Zero Trust Engineer (Mid-Level) — Federal, Remote-Eligible

Job Description

Company: CELESTIAL INNOVATIONS GROUP LLC

Location: Washington, US

Benefits:

401(k)

Dental insurance

Health insurance

Paid time off

Training & development

Vision insurance

POSITION SUMMARY

Celestial Innovations Group (CIG) is seeking a Mid Zero Trust Engineer to support federal agency clients in the design, implementation, and sustainment of Zero Trust Architecture (ZTA) programs. This role is framework-agnostic and vendor-informed: the ideal candidate understands that Zero Trust is a security philosophy and architectural strategy, not a single product or platform. The engineer will apply that expertise across one or more leading vendor ecosystems to deliver compliant, mission-ready ZTA solutions aligned with federal mandates including EO 14028, OMB M-22-09, NIST SP 800-207, and the CISA Zero Trust Maturity Model.

KEY RESPONSIBILITIES Architecture and Strategy

Lead Zero Trust Architecture assessments, gap analyses, and roadmap development for federal clients

Design and document ZTA solutions spanning all five pillars: Identity, Device, Network, Application/Workload, and Data

Translate federal ZTA mandates (EO 14028, OMB M-22-09, CISA ZT Maturity Model) into actionable implementation plans

Develop architecture artifacts including conceptual, logical, and physical ZTA diagrams using DODAF, TOGAF, or equivalent frameworks

Support integration of ZTA principles into existing enterprise architectures, hybrid cloud environments, and multi-tenant federal networks

Implementation and Engineering

Deploy and configure Zero Trust solutions across one or more vendor platforms (see Vendor Ecosystem section below)

Implement Identity and Access Management controls including CAC/PIV authentication, MFA, role-based access control (RBAC), and Just-in-Time (JIT) Privileged Access Management

Configure microsegmentation, Zero Trust Network Access (ZTNA), software-defined perimeters, and DNS security controls

Deploy Endpoint Detection and Response (EDR) tooling and enforce device compliance policies at enterprise scale

Integrate data protection controls including classification, labeling, DLP, and encryption aligned to ZTA data pillar requirements

Compliance and Authorization

Align ZTA implementations with NIST SP 800-53 Rev 5, NIST SP 800-207, DISA STIGs, and DHS CDM program requirements

Support the Risk Management Framework (RMF) lifecycle, including SSP authoring, continuous monitoring, and ATO maintenance

Document ZTA controls for system security packages, POA&Ms, and security assessment reports

Client Engagement and Collaboration

Serve as a trusted ZTA advisor to federal agency stakeholders, program managers, and ISSO/ISSM counterparts

Produce executive-level briefings, technical white papers, and implementation status reports

Collaborate cross-functionally with cloud, networking, data analytics, and infrastructure teams to ensure cohesive ZTA integration

VENDOR ECOSYSTEM EXPERIENCE CIG’s ZTA practice is solution-agnostic at the architectural level. Engineers are expected to bring deep expertise in at least one of the following vendor platforms, with cross-platform fluency strongly preferred:

Vendor / Framework & Relevant Capabilities Palo Alto Networks (Prisma): Prisma Access (ZTNA 2.0), Prisma Cloud, Cortex XDR/XSIAM, NGFW policy, SD-WAN integration, threat prevention across all ZTA pillars Zscaler: Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), Zscaler Digital Experience (ZDX), cloud proxy architecture, VPN replacement, SSL inspection Microsoft Zero Trust: Microsoft Entra ID (Azure AD), Conditional Access, Intune/MEM, Microsoft Defender suite, Sentinel SIEM/SOAR, Purview data governance, M365 compliance center CISA ZT Maturity Model: Five-pillar maturity assessment (Traditional, Initial, Advanced, Optimal), cross-cutting capability mapping, agency self-assessment support, roadmap alignment to federal reporting requirements

REQUIRED QUALIFICATIONS Experience

5+ years of experience in cybersecurity engineering, network security, or IT infrastructure roles

2+ years of hands-on experience designing or implementing Zero Trust Architecture in an enterprise or federal environment

Demonstrated understanding of ZTA concepts across all five pillars per NIST SP 800-207 and the CISA Zero Trust Maturity Model

Experience supporting federal government clients or DoD/civilian agency environments

Technical Skills

Proficiency in at least one of the following: Palo Alto Prisma, Zscaler, or Microsoft Zero Trust stack

Identity and access management: Entra ID, Active Directory, LDAP, PKI, MFA, PAM tooling

Network security: microsegmentation, ZTNA, DNS security, SD-WAN, next-generation firewall policy

Endpoint security: EDR/XDR deployment and management, device compliance policy enforcement

Cloud environments: Azure, AWS, or hybrid cloud architectures with ZTA overlay

Familiarity with SIEM/SOAR platforms (Microsoft Sentinel, SumoLogic, Google SecOps, or equivalent)

PREFERRED QUALIFICATIONS

Active certifications in one or more ZTA vendor platforms: PCCSE, PCNSE, Zscaler ZCCA-IA or ZCCA-PA, Microsoft SC-100 (Cybersecurity Architect Expert)

Additional certifications: CISSP, CISM, CompTIA Security+, Cloud+ or relevant AWS/Azure security certifications

Familiarity with RMF processes: NIST SP 800-37, SSP authoring, ATO package preparation

Experience with ServiceNow, Salesforce, or IT service management tooling in a federal context

Multi-vendor ZTA integration experience (e.g., combining Palo Alto and Zscaler capabilities within a single architecture)

Familiarity with post-quantum cryptography standards (FIPS 203/204/205) and their ZTA implications

Flexible work from home options available.

Source: JobLeads