Eng Sr Prin II - Sys

BAE SystemsHerndon, VA

About The Position

BAE Systems is seeking a Senior Zero Trust Architect to design, implement, and operate our Secure Service Edge (SSE) and Zero Trust security architecture. This role sits at the intersection of networking, identity, and cloud security, and is responsible for building secure, scalable access models across hybrid and cloud-first environments. The ideal candidate brings deep hands-on expertise across SSE platforms, Microsoft 365/Azure security, identity and access management, and network traffic engineering, with the judgment to troubleshoot complex issues and the communication skills to align technical and business stakeholders.

Requirements

  • Minimum of 11 years' relevant experience.
  • Bachelors' Degree.
  • Experience in regulated environments (FedRAMP, DoD, GCC/GCCH/DoD tenants).
  • Experience in the following are required: Experience in regulated environments (FedRAMP, DoD, GCC/GCCH/DoD tenants)
  • Certifications: Microsoft (AZ-500, SC-300, SC-200), Zscaler (ZCCA, ZCSP), Cloudflare Zero Trust, CISSP, CCSP, CCNP Security.
  • Exposure to: Endpoint posture enforcement (Intune, Defender for Endpoint), Browser isolation technologies, API security and SaaS governance.

Nice To Haves

  • Experience working in Agile or DevOps environments.
  • Strong documentation skills: Architecture diagrams, Runbooks, SOPs.
  • Microsoft Entra ID (Azure AD), including Conditional Access, Identity Protection, and PIM.
  • Microsoft Global Secure Access (GSA) or similar SSE-native integrations.
  • Microsoft Defender Suite (Defender for Cloud Apps, Endpoint, Identity, Office).
  • Experience integrating third-party SSE platforms with M365 workloads: Exchange Online, SharePoint Online, Teams, OneDrive.
  • Understanding of Azure networking constructs: VNets, NSGs, Private Endpoints, Virtual WAN.
  • Familiarity with Azure Firewall, Application Gateway/WAF, and private access models.
  • TCP/IP, DNS, HTTP/S, TLS inspection, proxy architectures.
  • Routing (BGP), NAT, VPN (IPSec/SSL), SD-WAN integrations.
  • Experience with traffic steering methods: PAC files, GRE/IPSec tunnels, agent-based forwarding.
  • Understanding of secure internet breakout and branch connectivity models.
  • Ability to troubleshoot latency, packet loss, and SaaS performance issues in cloud-delivered security pipelines.
  • Zscaler: ZIA/ZPA design, policy implementation, app segmentation.
  • Microsoft Global Secure Access (Entra): Private & Internet Access, Conditional Access integration.
  • Cloudflare One: SWG, Zero Trust Access, WARP client, DNS filtering.
  • Akamai EAA: Secure application publishing, identity integration, traffic optimization.

Responsibilities

  • Design, implement, and operate Secure Service Edge (SSE) and Zero Trust security architecture.
  • Build secure, scalable access models across hybrid and cloud-first environments.
  • Troubleshoot complex issues.
  • Align technical and business stakeholders.
  • Communicate complex concepts to engineers, leadership, and non-technical stakeholders.
  • Collaborate across security, networking, cloud, and endpoint teams.
  • Lead or contribute to architecture decision-making.
  • Design secure hybrid and cloud-first architectures.
  • Evaluate SSE vendors based on performance, security, integration, and cost.
  • Support PoCs and pilot deployments.

Benefits

  • Health insurance
  • Dental insurance
  • Vision insurance
  • Health savings accounts
  • 401(k) savings plan
  • Disability coverage
  • Life insurance
  • Accident insurance
  • Employee assistance program
  • Legal plan
  • Discounts on home, auto, and pet insurance
  • Paid time off
  • Paid holidays
  • Paid parental leave
  • Military leave
  • Bereavement leave
  • Applicable federal and state sick leave
  • Company recognition program
  • Medical benefits (for temporary employees working 20+ hours per week)
  • Business travel accident insurance (for temporary employees working 20+ hours per week)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service