[Remote] Principal Federal Solution Architect – Zero Trust, Automation & Identity

Note: The job is a remote job and is open to candidates in USA. Sebastian Tech Solutions is a leader in cloud- and hybrid-ready security and analytics solutions. They are seeking a Principal Federal Solution Architect responsible for the design, integration, automation, and operational success of their Zero Trust Network Access platform across U.S. Federal and DoD environments.

Responsibilities

• Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure
• Operate and manage systems via SSH, including secure key-based access and privilege separation
• Demonstrate deep, hands-on knowledge of:
• Bash scripting (required)
• Process management and systems
• Filesystem layout, permissions, and logging
• Strong understanding of Linux networking internals, including:
• Routing tables and policy routing
• Interface binding and traffic steering
• Iptables / nftables
• Diagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints
• Develop and maintain JavaScript-based logic executed on security appliances to enable integration and automation
• Build and troubleshoot REST API integrations with external systems, including:
• Microsoft Graph API
• ServiceNow REST APIs
• Identity, ITSM, logging, and security platforms
• Apply strong understanding of:
• RESTful API design and consumption
• JSON data models and schema validation
• Authentication methods (OAuth, tokens, certificates)
• Operate within an API-first, Everything-as-Code architecture
• Architect Zero Trust access enforcement for containerized and microservices workloads
• Support Kubernetes environments, including:
• Sidecar injection and operator-based enforcement models
• Secure service exposure and service-to-service access
• Integration with Kubernetes networking (CNI), ingress, and egress controls
• Ensure access models scale across on-premises and cloud-native environments
• Design and implement Infrastructure as Code (IaC) using Terraform
• Implement Configuration as Code (CaC) and GitOps workflows for:
• Policies
• Entitlements
• Integrations
• Integrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standards
• Ensure all automation is version-controlled, repeatable, auditable, and API-driven
• Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane
• Deep hands-on expertise with:
• Active Directory, including multi-domain and multi-forest environments
• Domain Controllers and LDAP/LDAPS binding behavior
• Kerberos authentication flows and ticket lifecycles
• Design and troubleshoot DNS architecture across Windows, macOS, and Linux platforms
• Support authentication mechanisms including:
• Machine certificate–based authentication on Windows
• PKI trust chains, certificate lifecycle, and revocation
• SAML and OIDC authentication via external Identity Providers
• Understand how identity, DNS, and routing failures manifest as access control issues
• Architect-level knowledge of VMware, ESXi, and KVM
• Architect-level design and implementation within AWS (GovCloud), Azure Government, and GCP, with focus on:
• Native networking (VPCs, VNets, Transit Gateways)
• IAM policy enforcement
• Governance of access to AI/LLM workloads and agent platforms
• Design and troubleshoot endpoint scripts used for posture checks and access decisions
• Windows endpoint scripting
• Interaction with certificates, networking, registry, and system services
• MacOS and Linux client scripting
• System diagnostics and process control
• Ensure scripts meet Federal endpoint hardening requirements
• Architect-level understanding of:
• IP packet structure and routing
• TCP handshake and session lifecycle
• Deep knowledge of:
• TLS 1.2 / TLS 1.3
• Mutual TLS (mTLS)
• Certificate validation and trust chains
• Familiarity with VPN vs. identity-centric ZTNA models
• Diagnose failures using tcpdump, Wireshark, and OS-level tracing
• Support STIG compliance for Linux platforms
• Working knowledge of SCAP and OpenSCAP tooling
• Support RMF and ATO efforts through technical evidence
• Communicate effectively with ISSMs, ISSEs, and assessors
• Architect interoperability between our client’s platform and Federal systems:
• Identity platforms
• Endpoint security tools
• SIEM, SOAR, and ITSM platforms
• Network and boundary security systems
• Enable operation as a composable Zero Trust control within multi-vendor architectures
• Serve as final escalation point for complex Federal deployments
• Lead deep technical architecture reviews
• Mentor senior architects and engineers
• Influence product direction related to automation and integration

Skills

• U.S. citizenship
• 12+ years in security, systems, platform, or automation engineering
• Demonstrated mastery of Bash
• Demonstrated mastery of PowerShell
• Demonstrated mastery of JavaScript
• Demonstrated mastery of Linux systems administration
• Demonstrated mastery of REST APIs and automation
• Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)
• Experience supporting Federal or high-assurance environments
• Ability to obtain and maintain a U.S. security clearance
• AI/ML Security (Desired): Governance of access to AI/LLM workloads and agent platforms

Company Overview

• Sebastian Tech Solutions provides enterprise IT, logistics, and management support services. It was founded in 2014, and is headquartered in Jonesboro, Arkansas, USA, with a workforce of 51-200 employees. Its website is https://www.stscando.com.

Apply tot his job Apply To this Job