Senior Zero Trust Engineer

Everforth ECS is seeking a Senior Zero Trust Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI‑First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts. 

• The Senior Zero Trust Engineer serves as the technical authority for Zero Trust Architecture (ZTA) design and implementation across the WDP enterprise, leading the enforcement of identity-centric access controls, network micro-segmentation, and continuous verification capabilities across NIPRNet, SIPRNet, and JWICS environments in alignment with the DoW Zero Trust Strategy and Reference Architecture. In this role, the engineer drives measurable reductions in attack surface and lateral movement risk while embedding Zero Trust principles across DevSecOps pipelines, cloud-native platforms, and multi-enclave mission systems.
• Designs and leads implementation of enterprise Zero Trust security architectures supporting Department of War mission systems across unclassified and classified networks.
• Defines identity-centric access models integrating Active Directory, ICAM services, privileged access management platforms, certificate-based authentication, and continuous authorization workflows.
• Architects network micro-segmentation strategies using next-generation firewalls, software-defined perimeter technologies, Kubernetes network policies, and cloud-native security controls to eliminate implicit trust and restrict lateral movement.
• Directs encryption-in-transit and encrypted traffic inspection capabilities using secure gateways, TLS inspection, and data protection tooling to safeguard mission data flows.
• Guides integration of Zero Trust controls into DevSecOps pipelines, infrastructure platforms, and mission applications in coordination with cybersecurity engineering, system operations, and application teams.
• Oversees Zero Trust capability alignment with the DoW Zero Trust Strategy, DoW Zero Trust Reference Architecture, and NIST SP 800-207, ensuring all seven pillars of Zero Trust are addressed across User/ICAM, Device/Endpoint, and Visibility/Analytics domains.
• Produces authoritative architecture diagrams, technical standards, implementation roadmaps, and executive briefings stored within controlled repositories such as SharePoint.
• Supports audit, assessment, and authorization activities through defensible technical evidence and traceability.
• Delivers measurable improvements in access enforcement, attack surface reduction, and cyber resilience while advancing program values of mission assurance, defense-in-depth, and operational superiority.
• Performs other duties as assigned.