SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 22226, Arlington, VA
  3. SECURITY ARCHITECTURE & ENGINEERING SME

SECURITY ARCHITECTURE & ENGINEERING SME

Zermount, Inc
Posted 2 months ago, valid for a month
Location

Arlington, Arlington 22226, VA

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Zermount Inc. is looking for a Cybersecurity Architect & Engineer SME to develop solutions for government cybersecurity initiatives, focusing on complex IT and cyber threats.
  • The role requires at least 5 years of experience in network, systems, and applications, with a strong emphasis on cloud security in environments like AWS and Azure.
  • Candidates should possess a Bachelor of Science degree in a relevant field and hold a Certified Information Systems Security Professional (CISSP) certification, along with one additional cloud security certification.
  • The position offers a hybrid work environment based in Alexandria, VA, with a salary range of $120,000 to $150,000, commensurate with experience.
  • The SME will collaborate with a dynamic team to enhance the client's cybersecurity posture, focusing on automated control assessments and operationalizing zero trust capabilities.

Zermount Inc. is seeking a Cybersecurity Architect & Engineer SME who can create government solutions that will withstand even the most complex of IT and Cyber threats. The SME will support a federal client's enterprise cybersecurity and Continuous Authorization to Operate (cATO) initiative(s). The SME provides technical expertise, architectural recommendations, and engineering oversight across hybrid environments (on‑prem, cloud, and Cloud). The role focuses on designing secure enterprise architectures, engineering automated control assessments and evidence pipelines, and operationalizing zero trust and cATO capabilities.
You will coordinate with a dynamic team of thought leaders and experts to determine the right tools and methods to translate your client's IT needs and future goals into a plan that delivers secure and efficient solutions. You will assist the client through a critical approach to innovative solutions design, suggesting alternatives and tweaking capabilities to maintain a balance between security and mission needs. The candidate must have experience in delivering measurable improvements in security posture, automation, and compliance maturity.

DUTIES AND RESPONSIBILITIES

  • Develop, maintain, and evolve the Enterprise Security Reference Architecture (ESRA).
  • Provide architectural input to the organization's Cybersecurity Roadmap and Strategy, addressing: o Continuous ATO (cATO) and automated control testing maturity.
    • Cloud security standards, compliance, and improvements to ATO timelines.
    • Cloud monitoring, detection, response, and security operations.
    • Privacy, continuous monitoring, and vulnerability assessment modernization.
    • Integration of security scanning into cloud pipelines.
    • Implementation of EO 14028 (ZTA) and SCRM requirements.
  • Architect and implement continuous monitoring pipelines for automated evidence collection (SIEM, XDR, scanners, cloud APIs, CI/CD).
  • Develop and manage OSCAL profiles, inheritance models, and evidence data contracts.
  • Integrate telemetry and evidence into AO‑grade dashboards.
  • Support ATO intake, assessment workflows, and vulnerability scanning processes.
  • Conduct RMF‑aligned security reviews for compliance and best practices.
  • Develop security architectural patterns that expedite ATO by pre‑meeting control requirements.
  • Collaborate with the Cybersecurity Authorizations & Compliance Branch to design systems supporting cATO, reduce ATO processing times, provide data‑call responses, and participate in working groups.
  • Design and deploy native cloud security services across AWS, Azure, and Google Cloud.
  • Lead the development of enterprise cloud security blueprints, including security in Infrastructure‑as‑Code (IaC) templates.
  • Conduct proofs‑of‑value for cloud‑native, COTS, third‑party, or open‑source security tools.
  • Provide security architecture input for DevSecOps strategy, including vulnerability scanning, automated assessments, and implementation of security controls.
  • Conduct requirements‑gathering sessions and cATO current‑state assessments.
  • Recommend security requirements, architectural direction, and support testing for enterprise initiatives such as: cATO, automated assessments, ZTA, SASE, CASB, SWG, TIC 3.0, ICAM, CMDB, etc.
  • Collaborate with operational teams to improve cloud security monitoring, including ingestion and analysis of API, application, database, and flow logs into SIEM platforms.
  • Support development of cloud event analysis and alert tuning to increase detection fidelity.
  • Identify vulnerabilities across the SDLC and help contain, minimize, and remediate associated risks.
  • Provide system engineering and architectural design support, including:
    • Studies and analyses of operational changes; End‑to‑end architecture trade‑off assessments
    • Development of strategic and tactical plans; Evaluation of new program requirements
    • Research and assessment of new technologies for operational enhancement
  • Conduct architectural risk assessments, threat modeling, and secure design reviews.
  • Support backlog refinement, sprint planning, capacity planning, and retrospectives.
  • Ensure teams deliver high‑value increments meeting the Definition of Done.
  • Facilitate stakeholder collaboration as needed.

REQUIREMENTS

  • High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
  • Adept at both the strategic and operational/technical level.
  • Able to adapt to new and changing requirements / priorities and manage work accordingly.
  • At least 5 years (preferred 10 years) of network, systems, applications experience, in areas such as:
    • LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS, Virtualization, hypervisor security, container security, Application development, serverless security, microservices, CICD.
  • At least 5 years of designing and/or implementing security in Cloud environments (AWS and Azure; GCP is also preferred but not required). Operational experience with the following is preferred.
    • Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
    • AWS Security Hub, Audit Manager, Config., Guard Duty, CloudTrail, CloudWatch, Lambda.
    • Azure E3/E5, AD, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
  • Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
  • Knowledge of ZTA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.

EDUCATION

Candidate must have a Bachelor of Science (or higher) in one of the following:

  • Engineering, Computer Science, Information Technology (IT), Cybersecurity, or a similar technical field.

CERTIFICATIONS

The candidate must have a: Certified Information Systems Security Professional (CISSP), and

At least one of the following, or equivalent:

  • Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect Associate, AWS Certified Security Specialist, Microsoft Azure Solutions Architect,Google Professional Cloud Architect.

CLEARANCE

  • Minimum Background Investigation

LOCATION

  • Hybrid - Primary location is Alexandria, VA. Remote work is authorized.
    • Occasional travel to the primary location may be required.


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs