Job Requirements
Falls Church, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description
Everforth ECS is seeking a Zero Trust Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
• The Zero Trust Engineer implements and operates the technical security controls, access enforcement mechanisms, and network segmentation capabilities that underpin WDP's Zero Trust architecture across all classification tiers. This role supports WDP's alignment with the DoW Zero Trust Reference Architecture and NIST SP 800-207 by translating Zero Trust policy requirements into operational configurations, validated control baselines, and continuously monitored enforcement mechanisms that protect mission systems operating across NIPRNet, SIPRNet, and JWICS.
• Implements and operates Zero Trust security controls supporting mission systems across multiple security enclaves.
• Configures identity-based access policies using Active Directory, ICAM tooling, certificate services, and privileged access workflows to enforce least-privilege principles.
• Maintains network segmentation controls through firewall rule sets, software-defined perimeter configurations, container network policies, and cloud security groups to limit unauthorized access paths.
• Supports continuous authentication and authorization processes informed by device posture, user behavior, and threat intelligence collected through SIEM and endpoint detection platforms such as Splunk and EDR solutions.
• Executes policy updates, access changes, and technical refinements in coordination with network administrators, system engineers, and application teams.
• Documents Zero Trust implementations, configuration baselines, operational procedures, and runbooks within approved knowledge repositories.
• Assists with control validation, operational testing, and assessment preparation by assembling technical artifacts and evidence.
• Resolves operational issues related to access enforcement, segmentation drift, and encrypted traffic handling.
• Contributes to steady improvement of Zero Trust maturity while reinforcing program values of operational reliability, security consistency, and mission readiness.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• A minimum of 3 years of experience in cybersecurity engineering, Zero Trust implementation, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated hands-on proficiency configuring and operating identity-based access controls, network micro-segmentation, and continuous monitoring capabilities in support of Zero Trust architecture requirements across classified or enterprise mission environments.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Hands-on experience implementing capabilities across multiple pillars of the DoW Zero Trust Reference Architecture - including ICAM, device and endpoint security, network segmentation, and visibility and analytics - with demonstrated ability to configure supporting technologies such as ABAC policy engines, Privileged Access Management platforms, Software Defined Networking, Identity Provider federation, and Data Loss Prevention controls in government-accredited environments.
• Experience operating continuous monitoring and threat detection capabilities within a Zero Trust enforcement context, including proficiency with SIEM platforms such as Splunk, EDR solutions, UEBA tools, and audit logging infrastructure used to validate access decisions, detect behavioral anomalies, and support Zero Trust control assessment activities across NIPRNet, SIPRNet, and JWICS.
• Familiarity with the DoW RMF authorization lifecycle, NIST SP 800-53 control implementation, and Zero Trust compliance tracking requirements, including experience contributing technical artifacts and configuration evidence to Body-of-Evidence packages, System Security Plans, and Plans of Action and Milestones in support of Authorization to Operate activities.
• Familiarity with Agile or DevSecOps delivery models, including demonstrated ability to contribute Zero Trust engineering activities - such as access policy updates, segmentation baseline maintenance, and control validation testing - within sprint cycles and Program Increment planning events in support of continuous, security-integrated platform delivery.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
Everforth ECS is seeking a Zero Trust Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
• The Zero Trust Engineer implements and operates the technical security controls, access enforcement mechanisms, and network segmentation capabilities that underpin WDP's Zero Trust architecture across all classification tiers. This role supports WDP's alignment with the DoW Zero Trust Reference Architecture and NIST SP 800-207 by translating Zero Trust policy requirements into operational configurations, validated control baselines, and continuously monitored enforcement mechanisms that protect mission systems operating across NIPRNet, SIPRNet, and JWICS.
• Implements and operates Zero Trust security controls supporting mission systems across multiple security enclaves.
• Configures identity-based access policies using Active Directory, ICAM tooling, certificate services, and privileged access workflows to enforce least-privilege principles.
• Maintains network segmentation controls through firewall rule sets, software-defined perimeter configurations, container network policies, and cloud security groups to limit unauthorized access paths.
• Supports continuous authentication and authorization processes informed by device posture, user behavior, and threat intelligence collected through SIEM and endpoint detection platforms such as Splunk and EDR solutions.
• Executes policy updates, access changes, and technical refinements in coordination with network administrators, system engineers, and application teams.
• Documents Zero Trust implementations, configuration baselines, operational procedures, and runbooks within approved knowledge repositories.
• Assists with control validation, operational testing, and assessment preparation by assembling technical artifacts and evidence.
• Resolves operational issues related to access enforcement, segmentation drift, and encrypted traffic handling.
• Contributes to steady improvement of Zero Trust maturity while reinforcing program values of operational reliability, security consistency, and mission readiness.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• A minimum of 3 years of experience in cybersecurity engineering, Zero Trust implementation, or a closely related discipline within a federal, defense, or government contracting environment, with demonstrated hands-on proficiency configuring and operating identity-based access controls, network micro-segmentation, and continuous monitoring capabilities in support of Zero Trust architecture requirements across classified or enterprise mission environments.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Hands-on experience implementing capabilities across multiple pillars of the DoW Zero Trust Reference Architecture - including ICAM, device and endpoint security, network segmentation, and visibility and analytics - with demonstrated ability to configure supporting technologies such as ABAC policy engines, Privileged Access Management platforms, Software Defined Networking, Identity Provider federation, and Data Loss Prevention controls in government-accredited environments.
• Experience operating continuous monitoring and threat detection capabilities within a Zero Trust enforcement context, including proficiency with SIEM platforms such as Splunk, EDR solutions, UEBA tools, and audit logging infrastructure used to validate access decisions, detect behavioral anomalies, and support Zero Trust control assessment activities across NIPRNet, SIPRNet, and JWICS.
• Familiarity with the DoW RMF authorization lifecycle, NIST SP 800-53 control implementation, and Zero Trust compliance tracking requirements, including experience contributing technical artifacts and configuration evidence to Body-of-Evidence packages, System Security Plans, and Plans of Action and Milestones in support of Authorization to Operate activities.
• Familiarity with Agile or DevSecOps delivery models, including demonstrated ability to contribute Zero Trust engineering activities - such as access policy updates, segmentation baseline maintenance, and control validation testing - within sprint cycles and Program Increment planning events in support of continuous, security-integrated platform delivery.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A