ZERO TRUST (ZT) ENDPOINT & CONNECTED SYSTEMS SME

ZERO TRUST (ZT) ENDPOINT & CONNECTED SYSTEMS SME

POSITION OVERVIEW

The Zero Trust Systems Engineering Technical SME exists to serve as the agency's primary technical advisor for the CISA ZTMM v2.0 Devices pillar. This role advances TSA's ability to enforce ZT principles at the endpoint level by providing senior-level advisory on device posture management, CDM integration, EDR compliance, and health attestation across its enterprise endpoint environment. The expected outcome is a continuously advancing Devices pillar maturity posture, with device inventory integrity assured, device telemetry actively informing access enforcement, and device posture signals integrated into cross-pillar ZT decisions. This is a senior technical advisory role requiring hands-on endpoint engineering experience in a federal environment.

DUTIES & RESPONSIBILITIES

General Duties

• Serve as the primary technical advisor for the CISA ZTMM v2.0 Devices pillar across endpoint security, device posture management, and Continuous Diagnostics and Mitigation integration domains.
• Continuously assess the agency's device inventory and endpoint security posture against CISA ZTMM v2.0 Devices pillar criteria and NIST SP 800-207; proactively identify emerging device risk indicators and deliver real-time advisory recommendations.
• Provide technical advisory guidance on IoT/OT platform strategies (e.g., Microsoft Intune, Jamf), recommending configuration approaches and compliance policy design aligned to ZT principles for agency adoption.
• Evaluate device telemetry integrity and advise on recommended approaches for integrating device posture signals into ZT access enforcement decisions.
• Advise on EDR capabilities, patch compliance strategies, and device health attestation approaches; develop recommended solutions for agency review.
• Provide advisory support for the development and maturation of Devices pillar entries in the Common Control Catalog (CCC), ensuring traceability to NIST SP 800-53 Rev. 5 control families.
• Develop recommended Devices pillar inputs to the ZT Roadmap, IG FISMA maturity reporting, dashboard scoring, and enterprise performance reporting for agency review and approval.
• Collaborate with Identity, Network, Data, and Applications SMEs to ensure device posture approaches integrate coherently into cross-pillar ZT enforcement decisions.
• Review device-related policy documents and technical standards; identify gaps relative to ZT mandates and develop recommended updates for agency concurrence.
• Support all device and endpoint-related ZT data calls, audits, and compliance reporting by providing advisory analysis and recommended responses.
• Prepare and present technical findings, maturity assessments, and advisory recommendations to senior leadership and the CISO.
• Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.

SUBJECT MATTER EXPERTISE

SME Area #1 – Endpoint Security, Device Posture Management & CDM Advisory

• Expert-level mastery of enterprise endpoint security and device posture management including IoT/OT platform architecture, ZT device compliance policy design, device telemetry, EDR deployment strategy, and device health attestation demonstrated through operational implementation experience.
• Authoritative knowledge of CDM program components, particularly device inventory and telemetry, CDM data model, and integration pathways for connecting device posture signals to ZT access enforcement decisions.
• Expert-level proficiency in MDM/UEM platforms such as Microsoft Intune and Jamf at compliance policy design and architecture depth.
• Expert-level knowledge of CISA ZTMM v2.0 Devices pillar criteria, NIST SP 800-207 device trust tenets, OMB M-22-01 EDR requirements, and NIST SP 800-53 Rev. 5 control families.
• Independent decision-making authority on Devices pillar advisory scope, posture assessment methodology, and recommended advancement approach. Bring solutions for concurrence.
• Problem-solving at the intersection of device enforcement and cross-pillar integration. Able to identify how device posture gaps create downstream risk in Identity trust decisions and Network access enforcement.

