Senior Zero Trust Engineer

Everforth ECS is seeking a Senior Zero Trust Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax.

Please Note:

This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

• The Senior Zero Trust Engineer serves as the technical authority for Zero Trust Architecture (ZTA) design and implementation across the WDP enterprise, leading the enforcement of identity-centric access controls, network micro-segmentation, and continuous verification capabilities across NIPRNet, SIPRNet, and JWICS environments in alignment with the DoW Zero Trust Strategy and Reference Architecture.

In this role, the engineer drives measurable reductions in attack surface and lateral movement risk while embedding Zero Trust principles across DevSecOps pipelines, cloud-native platforms, and multi-enclave mission systems.

• Designs and leads implementation of enterprise Zero Trust security architectures supporting Department of War mission systems across unclassified and classified networks.
• Defines identity-centric access models integrating Active Directory, ICAM services, privileged access management platforms, certificate-based authentication, and continuous authorization workflows.
• Architects network micro-segmentation strategies using next-generation firewalls, software-defined perimeter technologies, Kubernetes network policies, and cloud-native security controls to eliminate implicit trust and restrict lateral movement.
• Directs encryption-in-transit and encrypted traffic inspection capabilities using secure gateways, TLS inspection, and data protection tooling to safeguard mission data flows.
• Guides integration of Zero Trust controls into DevSecOps pipelines, infrastructure platforms, and mission applications in coordination with cybersecurity engineering, system operations, and application teams.
• Oversees Zero Trust capability alignment with the DoW Zero Trust Strategy, DoW Zero Trust Reference Architecture, and NIST SP 800-207, ensuring all seven pillars of Zero Trust are addressed across User/ICAM, Device/Endpoint, and Visibility/Analytics domains.
• Produces authoritative architecture diagrams, technical standards, implementation roadmaps, and executive briefings stored within controlled repositories such as SharePoint.
• Supports audit, assessment, and authorization activities through defensible technical evidence and traceability.
• Delivers measurable improvements in access enforcement, attack surface reduction, and cyber resilience while advancing program values of mission assurance, defense-in-depth, and operational superiority.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance.
• 10 or more years of progressive experience in cybersecurity engineering, with demonstrated specialization in Zero Trust Architecture design and implementation across enterprise-scale federal or defense programs.
• Active DoW/DoD IAM Level I baseline certification, satisfied by one of the following: CompTIA Security+ CE, ISC²

CAP, ISC

² SSCP, or

GIAC GSLC.

• Demonstrated experience designing and implementing Zero Trust capabilities aligned to the DoW Zero Trust Reference Architecture (v2), the DoW Zero Trust Strategy, and NIST SP 800-207, including coverage across all seven Zero Trust pillars.
• Hands-on experience implementing Identity, Credential, and Access Management (ICAM) solutions, including Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), Privileged Access Management (PAM), multi-factor authentication (MFA), PKI, and Identity Provider (IdP) federation.
• Demonstrated experience architecting network micro-segmentation strategies, including Software-Defined Networking (SDN), Kubernetes network policies, and next-generation firewall configurations to reduce lateral movement risk across multi-enclave environments.
• Experience integrating Zero Trust controls into DevSecOps delivery pipelines, cloud-native infrastructure platforms, and containerized application environments operating across NIPRNet, SIPRNet, and JWICS.
• Familiarity with Risk Management Framework (RMF) authorization activities, including the development of cybersecurity artifacts, security control assessments, and authorization package support in compliance with

NIST SP 800-53.

• Experience producing and maintaining technical architecture documentation, Zero Trust implementation roadmaps, and executive-level briefings stored in program-controlled repositories.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).