Apply on Employer Site

AppGate · 8 hours ago

Senior Solution Architect

District of Columbia, United States

Full-time

Onsite

Senior Level, Lead/Staff

12+ years exp

AppGate is a company focused on Zero Trust Network Access solutions, and they are seeking a Senior Solutions Architect to oversee the design and operational success of their platform within U.S. Federal and DoD environments. The role requires deep technical expertise in systems integration, automation, and security, with responsibilities spanning across various technical domains including Linux systems, API integrations, and cloud services.

Cloud SecurityCyber SecurityNetwork SecuritySoftware

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure

Operate and manage systems via SSH, including secure key-based access and privilege separation

Demonstrate deep, hands-on knowledge of:

+ Bash scripting (required)

+ Process management and systemd

+ Filesystem layout, permissions, and logging

Strong understanding of Linux networking internals:

+ Routing tables and policy routing

+ Interface binding and traffic steering

+ iptables / nftables

Diagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints

Develop and maintain JavaScript-based logic executed on Appgate appliances to enable integration and automation

Build and troubleshoot REST API integrations with external systems, including:

+ Microsoft Graph API

+ ServiceNow REST APIs

+ Identity, ITSM, logging, NGFW, and security platforms

Apply strong understanding of:

+ RESTful API design and consumption

+ JSON data models and schema validation

+ Authentication methods (OAuth, tokens, certificates)

Operate within an API-first, Security-as-Code/Everything-as-Code architecture

Architect Zero Trust access enforcement for containerized and microservices-based workloads

Support Kubernetes environments, including:

+ Sidecar injection and operator-based enforcement models

+ Secure service exposure and service-to-service access

+ Integration with Kubernetes networking (CNI), ingress, and egress controls

Ensure access models scale across on-premises and cloud-native environments

Design and implement Infrastructure as Code (IaC) using Terraform

Implement Configuration as Code (CaC) and GitOps workflows for:

+ Appgate ZTNA Policies

+ Appgate ZTNA Entitlements

+ Integrations with 3rd party systems and Entitlement Engines

Integrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standards

Ensure all automation is:

+ Version-controlled

+ Repeatable

+ Auditable

+ API-driven

Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane

Deep hands-on expertise with:

+ Active Directory, including multi-domain and multi-forest environments

+ Domain Controllers and LDAP/LDAPS binding behavior

+ Kerberos authentication flows and ticket lifecycles

+ SAML

+ OIDC

+ RADIUS

Design and troubleshoot DNS architecture and resolution behavior across:

+ Windows endpoints

+ macOS endpoints

+ Linux enforcement platforms

Support authentication mechanisms including:

+ Machine certificate-based authentication on Windows

+ PKI trust chains, certificate lifecycle, and revocation

+ SAML and OIDC user authentication via external Identity Providers

Understand how identity, DNS, and routing failures manifest as access control issues

Architect-level knowledge of VMware, ESXi, and KVM for private cloud deployments

Demonstrate architect-level design and implementation of security services within AWS (GovCloud), Azure (Government), and Google Cloud Platform (GCP), with a specific focus on native networking (VPCs, VNets, Transit Gateways) and IAM policy enforcement

Forward-thinking experience in governing access to AI/LLM workloads and agent platforms. (Desired)

Design and troubleshoot endpoint-executed scripts used for posture checks, integrations, and access decisions

PowerShell (Required):

+ Windows endpoint scripting

+ Interaction with certificates, networking, registry, and system services

Bash (Required):

+ macOS and Linux client scripting

+ System interrogation, diagnostics, and process control

Ensure scripts are secure, deterministic, and compatible with Federal endpoint hardening requirements

Architect-level understanding of:

+ IP packet structure and routing behavior

+ TCP three-way handshake and session lifecycle

+ ARP, GARP, and Proxy ARP functionality

Deep knowledge of:

+ TLS 1.2 / TLS 1.3 and QUIC

+ Mutual TLS (mTLS)

+ Certificate validation and trust chains

Familiarity with:

+ VPN architectures and tunneling models

+ Differences between VPN and identity-centric ZTNA

+ MPLS and SDWAN Architectures and traffic flows

Demonstrate Architect level knowledge and experience designing, articulating, and implementing complex Network integrations and Cybersecurity solutions

Architect level familiarity with network security solutions such as firewalls/next generation firewalls, network access control and VPNs, Logging / SYSLOG integration, IT Operations, IT Security Operations, SDWAN, WAN, and other Layer3/4 Network technology

Diagnose failures using:

+ tcpdump

+ Wireshark

+ OS-level packet tracing

Support STIG compliance for Linux-based platforms

Working knowledge of SCAP, including:

+ OpenSCAP tooling

+ Interpreting scan output and false positives

+ Mapping findings to mitigations

Support RMF and ATO efforts through technical evidence and explanation

Communicate effectively with ISSMs, ISSEs, and assessors

Architect interoperability between Appgate and adjacent Federal systems:

+ Identity platforms

+ Endpoint security tools

+ SIEM, SOAR, and ITSM platforms

+ Network and boundary security systems

Enable Appgate to operate as a composable Zero Trust control within multi-vendor Federal architectures

Support integrators and partners implementing joint solutions

Serve as final escalation point for the most complex Federal deployments

Lead deep technical architecture reviews with government and integrator teams

Mentor senior Solution Architects and engineers

Influence product direction related to automation, integration, and operability

Qualification

Linux SystemsBash ScriptingJavaScriptREST APIsActive DirectoryPowerShellInfrastructure as CodeKubernetesCloud SecurityNetworking ProtocolsSTIG ComplianceSoft Skills

Required

12+ years in networking, security, systems, platform, or automation engineering roles

Demonstrated mastery of: Bash, PowerShell, JavaScript, Linux systems administration, REST APIs and automation

Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)

Experience supporting Federal or other high-assurance environments

Ability to obtain or maintain a U.S. security clearance

Deep, hands-on engineering expertise

Capable of operating systems, writing and reviewing code, debugging live integrations, and troubleshooting failures at the protocol, OS, and application level

Configure and operate systems directly

Debug failures using logs, shell access, packet captures, and code inspection

Write and modify scripts or automation to solve real problems

Explain system behavior based on implementation, not abstraction

Design and Architect systems that align with customer requirements for Appgate ZTNA

Integrate Appgate ZTNA with other 3rd party systems and sources of trust or risk telemetry including Identity Providers (SAML, OIFC, RADIUS, LDAP(s)), NGFWs, Entitlement Automation systems, SIEM/SOAR, ITSM, and many others

Detailed documentation and information hand-off skills

Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure

Operate and manage systems via SSH, including secure key-based access and privilege separation

Demonstrate deep, hands-on knowledge of: Bash scripting, Process management and systemd, Filesystem layout, permissions, and logging

Strong understanding of Linux networking internals: Routing tables and policy routing, Interface binding and traffic steering, iptables / nftables

Diagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints

Develop and maintain JavaScript-based logic executed on Appgate appliances to enable integration and automation

Build and troubleshoot REST API integrations with external systems, including: Microsoft Graph API, ServiceNow REST APIs, Identity, ITSM, logging, NGFW, and security platforms

Apply strong understanding of: RESTful API design and consumption, JSON data models and schema validation, Authentication methods (OAuth, tokens, certificates)

Operate within an API-first, Security-as-Code/Everything-as-Code architecture

Architect Zero Trust access enforcement for containerized and microservices-based workloads

Support Kubernetes environments, including: Sidecar injection and operator-based enforcement models, Secure service exposure and service-to-service access, Integration with Kubernetes networking (CNI), ingress, and egress controls

Ensure access models scale across on-premises and cloud-native environments

Design and implement Infrastructure as Code (IaC) using Terraform

Implement Configuration as Code (CaC) and GitOps workflows for: Appgate ZTNA Policies, Appgate ZTNA Entitlements, Integrations with 3rd party systems and Entitlement Engines

Integrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standards

Ensure all automation is: Version-controlled, Repeatable, Auditable, API-driven

Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane

Deep hands-on expertise with: Active Directory, including multi-domain and multi-forest environments, Domain Controllers and LDAP/LDAPS binding behavior, Kerberos authentication flows and ticket lifecycles, SAML, OIDC, RADIUS

Design and troubleshoot DNS architecture and resolution behavior across: Windows endpoints, macOS endpoints, Linux enforcement platforms

Support authentication mechanisms including: Machine certificate-based authentication on Windows, PKI trust chains, certificate lifecycle, and revocation, SAML and OIDC user authentication via external Identity Providers

Understand how identity, DNS, and routing failures manifest as access control issues

Architect-level knowledge of VMware, ESXi, and KVM for private cloud deployments

Design and troubleshoot endpoint-executed scripts used for posture checks, integrations, and access decisions

PowerShell (Required): Windows endpoint scripting, Interaction with certificates, networking, registry, and system services

Bash (Required): macOS and Linux client scripting, System interrogation, diagnostics, and process control

Ensure scripts are secure, deterministic, and compatible with Federal endpoint hardening requirements

Architect-level understanding of: IP packet structure and routing behavior, TCP three-way handshake and session lifecycle, ARP, GARP, and Proxy ARP functionality

Deep knowledge of: TLS 1.2 / TLS 1.3 and QUIC, Mutual TLS (mTLS), Certificate validation and trust chains

Familiarity with: VPN architectures and tunneling models, Differences between VPN and identity-centric ZTNA, MPLS and SDWAN Architectures and traffic flows