Zero Trust Architect SME

About The Position

Requirements

• Active Top Secret clearance (SCI eligibility strongly preferred).
• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field (Master’s preferred).
• 15+ years of progressive cybersecurity experience.
• Demonstrated experience implementing Zero Trust principles in DoD or federal environments.
• Deep expertise in:
• Identity and Access Management (IAM)
• Micro-segmentation technologies
• Endpoint security (EDR/XDR)
• Secure network architecture
• Cloud security architecture
• Strong understanding of:
• DoD Zero Trust Strategy and Target Level framework
• RMF and ATO processes
• Cross-domain solutions
• Classified network environments (e.g., SIPR/JWICS)

Nice To Haves

• CISSP
• CISM or CRISC
• Certified Zero Trust Professional (CZTP) or equivalent
• CCSP (Cloud Security)
• CASP+
• Experience supporting Pacific or INDOPACOM-based missions.
• Experience transitioning legacy perimeter-based architectures to Zero Trust models.
• Experience integrating Zero Trust into operational/tactical environments.
• Familiarity with automation and policy-as-code security enforcement.

Responsibilities

• Design and implement Zero Trust architectures aligned with DoD Zero Trust Strategy and Reference Architecture.
• Develop phased implementation roadmaps for Zero Trust maturity progression.
• Architect identity, device, network, application, and data protections across multi-domain environments.
• Ensure alignment with enterprise cybersecurity, cloud, and network modernization initiatives.
• Identity & Access Management (IAM) Architect and integrate identity-driven security controls including:
• Multi-factor authentication (MFA)
• Privileged Access Management (PAM)
• Identity governance and lifecycle management
• Conditional access policies
• Lead implementation of least privilege and continuous verification principles.
• Network & Micro-Segmentation Design micro-segmentation and software-defined perimeter solutions.
• Integrate Zero Trust principles into enterprise routing, switching, SD-WAN, and remote access solutions.
• Support secure access for hybrid and tactical environments.
• Data Protection & Endpoint Security Architect data-centric security controls including:
• Data classification and labeling
• Data Loss Prevention (DLP)
• Encryption in transit and at rest
• Integrate endpoint detection and response (EDR/XDR) into Zero Trust framework.
• Ensure device compliance enforcement prior to resource access.
• Cloud & Hybrid Integration Apply Zero Trust principles to hybrid cloud environments (e.g., AWS GovCloud, Azure Government).
• Secure containerized and virtualized workloads.
• Integrate Zero Trust controls into DevSecOps pipelines.
• Governance, Compliance & Risk Management Ensure compliance with:
• DoD Zero Trust guidance
• Risk Management Framework (RMF)
• DISA STIG requirements
• Support ATO activities and cybersecurity inspections.
• Develop policy documentation and implementation standards.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.