Job DescriptionJob DescriptionBenefits:
401(k)Dental insuranceHealth insurancePaid time offTraining & developmentVision insurance
POSITION SUMMARY
Celestial Innovations Group (CIG) is seeking a Mid Zero Trust Engineer to support federal agency clients in the design, implementation, and sustainment of Zero Trust Architecture (ZTA) programs. This role is framework-agnostic and vendor-informed: the ideal candidate understands that Zero Trust is a security philosophy and architectural strategy, not a single product or platform. The engineer will apply that expertise across one or more leading vendor ecosystems to deliver compliant, mission-ready ZTA solutions aligned with federal mandates including EO 14028, OMB M-22-09, NIST SP 800-207, and the CISA Zero Trust Maturity Model.
Must be located in the DC Metro Area as this role requires onsite and remote support.
KEY RESPONSIBILITIES
Architecture and Strategy
Lead Zero Trust Architecture assessments, gap analyses, and roadmap development for federal clientsDesign and document ZTA solutions spanning all five pillars: Identity, Device, Network, Application/Workload, and DataTranslate federal ZTA mandates (EO 14028, OMB M-22-09, CISA ZT Maturity Model) into actionable implementation plansDevelop architecture artifacts including conceptual, logical, and physical ZTA diagrams using DODAF, TOGAF, or equivalent frameworksSupport integration of ZTA principles into existing enterprise architectures, hybrid cloud environments, and multi-tenant federal networksImplementation and Engineering
Deploy and configure Zero Trust solutions across one or more vendor platforms (see Vendor Ecosystem section below)Implement Identity and Access Management controls including CAC/PIV authentication, MFA, role-based access control (RBAC), and Just-in-Time (JIT) Privileged Access ManagementConfigure microsegmentation, Zero Trust Network Access (ZTNA), software-defined perimeters, and DNS security controlsDeploy Endpoint Detection and Response (EDR) tooling and enforce device compliance policies at enterprise scaleIntegrate data protection controls including classification, labeling, DLP, and encryption aligned to ZTA data pillar requirementsCompliance and Authorization
Align ZTA implementations with NIST SP 800-53 Rev 5, NIST SP 800-207, DISA STIGs, and DHS CDM program requirementsSupport the Risk Management Framework (RMF) lifecycle, including SSP authoring, continuous monitoring, and ATO maintenanceDocument ZTA controls for system security packages, POA&Ms, and security assessment reportsClient Engagement and Collaboration
Serve as a trusted ZTA advisor to federal agency stakeholders, program managers, and ISSO/ISSM counterpartsProduce executive-level briefings, technical white papers, and implementation status reportsCollaborate cross-functionally with cloud, networking, data analytics, and infrastructure teams to ensure cohesive ZTA integration
VENDOR ECOSYSTEM EXPERIENCE
CIG's ZTA practice is solution-agnostic at the architectural level. Engineers are expected to bring deep expertise in at least one of the following vendor platforms, with cross-platform fluency strongly preferred:
Vendor / Framework & Relevant Capabilities
Palo Alto Networks (Prisma): Prisma Access (ZTNA 2.0), Prisma Cloud, Cortex XDR/XSIAM, NGFW policy, SD-WAN integration, threat prevention across all ZTA pillars
Zscaler: Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital Experience (ZDX), cloud proxy architecture, VPN replacement, SSL inspection
Microsoft Zero Trust: Microsoft Entra ID (Azure AD), Conditional Access, Intune/MEM, Microsoft Defender suite, Sentinel SIEM/SOAR, Purview data governance, M365 compliance center
CISA ZT Maturity Model: Five-pillar maturity assessment (Traditional, Initial, Advanced, Optimal), cross-cutting capability mapping, agency self-assessment support, roadmap alignment to federal reporting requirements
REQUIRED QUALIFICATIONS
Experience
5+ years of experience in cybersecurity engineering, network security, or IT infrastructure roles2+ years of hands-on experience designing or implementing Zero Trust Architecture in an enterprise or federal environmentDemonstrated understanding of ZTA concepts across all five pillars per NIST SP 800-207 and the CISA Zero Trust Maturity ModelExperience supporting federal government clients or DoD/civilian agency environments
Technical Skills
Proficiency in at least one of the following: Palo Alto Prisma, Zscaler, or Microsoft Zero Trust stackIdentity and access management: Entra ID, Active Directory, LDAP, PKI, MFA, PAM toolingNetwork security: microsegmentation, ZTNA, DNS security, SD-WAN, next-generation firewall policyEndpoint security: EDR/XDR deployment and management, device compliance policy enforcementCloud environments: Azure, AWS, or hybrid cloud architectures with ZTA overlayFamiliarity with SIEM/SOAR platforms (Microsoft Sentinel, SumoLogic, Google SecOps, or equivalent)
PREFERRED QUALIFICATIONS
Active certifications in one or more ZTA vendor platforms: PCCSE, PCNSE, Zscaler ZCCA-IA or ZCCA-PA, Microsoft SC-100 (Cybersecurity Architect Expert)Additional certifications: CISSP, CISM, CompTIA Security+, Cloud+ or relevant AWS/Azure security certificationsFamiliarity with RMF processes: NIST SP 800-37, SSP authoring, ATO package preparationExperience with ServiceNow, Salesforce, or IT service management tooling in a federal contextMulti-vendor ZTA integration experience (e.g., combining Palo Alto and Zscaler capabilities within a single architecture)Familiarity with post-quantum cryptography standards (FIPS 203/204/205) and their ZTA implications
Flexible work from home options available.
Read Less
