Zero Trust Applications and Workload SME

ZERO TRUST APPLICATIONS AND WORKLOADS SME

MILITARY FRIENDLY & PREFERRED - HOH SPONSOr

Zermount Inc. is seeking a Zero Trust (ZT) Applications and Workloads SME to assist in providing security to one of our federal clients. The ZT Applications and Workloads SME will be part of the implementation of ZT principles across the pillars of ZT (identity, device, network, application and workload, and data) to assist the client in meeting the requirements set forth by EO 14028 and OMB M 22-09. The ZT Applications and Workloads SME will be responsible for leading the design, development, and assessment of virtualization and application security solutions in alignment with Zero Trust principles. You will collaborate with cross-functional teams to understand business requirements and translate them into secure and scalable technical solutions. Your expertise in virtualization technologies, application development, cloud security, and Zero Trust principles will be crucial in ensuring the organization's systems and applications are resilient, secure, and compliant.

Duties & Responsibilities:

The ZT Applications and Workloads SME will ensure the Zermount ZT solutions and services secure federal networks and meet the objectives of EO 14028 and other Federal requirements. Additionally, the ZT Applications and Workloads SME will provide support and services to include:

• Lead the design, development, and implementation of applications and workloads solutions aligned with Zero Trust principles.
• Support the architecture and design of innovative solutions and services to secure client networks, and provide leadership with recommendations on the right technologies, solutions, and processes required to meet the objectives of EO 14028 and other Federal requirements.
• Map ZT capabilities, requirements, and existing client capabilities, and new or approved capabilities required for the applications and workloads pillar as outlined by CISA, M-21-31, M-22-01, M-22-09, EO 14028, NIST 800-207, and any future memoranda, EO's, and standards.
• Collaborate with cross-functional teams to understand business requirements and translate them into technical solutions.
• Provide expertise for the secure development of applications, ensuring that security is integrated into the Software Development Lifecycle (SDLC) from the beginning and driving DevSecOps practices.
• Provide expertise for segmenting workloads to isolate them from each other, reducing the attack surface and minimizing the impact of potential breaches.
• Provide expertise for establishing continuous monitoring solutions and capabilities to detect and respond to anomalies and potential security threats within applications and workloads.
• Provide expertise to ensure the secure integration of applications and workloads across various environments (e.g., cloud, on premises, and hybrid).
• Provide expertise in the review, assessment, and solution recommendation for Zero Trust maturity evaluations.
• Stay up to date with emerging technologies and industry trends related to application security, application access controls, application threat protections, and secure application development.
• Provide technical guidance and mentorship to junior team members. 

Qualifications:

• A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR a relevant Bachelor's degree in IT, computer science, or engineering and 7 years of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst.
• Solid experience in virtualization technologies, such as VMware, Hyper-V, or KVM. 
• Strong understanding of Zero Trust principles and their application in virtualization and application development. 
• Knowledge of containerization technologies like Docker and orchestration tools like Kubernetes. 
• Familiarity with cloud platforms and services, such as AWS, Azure, or Google Cloud. 
• Experience implementing security controls and best practices in virtualized environments and application development.
• Ability to troubleshoot and resolve issues in virtualization, cloud, and application deployment. 
• Strong communication and collaboration abilities. 
• Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.
• Knowledge of EO 14028, OMB M 22-09, Federal, DoD, and CISA Zero Trust Architecture, Maturity Model, and Technical Reference Architectures.
• Excellent communication, collaboration, and problem-solving skills.
• Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
• Technical knowledge of complex enterprise IT systems.
• Knowledge and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
• Ability to work independently and as part of a team.
• Ability to navigate complex and politically sensitive client environments with professionalism, patience, and tact.
• Demonstrated ability to effectively engage and manage relationships with highly political clients while maintaining a professional demeanor, exhibiting patience, and navigating sensitive situations with tact.

Zero Trust Specific Qualifications: System Maturity Model

• Application Access
  • Demonstrated experience in automating application access decisions with enhanced contextual information and enforced expiration conditions to ensure adherence to the principle of least privilege.
  • Proven track record in automating application access decisions with expanded contextual information and enforced expiration conditions to adhere to the principle of least privilege.
  • Strong background in establishing an environment that continuously authorizes application access, incorporating real-time risk analytics and considering factors such as behavior or usage patterns.
• Application Threat Protections:
  • Extensive experience in implementing advanced threat protections into all application workflows, providing real-time visibility and monitoring.
• Accessible Applications:
  • Successful track record in delivering all relevant applications over open public networks to authorized users and devices, ensuring accessibility as needed.
  • Secure Application Development and Deployment Workflow:
  • Proficient in utilizing immutable workloads wherever feasible, allowing changes to be effective only through redeployment, and eliminating administrator access to deployment environments by leveraging automated processes for code deployment.
• Application Security Testing:
  • Expertise in integrating application security testing throughout the software development lifecycle across the entire enterprise, including routine automated testing of deployed applications.

Education:

• Minimum of a Bachelor's Degree in one of the following: Information Technology (IT), computer science, management, business administration, or a related field.
  • Relevant years of experience may be used in substitution for situations where the candidate does not have a Bachelor's degree in the required field.

Certifications:

• At least one of the following security certifications:
  • Certified Authorization Professional (CAP);
  • Certified Information Systems Security Officer (CISSO);
  • Certified Information Security Manager (CISM); or
  • Certified Information Systems Security Professional (CISSP).
• Relevant certifications in virtualization technologies (e.g., VMware Certified Professional), application development (e.g., AWS Certified Developer, Microsoft Certified: Azure Developer Associate), and secure software development (e.g., (ISC)2 Certified Secure Software Lifecycle Professional) are a plus.

Clearance level:

• Minimum of an active Secret Clearance.

Work Location:

• Remote