Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

ZERO TRUST (ZT) NETWORK ARCHITECTURE SME

Zermount, Inc.

ZERO TRUST (ZT) NETWORK ARCHITECTURE SME

POSITION OVERVIEW

The Zero Trust Network Architecture Technical SME exists to serve as the agency's primary technical advisor for the CISA ZTMM v2.0 Networks pillar. This role advances TSA's network segmentation posture, TIC 3.0 compliance, and ZTNA adoption by providing senior-level advisory on network architecture design, micro‑segmentation strategy, and software‑defined networking (SDN) capabilities. The expected outcome is a continuously advancing Networks pillar maturity posture with network macro‑ and micro‑segmentation maturing, ZTNA architecture advisory driving enforcement design, and lateral movement risk proactively identified and addressed. This is a senior technical advisory role requiring hands‑on network architecture and ZTNA design experience in a federal environment.

DUTIES & RESPONSIBILITIES

General Duties Serve as the primary technical advisor for the CISA ZTMM v2.0 Networks pillar across network security architecture, segmentation, and ZTNA domains. Continuously assess the agency's network architecture against CISA ZTMM v2.0 Networks pillar criteria and NIST SP 800‑207; proactively identify emerging network risk indicators, including lateral movement exposure, traffic encryption and visibility deficiencies, and TIC 3.0 compliance drift, and deliver real‑time advisory recommendations. Provide technical advisory guidance on ZTNA architecture design options, micro‑segmentation strategies, and SDN approaches, recommending solutions and implementation pathways for agency decision‑making. Evaluate ZTNA platform capabilities (e.g., Zscaler, Palo Alto Prisma) and develop configuration and deployment recommendations aligned to federal ZT requirements for agency adoption. Advise TIC 3.0 compliance strategies, cloud network access patterns, and secure remote access approaches in a hybrid federal environment; develop recommended solutions for agency review. Assess network access control mechanisms, lateral movement risk, and east‑west traffic enforcement against ZT principles; develop findings and recommended remediation approaches for agency concurrence. Provide advisory support for the development and maturation of Networks pillar entries in the Common Control Catalog (CCC), ensuring traceability to NIST SP 800‑53 Rev. 5 control families. Develop recommended Networks pillar inputs to the ZT Roadmap, IG FISMA maturity reporting, and enterprise performance reporting for agency review and approval. Collaborate with Identity, Device, Data, and Applications SMEs to ensure network enforcement approaches integrate coherently across all ZTMM pillars. Review network‑related policy documents and technical standards; identify gaps relative to ZT mandates and develop recommended updates for agency concurrence. Support all network‑related ZT data calls, audits, and compliance reporting by providing advisory analysis and recommended responses. Prepare and present network architecture findings, maturity assessments, and advisory recommendations to senior leadership and the CISO. Leverage AI‑assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher‑value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.

