Data Security Architect, Zero Trust (TS/SCI)

About The Position

Requirements

• Master's degree (MA/MS) in Computer Science, Information Security / Cybersecurity, Information Systems, Data Science, or a closely related technical field
• 15+ years of relevant experience
• Extensive experience acting as an Architect or Lead Engineer for large-scale DoD or Federal enterprise security transformations.
• Deep expertise in Zero Trust Architecture principles, specifically Data Object-Level Protection (DOLP) and Attribute-Based Access Control (ABAC).
• Proven experience designing architectures that utilize Microsoft Purview (Information Protection/DLP) and Digital Rights Management (DRM) technologies (e.g., Kiteworks, Virtru).
• Ability to design security solutions for Disconnected, Degraded, Intermittent, and Limited Bandwidth (DDIL) and air-gapped environments.
• Required: IAT III: CISSP-ISSEP (Information Systems Security Engineering Professional) OR CISSP.
• DoD 8570 Compliance: Must meet IAT Level III and IASAE II requirements.
• Active Top-Secret clearance with SCI eligibility.

Nice To Haves

• Experience with BigID for data discovery and NetApp BlueXP for storage-level classification.
• Knowledge of NIST Internal Report 8112 (Attribute Metadata) and its application to identity-centric security.
• Background in supporting USSOCOM or Special Operations Forces (SOF) missions.
• Preferred: One or more Cloud/Zero Trust Architecture certifications (e.g., CCSP, Microsoft Cybersecurity Architect SC-100).

Responsibilities

• Enterprise Architecture Strategy: Serve as the Technical Authority for the Data Pillar, defining the high-level architecture for data discovery, classification, and protection across NIPR, SIPR, and Top Secret networks.
• Metadata & Taxonomy Design: Define and enforce the enterprise data taxonomy and metadata schemas (specifically adhering to NIST 8112) to standardize how "Trust Attributes" (Pedigree, Verifier, Assurance Level) are ingested and utilized for ABAC decisions.
• Cross-Enclave Integration: Ensure architectural consistency between the cloud-native NIPR stack (Microsoft Purview/Sentinel) and the on-premise SIPR/Top Secret stacks (BigID, Kiteworks, NetApp BlueXP), ensuring policy logic remains uniform even when tools differ.
• ABAC & Identity Integration: Design the integration points between the Data Pillar and the ICAM Pillar, defining the requirements for how User Attributes from SailPoint and Entra ID are consumed by Policy Decision Points (PDPs) like Kiteworks and Purview.
• Standards & Compliance: Lead the development of System Design Documents (SDDs) and validate that all architecture aligns with the USSOCOM Zero Trust Reference Architecture and DoD 8140/8570 compliance requirements.

Benefits

• We offer competitive benefits package including paid time off, healthcare benefits, supplemental benefits, 401k including an employer match, discount perks, rewards, and more.
• We invest in our employees – Every employee is eligible for education reimbursement for certifications, degrees, or professional development.
• Reimbursement amounts may fluctuate due to IRS limitations.
• We want you to grow as an expert and a leader and offer flexibility for you to take a course, complete a certification, or other professional growth and networking.
• We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.
• We work hard; we play hard.
• Kentro is committed to incorporating fun into every day.
• We dedicate funds for activities – virtual and in-person – e.g., we host happy hours, holiday events, fitness & wellness events, and annual celebrations.
• In alignment with our commitment to our communities, we also host and attend charity galas/events.
• We believe in appreciating your commitment and building a positive workspace for you to be creative, innovative, and happy.