Senior Solution Architect

About The Position

Requirements

• Bash scripting (required)
• Process management and systemd
• Filesystem layout, permissions, and logging
• Routing tables and policy routing
• Interface binding and traffic steering
• iptables / nftables
• RESTful API design and consumption
• JSON data models and schema validation
• Authentication methods (OAuth, tokens, certificates)
• Sidecar injection and operator-based enforcement models
• Secure service exposure and service-to-service access
• Integration with Kubernetes networking (CNI), ingress, and egress controls
• Version-controlled
• Repeatable
• Auditable
• API-driven
• Active Directory, including multi-domain and multi-forest environments
• Domain Controllers and LDAP/LDAPS binding behavior
• Kerberos authentication flows and ticket lifecycles
• SAML
• OIDC
• RADIUS
• Windows endpoints
• macOS endpoints
• Linux enforcement platforms
• Machine certificate–based authentication on Windows
• PKI trust chains, certificate lifecycle, and revocation
• SAML and OIDC user authentication via external Identity Providers
• PowerShell (Required):Windows endpoint scripting Interaction with certificates, networking, registry, and system services
• Bash (Required):macOS and Linux client scripting System interrogation, diagnostics, and process control
• TLS 1.2 / TLS 1.3 and QUIC
• Mutual TLS (mTLS)
• Certificate validation and trust chains
• OpenSCAP tooling
• Interpreting scan output and false positives
• Mapping findings to mitigations
• 12+ years in networking, security, systems, platform, or automation engineering roles
• Demonstrated mastery of: Bash PowerShell JavaScript Linux systems administration REST APIs and automation
• Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)
• Experience supporting Federal or other high-assurance environments
• Ability to obtain or maintain a U.S. security clearance

Nice To Haves

• AI/ML Security: Forward-thinking experience in governing access to AI/LLM workloads and agent platforms.
• Single Packet Authorization or port knocking familiarity desired
• Expertise with Zero Trust Network and Univeral ZTNA concepts and Software Defined Perimeter desirable
• Familiarity with: VPN architectures and tunneling models Differences between VPN and identity-centric ZTNA MPLS and SDWAN Architectures and traffic flows

Responsibilities

• Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure
• Operate and manage systems via SSH, including secure key-based access and privilege separation
• Develop and maintain JavaScript-based logic executed on Appgate appliances to enable integration and automation
• Build and troubleshoot REST API integrations with external systems, including: Microsoft Graph API ServiceNow REST APIs Identity, ITSM, logging, NGFW, and security platforms
• Architect Zero Trust access enforcement for containerized and microservices-based workloads
• Design and implement Infrastructure as Code (IaC) using Terraform
• Implement Configuration as Code (CaC) and GitOps workflows for: Appgate ZTNA Policies Appgate ZTNA Entitlements Integrations with 3rd party systems and Entitlement Engines
• Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane
• Architect-level knowledge of VMware, ESXi, and KVM for private cloud deployments
• Demonstrate architect-level design and implementation of security services within AWS (GovCloud), Azure (Government), and Google Cloud Platform (GCP), with a specific focus on native networking (VPCs, VNets, Transit Gateways) and IAM policy enforcement.
• Design and troubleshoot endpoint-executed scripts used for posture checks, integrations, and access decisions
• Architect-level understanding of: IP packet structure and routing behavior TCP three-way handshake and session lifecycle ARP, GARP, and Proxy ARP functionality
• Demonstrate Architect level knowledge and experience designing, articulating, and implementing complex Network integrations and Cybersecurity solitons
• Support STIG compliance for Linux-based platforms
• Architect interoperability between Appgate and adjacent Federal systems: Identity platforms Endpoint security tools SIEM, SOAR, and ITSM platforms Network and boundary security systems
• Serve as final escalation point for the most complex Federal deployments
• Lead deep technical architecture reviews with government and integrator teams
• Mentor senior Solution Architects and engineers
• Influence product direction related to automation, integration, and operability