SUBJECT MATTER EXPERTISE

SME Area #1 – Network Security Architecture, ZTNA & Micro‑Segmentation Advisory Expert‑level mastery of network security architecture including ZTNA design, micro‑segmentation strategy, and software‑defined networking demonstrated through production deployment or senior advisory engagement. Authoritative knowledge of CISA ZTMM v2.0 Networks pillar criteria, NIST SP 800‑207 network access tenets, TIC 3.0 use cases and security capabilities, and NIST SP 800‑53 Rev. 5 control families. Expert‑level proficiency with ZTNA platforms such as Zscaler and/or Palo Alto Prisma at architecture design, configuration, and deployment depth for federal environments. Expert‑level capability in network segmentation design including macro‑segmentation, micro‑segmentation, lateral movement risk assessment, and east‑west traffic enforcement strategy. Independent decision‑making authority on Networks pillar advisory scope, architecture assessment methodology, and recommended ZTNA and segmentation approach. Bring solutions for concurrence. Problem‑solving at the intersection of network enforcement and cross‑pillar ZT integration. Able to identify how network segmentation deficiencies create risk in Identity enforcement decisions and Applications access control. SME Area #2 – Enterprise Network Infrastructure & Cloud Networking Foundations Deep foundational expertise in enterprise network architecture including routing and switching (BGP, OSPF, VLAN design), firewall policy management, VPN technologies, and load balancing at architecture or senior engineering level. Hands‑on experience with enterprise network infrastructure platforms (Cisco, Palo Alto Networks, Fortinet, or equivalent) including firewall rule design, segmentation architecture, and traffic inspection configuration. Strong working knowledge of cloud networking constructs, including VPC/VNet design, cloud‑native security groups, transit gateways, and cloud‑based SD‑WAN, Infrastructure‑as‑Code (IaC), and hybrid connectivity patterns relevant to ZT network enforcement. Foundational understanding of database network access patterns, systems administration network dependencies, and application‑layer traffic flows as they relate to segmentation design and ZT enforcement policy. Supports Network pillar advisory by enabling technically credible engagement with agency network engineers, firewall administrators, and cloud infrastructure teams. Interacts directly with other Zero Trust SMEs.

QUALIFICATIONS

Minimum Requirements A minimum of 10 years of experience in network security architecture, ZTNA design, or enterprise network engineering with demonstrated Zero Trust scope. Demonstrated hands‑on experience designing or implementing ZTNA architectures in federal or large enterprise environments, reflecting operational design and deployment, not vendor evaluation or documentation. Hands‑on experience with ZTNA platforms (e.g., Zscaler, Palo Alto Prisma, Cisco) including architecture design, configuration, and deployment. Expert knowledge of NIST SP 800‑207, CISA ZTMM v2.0 Networks pillar criteria, and TIC 3.0 requirements. Experience with micro‑segmentation design, SDN, and lateral movement risk assessment in a ZT context. Ability to assess network security controls against NIST SP 800‑53 Rev. 5 control families. Demonstrated experience designing and implementing Zero Trust network architectures operationally, not limited to assessments or gap analyses. Experience supporting ZT‑related IG FISMA metrics reporting pertaining to network security and TIC 3.0. Strong written and oral communication skills; ability to translate complex network architecture concepts into CISO‑ready findings. Demonstrated familiarity with AI‑assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work and surface higher‑value technical insights. Preferred Qualifications Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of network architecture experience. Prior direct involvement in a ZT Networks pillar implementation or enterprise ZTNA deployment in a technical architecture or advisory capacity. ZTNA vendor certification: Zscaler Zero Trust Certified Associate (ZTCA) or Palo Alto Networks PCNSE. Experience with encrypted traffic management (SSL/TLS inspection) and east‑west traffic visibility in a ZT network environment. Experience with cloud‑native networking security (Azure Virtual WAN, AWS Transit Gateway, GCP Cloud Armor, or Infrastructure‑as‑Code) in a federal hybrid environment. Competencies Technical: CISA ZTMM v2.0 Networks pillar, NIST SP 800‑207, TIC 3.0, Zscaler, Palo Alto Prisma, Cisco, ZTNA architecture, micro‑segmentation, BGP/OSPF/VLAN, VPN, firewall policy design, cloud networking (VPC/VNet), NIST SP 800‑53, AI‑assisted analysis. Leadership: Technical advisory leadership for Networks pillar; cross‑pillar SME coordination with Identity, Devices, and Applications teams; CISO‑facing network architecture briefing; engagement with agency network engineers and cloud infrastructure teams. Behavioral: Proactive continuous network posture monitoring; precision in architecture assessment and segmentation advisory; continuous learning toward evolving ZTNA platform capabilities, TIC 3.0 updates, and federal network security guidance. Education & Certifications Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Network Engineering, Cybersecurity, or related field. Required: Certified Information Systems Security Professional (CISSP) or Cisco Certified Network Professional Security (CCNP Security), or equivalent certification. Strongly preferred: Certified Information Security Manager (CISM) or equivalent senior security management certification. Strongly preferred: ZTNA vendor certification. Zscaler ZTCA, Palo Alto Networks PCNSE, or equivalent. Clearance Level Active Secret Clearance required.

