[Remote] Principal Federal Solution Architect – Zero Trust, Automation & Identity

Note: The job is a remote job and is open to candidates in USA. Sebastian Tech Solutions is a leader in cloud- and hybrid-ready security and analytics solutions. They are seeking a Principal Federal Solution Architect responsible for the design, integration, automation, and operational success of their Zero Trust Network Access platform across U.S. Federal and DoD environments. Responsibilities • Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure • Operate and manage systems via SSH, including secure key-based access and privilege separation • Demonstrate deep, hands-on knowledge of: • Bash scripting (required) • Process management and systems • Filesystem layout, permissions, and logging • Strong understanding of Linux networking internals, including: • Routing tables and policy routing • Interface binding and traffic steering • Iptables / nftables • Diagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints • Develop and maintain JavaScript-based logic executed on security appliances to enable integration and automation • Build and troubleshoot REST API integrations with external systems, including: • Microsoft Graph API • ServiceNow REST APIs • Identity, ITSM, logging, and security platforms • Apply strong understanding of: • RESTful API design and consumption • JSON data models and schema validation • Authentication methods (OAuth, tokens, certificates) • Operate within an API-first, Everything-as-Code architecture • Architect Zero Trust access enforcement for containerized and microservices workloads • Support Kubernetes environments, including: • Sidecar injection and operator-based enforcement models • Secure service exposure and service-to-service access • Integration with Kubernetes networking (CNI), ingress, and egress controls • Ensure access models scale across on-premises and cloud-native environments • Design and implement Infrastructure as Code (IaC) using Terraform • Implement Configuration as Code (CaC) and GitOps workflows for: • Policies • Entitlements • Integrations • Integrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standards • Ensure all automation is version-controlled, repeatable, auditable, and API-driven • Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane • Deep hands-on expertise with: • Active Directory, including multi-domain and multi-forest environments • Domain Controllers and LDAP/LDAPS binding behavior • Kerberos authentication flows and ticket lifecycles • Design and troubleshoot DNS architecture across Windows, macOS, and Linux platforms • Support authentication mechanisms including: • Machine certificate–based authentication on Windows • PKI trust chains, certificate lifecycle, and revocation • SAML and OIDC authentication via external Identity Providers • Understand how identity, DNS, and routing failures manifest as access control issues • Architect-level knowledge of VMware, ESXi, and KVM • Architect-level design and implementation within AWS (GovCloud), Azure Government, and GCP, with focus on: • Native networking (VPCs, VNets, Transit Gateways) • IAM policy enforcement • Governance of access to AI/LLM workloads and agent platforms • Design and troubleshoot endpoint scripts used for posture checks and access decisions • Windows endpoint scripting • Interaction with certificates, networking, registry, and system services • MacOS and Linux client scripting • System diagnostics and process control • Ensure scripts meet Federal endpoint hardening requirements • Architect-level understanding of: • IP packet structure and routing • TCP handshake and session lifecycle • Deep knowledge of: • TLS 1.2 / TLS 1.3 • Mutual TLS (mTLS) • Certificate validation and trust chains • Familiarity with VPN vs. identity-centric ZTNA models • Diagnose failures using tcpdump, Wireshark, and OS-level tracing • Support STIG compliance for Linux platforms • Working knowledge of SCAP and OpenSCAP tooling • Support RMF and ATO efforts through technical evidence • Communicate effectively with ISSMs, ISSEs, and assessors • Architect interoperability between our client’s platform and Federal systems: • Identity platforms • Endpoint security tools • SIEM, SOAR, and ITSM platforms • Network and boundary security systems • Enable operation as a composable Zero Trust control within multi-vendor architectures • Serve as final escalation point for complex Federal deployments • Lead deep technical architecture reviews • Mentor senior architects and engineers • Influence product direction related to automation and integration Skills • U.S. citizenship • 12+ years in security, systems, platform, or automation engineering • Demonstrated mastery of Bash • Demonstrated mastery of PowerShell • Demonstrated mastery of JavaScript • Demonstrated mastery of Linux systems administration • Demonstrated mastery of REST APIs and automation • Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC) • Experience supporting Federal or high-assurance environments • Ability to obtain and maintain a U.S. security clearance • AI/ML Security (Desired): Governance of access to AI/LLM workloads and agent platforms Company Overview • Sebastian Tech Solutions provides enterprise IT, logistics, and management support services. It was founded in 2014, and is headquartered in Jonesboro, Arkansas, USA, with a workforce of 51-200 employees. Its website is https://www.stscando.com. Apply tot his job Apply To this Job