Job Description Everforth ECS is seeking a
Senior Zero Trust Engineer to work in the National Capital Region covering the
Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Senior Zero Trust Engineer serves as the technical authority for Zero Trust Architecture (ZTA) design and implementation across the WDP enterprise, leading the enforcement of identity-centric access controls, network micro-segmentation, and continuous verification capabilities across NIPRNet, SIPRNet, and JWICS environments in alignment with the DoW Zero Trust Strategy and Reference Architecture. In this role, the engineer drives measurable reductions in attack surface and lateral movement risk while embedding Zero Trust principles across DevSecOps pipelines, cloud-native platforms, and multi-enclave mission systems.
Designs and leads implementation of enterprise Zero Trust security architectures supporting Department of War mission systems across unclassified and classified networks.
Defines identity-centric access models integrating Active Directory, ICAM services, privileged access management platforms, certificate-based authentication, and continuous authorization workflows.
Architects network micro-segmentation strategies using next-generation firewalls, software-defined perimeter technologies, Kubernetes network policies, and cloud-native security controls to eliminate implicit trust and restrict lateral movement.
Directs encryption-in-transit and encrypted traffic inspection capabilities using secure gateways, TLS inspection, and data protection tooling to safeguard mission data flows.
Guides integration of Zero Trust controls into DevSecOps pipelines, infrastructure platforms, and mission applications in coordination with cybersecurity engineering, system operations, and application teams.
Oversees Zero Trust capability alignment with the DoW Zero Trust Strategy, DoW Zero Trust Reference Architecture, and NIST SP 800-207, ensuring all seven pillars of Zero Trust are addressed across User/ICAM, Device/Endpoint, and Visibility/Analytics domains.
Produces authoritative architecture diagrams, technical standards, implementation roadmaps, and executive briefings stored within controlled repositories such as SharePoint.
Supports audit, assessment, and authorization activities through defensible technical evidence and traceability.
Delivers measurable improvements in access enforcement, attack surface reduction, and cyber resilience while advancing program values of mission assurance, defense-in-depth, and operational superiority.
Performs other duties as assigned.
Required Skills Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance. 10 or more years of progressive experience in cybersecurity engineering, with demonstrated specialization in Zero Trust Architecture design and implementation across enterprise-scale federal or defense programs.
Active DoW/DoD IAM Level I baseline certification, satisfied by one of the following: CompTIA Security+ CE, ISC CAP, ISC SSCP, or GIAC GSLC.
Demonstrated experience designing and implementing Zero Trust capabilities aligned to the DoW Zero Trust Reference Architecture (v2), the DoW Zero Trust Strategy, and NIST SP 800-207, including coverage across all seven Zero Trust pillars.
Hands-on experience implementing Identity, Credential, and Access Management (ICAM) solutions, including Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), Privileged Access Management (PAM), multi-factor authentication (MFA), PKI, and Identity Provider (IdP) federation.
Demonstrated experience architecting network micro-segmentation strategies, including Software-Defined Networking (SDN), Kubernetes network policies, and next-generation firewall configurations to reduce lateral movement risk across multi-enclave environments.
Experience integrating Zero Trust controls into DevSecOps delivery pipelines, cloud-native infrastructure platforms, and containerized application environments operating across NIPRNet, SIPRNet, and JWICS.
Familiarity with Risk Management Framework (RMF) authorization activities, including the development of cybersecurity artifacts, security control assessments, and authorization package support in compliance with NIST SP 800-53.
Experience producing and maintaining technical architecture documentation, Zero Trust implementation roadmaps, and executive-level briefings stored in program-controlled repositories.
Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility. Active Certified Information Systems Security Professional (CISSP) certification, consistent with DoW key personnel cybersecurity qualification standards.
Advanced DoW/DoD IAM certification at Level II or Level III (e.g., CASP+ CE, CISSP, CISA, or equivalent), demonstrating expanded qualifications beyond the baseline IAM Level I requirement.
Experience supporting Zero Trust implementation across parallel Unclassified, Secret, and Top Secret enclaves simultaneously, including management of air-gapped architectures, enclave-specific compliance reporting, and cross-domain data transfer controls.
Background supporting Continuous Monitoring (ConMon), Security Information and Event Management (SIEM), Extended Detection and Response (XDR), or User and Entity Behavior Analytics (UEBA) platforms as components of an integrated Zero Trust visibility and analytics capability.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.