WORK LOCATION

Hybrid – Primarily Remote. Occasional onsite work required at the client location in Springfield, VA and Zermount HQ in Arlington, VA.

HOURS OF OPERATION

Business Hours: 8:00 AM EST – 4:30 PM EST Core Hours: 9:00 AM EST – 3:00 PM EST

REPORTING STRUCTURE

Reports To: ZT SME Team Leader Direct Reports: None #J-18808-Ljbffr Zermount, Inc.

Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the ZERO TRUST (ZT) NETWORK ARCHITECTURE SME in Arlington, VA vacancy
  • Zermount, Inc. is seeking a Zero Trust Network Architecture SME in Arlington, VA. This senior advisory role focuses on enhancing the agency's network architecture and ZTNA implementation, requiring extensive experience in network security and compliance with federal standards... 
    Network
    Remote work

    Zermount, Inc.

    Arlington, VA
    14 hours ago
  •  ...Description Job Description ZERO TRUST (ZT) DATA SUBJECT MATTER EXPERT...  ...Matter Expert (ZT Data SME) exists to provide senior-level...  ...alignment with Zero Trust Architecture (ZTA) principles. This role...  ...integration across Identity, Devices, Networks, and Applications &... 
    Network
    Casual work
    Remote work

    Zermount, Inc

    Arlington, VA
    26 days ago
  • ZERO TRUST (ZT) PROCESS RE-ENGINEERING SME POSITION OVERVIEW The Zero Trust Process Re-Engineering SME exists to...  ...v2.0 pillars: Identity, Devices, Networks, Applications & Workloads, and Data...  .... SME Area #2 - Enterprise IT Architecture & Technical Domain Fluency Foundational... 
    Network
    Casual work
    Remote work

    Zermount, Inc.

    Arlington, VA
    14 hours ago
  • ZERO TRUST (ZT) ENDPOINT & CONNECTED SYSTEMS SME POSITION OVERVIEW The Zero Trust Systems Engineering Technical SME...  ...approval. Collaborate with Identity, Network, Data, and Applications SMEs to...  ...including IoT/OT platform architecture, ZT device compliance policy design... 
    Network
    Casual work
    Remote work

    Zermount, Inc.

    Arlington, VA
    14 hours ago
  •  ...firm is seeking a Cybersecurity Architect & Engineer SME to develop secure enterprise architectures and ensure compliance with federal cybersecurity initiatives...  .... Candidates must have extensive experience in network and cloud security, as well as relevant... 
    Network
    Remote work

    Zermount, Inc.

    Arlington, VA
    2 days ago
  • iGov is seeking a highly skilled Senior Network Engineer to enhance the security and resilience of their enterprise Cisco network. The...  ...strong experience in network engineering and adherence to Zero Trust principles. Candidates must possess valid network certifications... 
    Network

    iGov

    Washington DC
    1 day ago
  • $116.9k - $243.1k

    Job Description The Zero Trust Architect is responsible for ensuring the security and integrity...  ...measures to protect data, systems, and networks from threats. This role leads the design and deployment of Zero Trust Architecture (ZTA), ensuring verification of every access... 
    Network
    Work experience placement
    Local area

    Accenture Federal Services

    Arlington, VA
    14 hours ago
  • J5cyberconsulting seeks a Network Engineer to support strategic leadership initiatives. This role requires evaluating zero trust architecture and advising on cybersecurity policies within the Washington Metropolitan Area. Qualified candidates must be US citizens and hold... 
    Network

