Sebastian Tech Solutions · 1 week ago
Principal Federal Solution Architect – Zero Trust, Automation & Identity
United States
Full-time
Remote
Lead/Staff
$200K/yr - $250K/yr
12+ years expSebastian Tech Solutions is a leader in cloud- and hybrid-ready security and analytics solutions. They are seeking a Principal Federal Solution Architect responsible for the design, integration, automation, and operational success of their Zero Trust Network Access platform across U.S. Federal and DoD environments.
Cloud ComputingConsultingCyber SecurityInformation TechnologyLogistics
No H1B
Security Clearance RequiredU.S. Citizen OnlyHiring Manager
Kristin Hall
Responsibilities
Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure
Operate and manage systems via SSH, including secure key-based access and privilege separation
Demonstrate deep, hands-on knowledge of:
Bash scripting (required)
Process management and systems
Filesystem layout, permissions, and logging
Strong understanding of Linux networking internals, including:
Routing tables and policy routing
Interface binding and traffic steering
Iptables / nftables
Diagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints
Develop and maintain JavaScript-based logic executed on security appliances to enable integration and automation
Build and troubleshoot REST API integrations with external systems, including:
Microsoft Graph API
ServiceNow REST APIs
Identity, ITSM, logging, and security platforms
Apply strong understanding of:
RESTful API design and consumption
JSON data models and schema validation
Authentication methods (OAuth, tokens, certificates)
Operate within an API-first, Everything-as-Code architecture
Architect Zero Trust access enforcement for containerized and microservices workloads
Support Kubernetes environments, including:
Sidecar injection and operator-based enforcement models
Secure service exposure and service-to-service access
Integration with Kubernetes networking (CNI), ingress, and egress controls
Ensure access models scale across on-premises and cloud-native environments
Design and implement Infrastructure as Code (IaC) using Terraform
Implement Configuration as Code (CaC) and GitOps workflows for:
Policies
Entitlements
Integrations
Integrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standards
Ensure all automation is version-controlled, repeatable, auditable, and API-driven
Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane
Deep hands-on expertise with:
Active Directory, including multi-domain and multi-forest environments
Domain Controllers and LDAP/LDAPS binding behavior
Kerberos authentication flows and ticket lifecycles
Design and troubleshoot DNS architecture across Windows, macOS, and Linux platforms
Support authentication mechanisms including:
Machine certificate–based authentication on Windows
PKI trust chains, certificate lifecycle, and revocation
SAML and OIDC authentication via external Identity Providers
Understand how identity, DNS, and routing failures manifest as access control issues
Architect-level knowledge of VMware, ESXi, and KVM
Architect-level design and implementation within AWS (GovCloud), Azure Government, and GCP, with focus on:
Native networking (VPCs, VNets, Transit Gateways)
IAM policy enforcement
Governance of access to AI/LLM workloads and agent platforms
Design and troubleshoot endpoint scripts used for posture checks and access decisions
Windows endpoint scripting
Interaction with certificates, networking, registry, and system services
MacOS and Linux client scripting
System diagnostics and process control
Ensure scripts meet Federal endpoint hardening requirements
Architect-level understanding of:
IP packet structure and routing
TCP handshake and session lifecycle
Deep knowledge of:
TLS 1.2 / TLS 1.3
Mutual TLS (mTLS)
Certificate validation and trust chains
Familiarity with VPN vs. identity-centric ZTNA models
Diagnose failures using tcpdump, Wireshark, and OS-level tracing
Support STIG compliance for Linux platforms
Working knowledge of SCAP and OpenSCAP tooling
Support RMF and ATO efforts through technical evidence
Communicate effectively with ISSMs, ISSEs, and assessors
Architect interoperability between our client’s platform and Federal systems:
Identity platforms
Endpoint security tools
SIEM, SOAR, and ITSM platforms
Network and boundary security systems
Enable operation as a composable Zero Trust control within multi-vendor architectures
Serve as final escalation point for complex Federal deployments
Lead deep technical architecture reviews
Mentor senior architects and engineers
Influence product direction related to automation and integration
Qualification
Required
U.S. citizenship
12+ years in security, systems, platform, or automation engineering
Demonstrated mastery of Bash
Demonstrated mastery of PowerShell
Demonstrated mastery of JavaScript
Demonstrated mastery of Linux systems administration
Demonstrated mastery of REST APIs and automation
Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)
Experience supporting Federal or high-assurance environments
Ability to obtain and maintain a U.S. security clearance
Preferred
AI/ML Security (Desired): Governance of access to AI/LLM workloads and agent platforms
Company
Sebastian Tech Solutions
Sebastian Tech Solutions provides enterprise IT, logistics, and management support services.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
James Murray, PMP
Chief Operating Officer
Company data provided by crunchbase