Rate Range $145K-$170K We are accepting ongoing applications for this position. Aleut offers the following benefits to eligible employees: Health insurance Dental/Vision insurance Paid Time Off Short- and Long-Term Disability Life insurance 401k and match At Aleut, our culture thrives on diversity, inclusion, and collaboration. By integrating diverse perspectives, we open up new possibilities, foster innovation, and fully harness our team's potential. We are committed to creating an environment where every employee feels valued, included, and inspired to grow and find purpose. Join us and be part of a culture that celebrates differences and belonging for everyone, without regard to race, color, religion, or belief, national, social, or ethnic origin, genetic information, sex, sexual orientation, gender identity and/or expression pregnancy, reproductive health decision, familial responsibilities, marital status, age, physical, mental, or sensory