    J5cyberconsulting

    Washington DC
    1 day ago
  • $77.6k - $176k

    Zero Trust Architect Job Number: R0234025 The Opportunity: Everyone...  ...needs to be "baked in" to system architecture, but you know how to bake it...  ...Engineer with Zero Trust (ZT) experience who can create solutions...  ...information systems and networks. You’ll coordinate with a... 
    Network
    Local area

    Phase2 Technology

    Mc Lean, VA
    2 days ago
  • Zero Trust Lead - Washington, DC and NYC The Zero Trust Lead will support the advancement of DFC’s Zero Trust architecture through design, implementation support, and continuous improvement....  ...Support integration between identity, network, and security platforms. Identify... 
    Network
    Remote work

    Dfuse Technologies

    Washington DC
    4 days ago
  • Phase2 Technology is seeking a Zero Trust Engineer to lead the design and implementation of security architecture based on Zero Trust principles. This role involves guiding...  ..., maintaining a commitment to safeguarding critical networks. #J-18808-Ljbffr Phase2 Technology
    Network
    Remote job

    Phase2 Technology

    Alexandria, VA
    14 hours ago
  •  ...Description Job Description Zero Trust Engineer (Senior) Falls...  ...implementation of Zero Trust security architectures aligned with DoD Zero Trust...  ...-less security. Design network micro-segmentation strategies...  ...Zero Trust principles, DoD ZT Reference Architecture, IAM/... 
    Network
    Full time
    Contract work
    Work at office
    Remote work

    ZTI Solutions, LLC

    Falls Church, VA
    a month ago
  •  ...Management is seeking a mission‑driven Senior Zero Trust Cloud Security Architect to lead the...  ...of Zero Trust and cloud‑security architectures across Department of War (DOW) classified...  ...cloud security controls, IAM, encryption, network segmentation, and secure DevSecOps... 
    Network
    For contractors
    Local area
    Remote work

    NANA Regional Corporation

    Alexandria, VA
    4 days ago
  •  ...better‑informed decisions using trusted data at scale. Leidos Digital...  ...is seeking an experienced SME Zero Trust Cyber Security Analyst...  ...implement, and enhance Zero Trust architecture capabilities aligned to DoD...  ...across identity, device, network, application, and data layers... 
    Network

    Fairygodboss

    Alexandria, VA
    2 days ago
  •  ...Description Job Description ZERO TRUST PROJECT LEAD POSITION...  ...seeking a Zero Trust (ZT) Technical Project Lead...  ...ZT (identity, device, network, application and...  ...and control. Provide SME support and technical guidance...  ..., and CISA Zero Trust Architecture, Maturity Model, and... 
    Network
    For contractors
    Work experience placement
    Remote work

    Hiring Our Heroes

    Arlington, VA
    13 days ago
  •  ...Cybersecurity Architect & Engineer SME who can create government...  ...technical expertise, architectural recommendations, and engineering...  ...pipelines, and operationalizing zero trust and cATO capabilities. You will...  ...(preferred 10 years) of network, systems, applications experience... 
    Network
    Remote work

    Zermount, Inc.

    Arlington, VA
    2 days ago
  • Millennium Corporation is seeking a Lead Network Engineer in Arlington, VA, to oversee the architecture and integrity of enterprise network infrastructure. This senior role requires active TS/SCI clearance and at least 10 years of experience in network engineering. You... 
    Network

    Millennium Corp

    Arlington, VA
    14 hours ago
  • Omm IT Solutions is looking for an experienced Network Engineer to support the enterprise network infrastructure in Washington, D.C....  ...federal security standards. The role focuses on implementing Zero Trust principles while ensuring that all network devices are secure... 
    Network
    Full time

    Omm IT Solutions

    Washington DC
    14 hours ago
  • Edgewater Federal Solutions, Inc. is seeking a Senior Network Engineer to provide advanced support for its Cisco network environment. The role involves designing secure architectures that enforce Zero Trust principles and maintaining compliance with federal security standards... 
    Network

