Senior Zero Trust Architect/ Engineer

ASRC Federal•Quantico, VA

1d•Hybrid

About The Position

ASRC Federal is seeking a highly skilled and experienced Zero Trust Architect to join our dynamic team. The successful candidate will be responsible for the design, implementation, and maturation of our enterprise Zero Trust Architecture (ZTA) in support of Department of War (DoW) missions. This role is critical for building and maintaining robust, identity-centric, and data-focused security solutions that protect critical infrastructure and CUI operating within Impact Level 5 (IL5) environments. The ideal candidate will have a deep understanding of the DoW Zero Trust Strategy and the ability to implement security controls across all 7 Pillars of Zero Trust and a strong background in enterprise cybersecurity architecture, identity and access management (ICAM), network micro-segmentation, and DoD/DoW compliance. This position will support our DCSA Contract based in Quantico VA. Remote flexibility available! Telework offered with a requirement to be onsite up to three (3) days a week at Quantico Marine Corps Base VA. The Zero Trust Architect is a critical role responsible for spearheading the transition from traditional perimeter-based security to a comprehensive Zero Trust model. This position focuses on architecting solutions across all Zero Trust pillars (User, Device, Network, Application/Workload, Data, Visibility/Analytics, and Automation/Orchestration) to maintain a strong, assumption-of-breach security posture. The Zero Trust Architect will collaborate with mission owners, cybersecurity professionals, network engineers, and IT staff to build resilient security pipelines, integrate advanced authentication mechanisms, and ensure all architectural decisions adhere to the DoW Zero Trust Strategy and relevant data governance policies.

Requirements

Bachelor's degree with 10+ years of experience or equivalent in cybersecurity architecture, network engineering, or enterprise IT security.
Deep understanding of the DoW/DoD Zero Trust Strategy, NIST SP 800-207, and CISA Zero Trust Maturity Model.
Active Top-Secret Clearance Required, eligible to be upgraded to TS/SCI.
Must meet 8570 IASAE III certification requirements at the time of hire. (e.g., CISSP-ISSAP, CISSP- ISSEP certification).

Nice To Haves

Bachelor’s Degree, in Cybersecurity, Computer Science, Information Systems Management, or a related field.
Cloud architecture certifications (e.g., AWS Certified Security Specialty, Microsoft Cybersecurity Architect Expert) or enterprise Zero Trust vendor certifications.

Responsibilities

Design and architect scalable, high-performance Zero Trust solutions tailored to DoW mission and technical requirements as identified in DTM 25-003 (Implementing the DoD Zero Trust Strategy) and the DoW Zero Trust Reference Architecture (v2.0) and NIST SP 800-207.
Develop and maintain transition roadmaps to migrate legacy architectures to a Zero Trust framework.
Ensure architectural designs align with IL5 security controls and DoW reference architectures.
Design and integrate robust ICAM solutions, enforcing continuous authentication and authorization.
Implement advanced Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) policies.
Ensure secure integration of Multi-Factor Authentication (MFA) and conditional access across all enterprise assets.
Architect micro-segmentation strategies to limit lateral movement within the network.
Design and deploy Software-Defined Perimeters (SDP) and Secure Access Service Edge (SASE) solutions.
Evaluate and secure multi-cloud and hybrid environments housing mission-critical workloads.
Implement data-centric security controls, including data discovery, tagging, and categorization for CUI and mission data.
Ensure robust encryption standards are applied to data at rest and data in transit.
Establish data access policies that adhere to the "never trust, always verify" principle.
Integrate Zero Trust telemetry with enterprise SIEM and continuous monitoring solutions.
Develop architectures that support automated threat response and continuous risk scoring.
Work with SOC analysts to ensure visibility gaps are closed across all endpoints and network segments.
Collaborate with engineering teams to securely integrate applications into the ZTA.
Provide expert-level support and guidance to leadership and technical teams on Zero Trust principles.
Ensure all designs comply with the Risk Management Framework (RMF) and relevant DISA STIGs.
Stay up-to-date with the latest Zero Trust technologies, DoW policies, and adversary tactics.
Research and evaluate new vendor solutions to enhance enterprise security capabilities.
Document architectural standards, concept of operations (CONOPS), and best practices.