Zero Trust Security Analyst

Overview BRMi is seeking a Zero Trust Security Analyst. The Zero Trust Security Analyst is responsible for analyzing existing network, identity, and access configurations to determine what can be reused, refined, or must be newly created to support Zero Trust security policies. This role focuses on investigation, discovery, and design input, not rule implementation. The analyst works closely with Zero Trust Engineers, application owners, IAM teams, and firewall/security teams to ensure Zero Trust policies are grounded in accurate understanding of the current environment and avoid unnecessary duplication or overly permissive controls.

Benefits:

• Comprehensive Medical, Dental, and Vision Insurance
• Employer-Paid Life Insurance
• Employer-Paid Short-Term and Long-Term Disability Insurance
• 401(k)
• Paid Time Off (PTO) that includes Vacation Leave, Sick Leave, and 11 Paid Holidays

Educational Assistance Salary:

85k-100k Hybrid in Pensacola, VA three days a week. Click here to learn about BRMi's culture. Click here to see BRMi's Glassdoor reviews Responsibilities Discovery & Analysis Analyze existing network security rules, firewall policies, address groups, and user/group-based access controls to determine Zero Trust applicability and reuse. Review current identity sources (AD, Entra

ID, IGA, RBAC

structures) to identify reusable groupings or role models for Zero Trust enforcement. Assess application access patterns (web, console, database, API, internal services) to understand required network paths and trust boundaries. Identify gaps, overlaps, and overly permissive rules that must be remediated to align with Zero Trust principles. Zero Trust Readiness Assessment Determine whether existing firewall rules, user groups, and address objects can be leveraged or must be redesigned for Zero Trust enforcement. Document required net new security objects, including user groups, address groups, application definitions, and metadata dependencies. Support application onboarding by validating that proposed Zero Trust rules meet least privilege access requirements. Documentation & Handoff Produce clear analysis artifacts that define: What exists today What can be reused What must be created new Provide structured inputs to Zero Trust Engineers for rule implementation and firewall request packages. Maintain traceability between application identifiers, security objects, and Zero Trust policies for audit and compliance purposes. Perform other duties as assigned Qualifications Strong understanding of network security fundamentals (firewalls, zones, L4/L7 rules). Experience analyzing enterprise firewall rule-bases (Palo Alto or similar). Familiarity with identity-based access controls (AD groups, Entra ID groups, RBAC). Ability to read and interpret complex security configurations and translate them into actionable requirements. Experience documenting security findings in a clear, structured manner. Experience with Zero Trust Network Access (ZTNA) or user-based firewall policies. Exposure to IAM, IGA, or identity governance tooling. Familiarity with CMDB, application identifiers, and service onboarding workflows. Prior experience supporting audits or security assessments. Success Looks Like Minimal re work due to accurate upfront analysis. Clear reuse of existing controls where appropriate. Well defined, least privilege Zero Trust requirements handed to engineering teams.

• BRMi will not sponsor applicants for work visas for this position.
• This is a W2 opportunity only
• EOE/Minorities/Females/Vet/Disabled We are an equal opportunity employer that values diversity and commitment at all levels.

All individuals, regardless of personal characteristics, are encouraged to apply. Employment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. The decisions and criteria governing the employment relationship with all employees are made in a nondiscriminatory manner, without regard to race, religion, color, national origin, sex, age, marital status, physical or mental disability, medical condition, veteran status, or any other factor determined to be unlawful by federal, state, or local statutes.