    Edgewater Federal Solutions

    Washington DC
    14 hours ago
  • Edgewaterit is looking for a Senior Network Engineer in Washington, DC. This role requires advanced engineering and operational...  ...resilience. Responsibilities include designing secure architectures based on Zero Trust principles and managing network devices to meet federal... 
    Network

    Edgewater IT LLC Defunct

    Washington DC
    14 hours ago
  • IT Resources is seeking a Network Engineer in Washington, DC to focus on building robust, secure network infrastructure using Zero Trust principles and NIST standards. This full-time hybrid role requires strong Cisco networking expertise and the ability to manage security... 
    Network
    Full time

    IT Resources

    Washington DC
    14 hours ago
  • Nationwide IT Services is looking for a Senior Network Engineer in Washington, DC, to provide engineering and operational support for...  ...expertise in network security, incident-response, and Zero Trust principles, along with 8+ years of experience in network engineering... 
    Network

    Nationwide-IT-Services

    Washington DC
    10 days ago
  • Qode is seeking a Network Engineer in Washington, DC, for a hybrid role. The ideal candidate will possess 8+ years of IT/networking...  ...environment. This position requires implementing NIST standards and Zero Trust principles as well as managing network security. The role... 
    Network
    Remote work

    Qode

    Washington DC
    14 hours ago
  • Nationwide IT Services is seeking a Senior Network Engineer to support the Congressional Budget Office’s Cisco-based network. This role...  ...and optimizing network infrastructure while leading Zero Trust initiatives. The ideal candidate will have over 8 years of network... 
    Network
    Remote job
    Work at office

    Nationwide IT Services

    Washington DC
    3 days ago
  • $99k - $225k

    Zero Trust Architect We are seeking a Zero Trust Architect to support the Joint Program Office (JPO) and Data Operations Team. In this...  .... Responsibilities Design and implement Zero Trust security architectures aligned with operational objectives. Collaborate with stakeholders... 
    Work at office
    Local area

    Booz Allen Hamilton

    Arlington, VA
    2 days ago
  •  ...Metro. Clearance Requirement: Public Trust Tier 2 will be required after...  ...Summary: We are seeking an experienced Network Engineer to serve as Key Personnel supporting...  ..., and maintain secure network architectures that enforce Zero Trust principles. You will be responsible... 
    Network
    Permanent employment
    Full time

    Omm IT Solutions

    Washington DC
    14 hours ago
  • $99k - $225k

    Job Number: R0241661 Zero Trust Architect The Opportunity Serve as a Zero Trust Architect supporting the Joint Program Office (JPO)...  ...environments. Collaborate with stakeholders to align cybersecurity architecture with operational objectives, ensuring secure access to data,... 
    Full time
    Contract work
    Part time
    Work at office
    Local area
    Remote work

    Phase2 Technology

    Arlington, VA
    2 days ago
  • $131.3k - $237.35k

     ...better‑informed decisions using trusted data at scale. Leidos Digital...  ...is seeking an experienced SME Cybersecurity Architect to support...  ...selected technologies and architectures are resilient to modern cyber...  ...with cloud environments, network, data storage, logging, and auditing... 
    Network

    Fairygodboss

    Alexandria, VA
    3 days ago
  • $112.8k - $257k

     ...engineering program. The role entails leading platform modernization efforts and ensuring architectural discipline across security platforms. Candidates should possess extensive experience in network security, cloud security, and technical leadership. An active TS/SCI clearance... 
    Network

    Phase2 Technology

    Washington DC
    1 day ago
  • GovCIO is hiring a Systems Engineer for Zero Trust integration with the US Air Force at Joint Base Anacostia-Bolling. This full-time, on-site position involves designing Zero Trust architectures and integrating identity services with various systems. The role demands a... 
    Full time
    Flexible hours

    GovCIO

    Washington DC
    14 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to ZERO TRUST (ZT) NETWORK ARCHITECTURE SME. Be the first to apply!