Principal Federal Solution Architect - Zero Trust, Automation &

*Remote Position but ideally looking for someone in the DMV area. 
Principal Federal Solution Architect - Zero Trust, Automation & Identity

The Senior Solutions Architect is the senior technical authority responsible for the design, integration, automation, and operational success of AppGate's Zero Trust Network Access (ZTNA) platform across U.S. Federal and DoD environments.

This role requires deep, hands-on engineering expertise, not abstract or presentation-level knowledge. The successful candidate must be capable of operating systems, writing and reviewing code, debugging live integrations, and troubleshooting failures at the protocol, OS, and application level. This role is intended for practitioners who build, integrate, and operate secure access systems in real-world Federal environments.

Responsibilities

• Serve as final escalation point for the most complex Federal deployments
• Lead deep technical architecture reviews with government and integrator teams
• Mentor senior Solution Architects and engineers
• Influence product direction related to automation, integration, and operability
• Ability to work extended hours or flexible schedules as needed to meet customer needs, deadlines, and escalations
• This role may require more than 40 hours per week

Travel Requirements

• Flexibility and ability to travel to meet project and customer needs
• Travel requirements will vary depending on the project and may exceed 50 percent

Technical Depth Expectations

For every domain listed, candidates are expected to demonstrate operational competence, including the ability to:

• Configure and operate systems directly
• Debug failures using logs, shell access, packet captures, and code inspection
• Write and modify scripts or automation to solve real problems
• Explain system behavior based on implementation, not abstraction
• Design and architect systems aligned with customer requirements for Appgate ZTNA
• Integrate Appgate ZTNA with third party systems and sources of trust or risk telemetry, including identity providers such as SAML, OIDC, RADIUS, LDAP, NGFWs, entitlement automation systems, SIEM, SOAR, ITSM, and others
• Provide detailed documentation and effective information handoff

This role requires engineers who actively operate systems, write scripts, debug APIs, and analyze packet captures. Candidates whose experience is limited to diagrams, presentations, or vendor marketing materials will not be successful.

Core Responsibilities and Required Expertise

Linux Systems and Access Enforcement Platforms

• Serve as a technical authority for Linux-based Zero Trust enforcement infrastructure
• Operate and manage systems via SSH, including secure key-based access and privilege separation
• Demonstrate deep hands-on knowledge of Bash scripting, process management, systemd, filesystem layout, permissions, and logging
• Strong understanding of Linux networking internals including routing tables, policy routing, interface binding, traffic steering, and iptables or nftables
• Diagnose complex cross-platform issues involving Linux, Windows, and macOS systems

JavaScript and REST API Integration

• Develop and maintain JavaScript-based logic for integration and automation
• Build and troubleshoot REST API integrations with systems such as Microsoft Graph and ServiceNow
• Strong understanding of REST APIs, JSON data models, and authentication methods including OAuth, tokens, and certificates
• Experience working in API-first and security-as-code environments

Containers and Kubernetes

• Architect Zero Trust access for containerized and microservices-based workloads
• Support Kubernetes environments including networking, service exposure, and service-to-service access
• Ensure solutions scale across on-premises and cloud environments

Automation and Infrastructure as Code

• Design and implement Infrastructure as Code using Terraform
• Implement Configuration as Code and GitOps workflows
• Integrate Zero Trust solutions into CI/CD pipelines
• Ensure automation is version controlled, repeatable, auditable, and API-driven

Identity and Authentication

• Architect identity-centric access solutions using enterprise identity systems
• Hands-on experience with Active Directory, LDAP, Kerberos, SAML, OIDC, and RADIUS
• Troubleshoot DNS across Windows, macOS, and Linux platforms
• Experience with PKI, certificates, and authentication flows

Cloud and Infrastructure

• Experience with virtualization platforms such as VMware, ESXi, and KVM
• Experience designing secure solutions in AWS GovCloud, Azure Government, and Google Cloud Platform
• Understanding of networking and IAM policies
• Experience with AI or machine learning security is a plus

Endpoint Scripting

• Design and troubleshoot scripts for endpoint posture and access decisions
• PowerShell for Windows environments
• Bash for macOS and Linux environments
• Ensure scripts meet Federal security requirements

Networking and Security

• Strong understanding of IP networking, TCP, ARP, TLS, and encryption
• Familiarity with VPNs, ZTNA, MPLS, and SD-WAN
• Experience with network security tools and architectures
• Ability to troubleshoot using tools such as tcpdump and Wireshark

Compliance

• Support STIG compliance for Linux systems
• Experience with SCAP and OpenSCAP tools
• Support RMF and ATO processes
• Communicate effectively with security stakeholders

Integration and Interoperability

• Integrate with identity systems, security tools, and enterprise platforms
• Support multi-vendor Zero Trust environments
• Work with partners and integrators on joint solutions

Leadership

• Serve as escalation lead for complex deployments
• Lead technical discussions with stakeholders
• Mentor engineers and architects
• Contribute to product direction

Required Qualifications

• 12 or more years of experience in networking, security, systems, or automation engineering
• Strong experience with Bash, PowerShell, JavaScript, Linux, and REST APIs
• Experience with identity systems such as Active Directory, DNS, PKI, SAML, and OIDC
• Experience supporting Federal or high-security environments
• Ability to obtain or maintain a U.S. security clearance
• Willingness to work flexible hours as needed

Travel

• Ability to travel as required by project needs
• Travel may exceed 50 percent depending on the project

*** This is a direct hire for AppGate. This position is remote though candidates who live in the DMV are ideal.