SME Area #2 – Enterprise Systems Administration & Infrastructure Foundations

• Strong foundational knowledge of enterprise endpoint management and systems administration across Windows, macOS, and Linux environments, including Group Policy, configuration management tools, and enterprise imaging processes.
• Strong foundational knowledge of IoT/OT, including sensors, data processing, connectivity, and legacy systems.
• Hands-on experience with enterprise IT infrastructure including virtualization platforms (VMware, Hyper-V, or equivalent) and their relevance to device posture assessment and ZT workload enforcement.
• Working knowledge of network fundamentals, including DHCP, DNS, 802.1X, and network access control (NAC), and how device connectivity patterns inform ZT enforcement decisions.
• Working knowledge of NIST SP 800-161, Asset Supply Chain Risk Management.
• Foundational understanding of cloud infrastructure (Azure, AWS, or GCP) as it relates to cloud-managed endpoint solutions, device compliance policy enforcement, and hybrid identity integration.
• Supports Devices pillar advisory function by enabling technically credible engagement with agency endpoint engineers, systems administrators, and CDM program personnel.
• Interacts directly with Identity SME on device trust-to-identity integration, Network SME on NAC and 802.1X enforcement, and Applications SME on workload access control based on device compliance status.

QUALIFICATIONS

Minimum Requirements

• A minimum of 10 years of experience in endpoint security, device management, or systems engineering with demonstrated Zero Trust scope.
• Hands-on experience implementing ZT-aligned device posture management using MDM/UEM platforms including Microsoft Intune or Jamf; must extend beyond administration to include ZT compliance policy design.
• Expert knowledge of CDM program components, particularly device telemetry data flows and integration with ZT access enforcement.
• Demonstrated familiarity with NIST SP 800-161, NIST SP 800-207, CISA ZTMM v2.0 Devices pillar criteria, OMB M-22-01, and NIST SP 800-53 Rev. 5 control families.
• Knowledge of EDR platforms, patch management, and device health attestation in federal environments.
• Demonstrated experience developing and implementing Zero Trust device posture solutions operationally, not limited to policy review or framework mapping.
• Experience integrating CDM HWAM data or equivalent device inventory signals into ZT access enforcement decisions.
• Experience supporting ZT-related IG FISMA metrics reporting pertaining to device management and CDM.
• Strong written and oral communication skills; ability to translate complex technical findings into CISO-ready recommendations.
• Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work and surface higher-value technical insights.
• Hands-on experience with supply chain device security and IoT/OT device management in a federal environment.

Preferred Qualifications

• Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of device security experience.
• Prior direct involvement in a ZT Devices pillar implementation or enterprise ZT deployment in a technical design or advisory capacity.
• Microsoft Certified: Endpoint Administrator (MD-102) or equivalent MDM/UEM vendor certification.
• Experience with CDM HWAM data pipeline integration and CDM agency dashboard configuration.

Competencies

• Technical: CISA ZTMM v2.0 Devices pillar, NIST SP 800-207, CDM HWAM, Microsoft Intune, Jamf, EDR platforms, OMB M-22-01, NIST SP 800-53 CM/SI/RA, Windows/macOS/Linux administration, Group Policy, 802.1X, cloud endpoint management, AI-assisted analysis.
• Leadership: Technical advisory leadership for Devices pillar; cross-pillar SME collaboration with Identity, Network, and Applications teams; CISO-facing technical briefing; advisory engagement with agency endpoint engineers and CDM program personnel.
• Behavioral: Proactive continuous device posture monitoring orientation; precision in technical assessment and advisory artifact production; continuous learning toward evolving CDM program capabilities and ZT device enforcement standards.

Education & Certifications

• Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Systems Engineering, Cybersecurity, or a related field.
• Required: Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), or equivalent certification.
• Strongly preferred: Microsoft Certified: Endpoint Administrator (MD-102) or equivalent MDM/UEM vendor certification.
• Strongly preferred: CompTIA Security+ (acceptable as primary only for candidates with 10+ years demonstrated technical depth and active CISSP/CISM pursuit).

Clearance Level

• Active Secret Clearance required.

WORK LOCATION

• Hybrid – Primarily Remote. Occasional onsite work required at the client location in Springfield, VA and Zermount HQ in Arlington, VA.

HOURS OF OPERATION

• Business Hours: 8:00 AM EST – 4:30 PM EST
• Core Hours: 9:00 AM EST – 3:00 PM EST

REPORTING STRUCTURE

• Reports To: ZT SME Team Leader
• Direct Reports: None