Principal Federal Solution Architect – Zero Trust, Automation & Identity

This is a direct hire for AppGate The Principal Federal Solution Architect serves as the senior technical authority responsible for the design, integration, automation, and operational success of Appgate's Zero Trust Network Access platform across U.S. Federal and Department of Defense environments. This role requires deep, hands on engineering expertise rather than high level or presentation based knowledge. The ideal candidate can operate systems, write and review code, debug live integrations, and troubleshoot failures at the protocol, operating system, and application level. This position is designed for practitioners who build, integrate, and operate secure access systems in real world Federal environments. Technical Depth Expectations Candidates must demonstrate operational competence across all domains, including the ability to Configure and operate systems directly Debug failures using logs, shell access, packet captures, and code inspection Write and modify scripts or automation to solve real problems Explain system behavior based on implementation rather than abstraction Engineers who primarily work at the diagram or presentation level will not be successful in this role. Linux Systems and Access Enforcement Platforms (Critical) Serve as a technical authority for Linux based Zero Trust enforcement infrastructure Operate and manage systems via SSH including secure key based access and privilege separation Demonstrate deep hands on knowledge of Bash scripting, process management, systemd, filesystem layout, permissions, and logging Strong understanding of Linux networking internals including routing tables, policy routing, interface binding, traffic steering, and iptables or nftables Diagnose complex cross platform issues where Linux enforcement points interact with Windows and macOS endpoints JavaScript and REST API Integration Engineering (Critical) Develop and maintain JavaScript based logic executed on Appgate appliances to enable integration and automation Build and troubleshoot REST API integrations with external systems including Microsoft Graph API and ServiceNow Apply strong understanding of RESTful API design, JSON data models, schema validation, and authentication methods such as OAuth, tokens, and certificates Operate within an API first, Everything as Code architecture Containers and Kubernetes Architecture Architect Zero Trust access enforcement for containerized and microservices based workloads Support Kubernetes environments including sidecar injection, operator based enforcement models, secure service exposure, and service to service access Integrate with Kubernetes networking, ingress, and egress controls Ensure access models scale across on premises and cloud native environments Automation, Infrastructure as Code and Configuration as Code Design and implement Infrastructure as Code using Terraform Implement Configuration as Code and GitOps workflows for policies, entitlements, and integrations Integrate Zero Trust deployments into CI CD pipelines aligned with Federal DevSecOps standards Ensure automation is version controlled, repeatable, auditable, and API driven Identity and Authentication Engineering (Critical) Architect identity centric access solutions using enterprise identity systems as the authoritative control plane Deep expertise with Active Directory including multi domain and multi forest environments, domain controllers, LDAP and LDAPS binding behavior, and Kerberos authentication flows Design and troubleshoot DNS architecture across Windows, macOS, and Linux Support machine certificate authentication, PKI trust chains, certificate lifecycle and revocation, and SAML or OIDC authentication Understand how identity, DNS, and routing failures manifest as access control issues Modern Cloud and Infrastructure Excellence Architect level knowledge of VMware, ESXi, and KVM for private cloud deployments Architect and implement security services within AWS GovCloud, Azure Government, and Google Cloud Platform with focus on networking and IAM policy enforcement Experience governing access to AI and LLM workloads is desired Endpoint Scripting and Client Side Automation Design and troubleshoot endpoint executed scripts for posture checks, integrations, and access decisions PowerShell for Windows scripting including certificates, networking, registry, and system services Bash for macOS and Linux scripting including diagnostics and process control Ensure scripts are secure, deterministic, and compatible with Federal hardening requirements Networking, Transport and Cryptographic Protocol Expertise Architect level understanding of IP packet structure, routing behavior, and TCP session lifecycle Deep knowledge of TLS 1.2 and TLS 1.3, mutual TLS, certificate validation, and trust chains Familiarity with VPN architectures and differences between VPN and identity centric ZTNA Diagnose failures using tcpdump, Wireshark, and OS level packet tracing STIG, SCAP and Compliance Engineering Support STIG compliance for Linux platforms Working knowledge of SCAP including OpenSCAP tooling and interpreting scan output Support RMF and ATO efforts through technical evidence Communicate effectively with ISSMs, ISSEs, and assessors Interoperability and Federal Integration Architect interoperability between Appgate and Federal systems including identity platforms, endpoint security tools, SIEM, SOAR, ITSM, and network security systems Enable Appgate to operate as a composable Zero Trust control within multi vendor architectures Support integrators and partners implementing joint solutions Senior Technical Leadership Serve as final escalation point for complex Federal deployments Lead deep technical architecture reviews with government and integrator teams Mentor senior architects and engineers Influence product direction related to automation, integration, and operability