Zero Trust Virtualization / Application Development SME - Zermount, Inc
Arlington, VA
About the Job
ZERO TRUST VIRTUALIZATION / APPLICATION DEVELOPMENT SME
MILITARY FRIENDLY & PREFERRED - HOH SPONSOR
Zermount Inc. is seeking a Zero Trust (ZT) Virtualization/Application Development SME will assist in providing security to one of our federal clients. The ZT Virtualization/Application Development SME will be part of the implementation of ZT principles across the pillars of ZT (identity, device, network, application and workload, and data) to assist the client in meeting the requirements set forth by EO 14028 and OMB M 22-09. The ZT Virtualization/Application Development SME will be responsible for leading the design, development, and implementation of virtualization and application development solutions in alignment with Zero Trust principles. You will collaborate with cross-functional teams to understand business requirements and translate them into secure and scalable technical solutions. Your expertise in virtualization technologies, application development, and Zero Trust principles will be crucial in ensuring the organization's systems and applications are resilient, secure, and compliant.
Duties & Responsibilities:
The ZT Virtualization/Application Development SME will ensure the Zermount ZT solutions and services secure federal networks and meet the objectives of EO 14028 and other Federal requirements. Additionally, the ZT Virtualization/Application Development SME will provide support and services to include:
- Lead the design, development, and implementation of virtualization and application development solutions aligned with Zero Trust principles.
- Collaborate with cross-functional teams to understand business requirements and translate them into technical solutions.
- Develop and maintain virtualization infrastructure, including virtual machines, containers, and virtual networks.
- Design, code, test, and debug applications using programming languages and frameworks such as Python, Java, .NET, or others.
- Implement security controls and best practices in virtualized environments and application development processes.
- Ensure compliance with Zero Trust principles, industry standards, and regulatory requirements in virtualization and application development.
- Monitor and optimize virtualization performance, scalability, and reliability.
- Troubleshoot and resolve issues related to virtualization, application deployment, and performance.
- Stay up to date with emerging technologies and industry trends related to virtualization and application development.
- Provide technical guidance and mentorship to junior team members.
Qualifications:
- A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems OR a relevant Bachelor's degree in IT, computer science, or engineering and 7 years of IT cybersecurity experience including direct support for the US Government and 5 years acting as an ISSO, assessor, or compliance analyst.
- Solid experience in virtualization technologies, such as VMware, Hyper-V, or KVM.
- Proficiency in application development using programming languages like Python, Java, .NET, or others.
- Strong understanding of Zero Trust principles and their application in virtualization and application development.
- Knowledge of containerization technologies like Docker and orchestration tools like Kubernetes.
- Familiarity with cloud platforms and services, such as AWS, Azure, or Google Cloud.
- Experience implementing security controls and best practices in virtualized environments and application development.
- Ability to troubleshoot and resolve issues in virtualization and application deployment.
- Strong communication and collaboration abilities.
- Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.
- Knowledge of EO 14028, OMB M 22-09, Federal, DoD, and CISA Zero Trust Architecture, Maturity Model, and Technical Reference Architectures.
- Excellent communication, collaboration, and problem-solving skills.
- Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements.
- Technical knowledge of complex enterprise IT systems.
- Knowledge and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.
- Ability to work independently and as part of a team.
- Ability to navigate complex and politically sensitive client environments with professionalism, patience, and tact.
- Demonstrated ability to effectively engage and manage relationships with highly political clients while maintaining a professional demeanor, exhibiting patience, and navigating sensitive situations with tact.
Zero Trust Specific Qualifications: System Maturity Model
- Application Access
- Demonstrated experience in automating application access decisions with enhanced contextual information and enforced expiration conditions to ensure adherence to the principle of least privilege.
- Proven track record in automating application access decisions with expanded contextual information and enforced expiration conditions to adhere to the principle of least privilege.
- Strong background in establishing an environment that continuously authorizes application access, incorporating real-time risk analytics and considering factors such as behavior or usage patterns.
- Application Threat Protections:
- Extensive experience in implementing advanced threat protections into all application workflows, providing real-time visibility and monitoring.
- Accessible Applications:
- Successful track record in delivering all relevant applications over open public networks to authorized users and devices, ensuring accessibility as needed.
- Secure Application Development and Deployment Workflow:
- Proficient in utilizing immutable workloads wherever feasible, allowing changes to be effective only through redeployment, and eliminating administrator access to deployment environments by leveraging automated processes for code deployment.
- Application Security Testing:
- Expertise in integrating application security testing throughout the software development lifecycle across the entire enterprise, including routine automated testing of deployed applications.
Education:
- Minimum of a Bachelor's Degree in one of the following: Information Technology (IT), computer science, management, business administration, or a related field.
- Relevant years of experience may be used in substitution for situations where the candidate does not have a Bachelor's degree in the required field.
Certifications:
- At least one of the following security certifications:
- Certified Authorization Professional (CAP);
- Certified Information Systems Security Officer (CISSO);
- Certified Information Security Manager (CISM); or
- Certified Information Systems Security Professional (CISSO).
- Relevant certifications in virtualization technologies (e.g., VMware Certified Professional) and application development (e.g., AWS Certified Developer, Microsoft Certified: Azure Developer Associate) are a plus.
Clearance level:
- Minimum of an active Secret Clearance.
Work Location:
- Primarily Remote.
Hours of Operation:
- Business Hours: 8:00 am EST - 4:30 pm EST.