Job Title: Senior Solution Architect Federal

Company Name: Appgate

Job Details: RemoteFull,Time

Job Url: https://hiring.cafe/viewjob/4w0oi47h2rnpg917

Job Description: Posted 1mo agoSenior Solution Architect Federal@ AppgateView All JobsWebsiteWashington, District of Columbia, United StatesRemoteFull TimeResponsibilities:design systems, integrate APIs, lead architectureRequirements Summary:12+ years in networking, security, systems, or automation; Bash, PowerShell, JavaScript, Linux administration; REST APIs and automation; experience with Active Directory, DNS, PKI, SAML/OIDC; ability to obtain/maintain U.S. security clearance.Technical Tools Mentioned:Bash, PowerShell, JavaScript, Linux, REST APIs, Terraform
Position OverviewThe Senior Solutions Architect is the senior technical authority responsible for the design, integration, automation, and operational success of AppGate's Zero Trust Network Access (ZTNA) platform across U.S. Federal and DoD environments.This role requires deep, hands-on engineering expertise, not abstract or presentation-level knowledge. The successful candidate must be capable of operating systems, writing and reviewing code, debugging live integrations, and troubleshooting failures at the protocol, OS, and application level. This is a role for practitioners who build, integrate, and operate secure access systems in real-world Federal environments. Technical Depth Expectations (Applies to All Areas Below)For every domain listed, candidates are expected to demonstrate operational competence, including the ability to:Configure and operate systems directlyDebug failures using logs, shell access, packet captures, and code inspectionWrite and modify scripts or automation to solve real problemsExplain system behavior based on implementation, not abstractionDesign and Architect systems that align with customer requirements for Appgate ZTNAIntegrate Appgate ZTNA with other 3rd party systems and sources of trust or risk telemetry including Identity Providers (SAML, OIFC, RADIUS, LDAP(s)), NGFWs, Entitlement Automation systems, SIEM/SOAR, ITSM, and many others.Detailed documentation and information hand-off skills are also required This role requires engineers who actively operate systems, write scripts, debug APIs, and analyze packet captures. Candidates whose experience is limited to diagrams, presentations, or vendor marketing materials will not be successful. Core Responsibilities & Required ExpertiseLinux Systems & Access Enforcement Platforms (Critical)Serve as a technical authority for Linux-based Zero Trust enforcement infrastructureOperate and manage systems via SSH, including secure key-based access and privilege separationDemonstrate deep, hands-on knowledge of:Bash scripting (required)Process management and systemdFilesystem layout, permissions, and loggingStrong understanding of Linux networking internals:Routing tables and policy routingInterface binding and traffic steeringiptables / nftablesDiagnose complex cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints JavaScript & REST API Integration Engineering (Critical)Develop and maintain JavaScript-based logic executed on Appgate appliances to enable integration and automationBuild and troubleshoot REST API integrations with external systems, including:Microsoft Graph APIServiceNow REST APIsIdentity, ITSM, logging, NGFW, and security platformsApply strong understanding of:RESTful API design and consumptionJSON data models and schema validationAuthentication methods (OAuth, tokens, certificates)Operate within an API-first, Security-as-Code/Everything-as-Code architecture Containers & Kubernetes ArchitectureArchitect Zero Trust access enforcement for containerized and microservices-based workloadsSupport Kubernetes environments, including:Sidecar injection and operator-based enforcement modelsSecure service exposure and service-to-service accessIntegration with Kubernetes networking (CNI), ingress, and egress controlsEnsure access models scale across on-premises and cloud-native environments Automation, Infrastructure as Code & Configuration as CodeDesign and implement Infrastructure as Code (IaC) using TerraformImplement Configuration as Code (CaC) and GitOps workflows for:Appgate ZTNA PoliciesAppgate ZTNA EntitlementsIntegrations with 3rd party systems and Entitlement EnginesIntegrate Zero Trust deployments into CI/CD pipelines aligned with Federal DevSecOps standardsEnsure all automation is:Version-controlledRepeatableAuditableAPI-driven Identity & Authentication Engineering (Critical)Architect identity-centric access solutions using enterprise identity systems as the authoritative control planeDeep hands-on expertise with:Active Directory, including multi-domain and multi-forest environmentsDomain Controllers and LDAP/LDAPS binding behaviorKerberos authentication flows and ticket lifecyclesSAMLOIDCRADIUSDesign and troubleshoot DNS architecture and resolution behavior across:Windows endpointsmacOS endpointsLinux enforcement platformsSupport authentication mechanisms including:Machine certificate–based authentication on WindowsPKI trust chains, certificate lifecycle, and revocationSAML and OIDC user authentication via external Identity ProvidersUnderstand how identity, DNS, and routing failures manifest as access control issues Modern Cloud & Infrastructure Excellence·       Virtualization: Architect-level knowledge of VMware, ESXi, and KVM for private cloud deployments·       Public Cloud: Demonstrate architect-level design and implementation of security services within AWS (GovCloud), Azure (Government), and Google Cloud Platform (GCP), with a specific focus on native networking (VPCs, VNets, Transit Gateways) and IAM policy enforcement.·       AI/ML Security: Forward-thinking experience in governing access to AI/LLM workloads and agent platforms. (Desired) Endpoint Scripting & Client-Side AutomationDesign and troubleshoot endpoint-executed scripts used for posture checks, integrations, and access decisionsPowerShell (Required):Windows endpoint scriptingInteraction with certificates, networking, registry, and system servicesBash (Required):macOS and Linux client scriptingSystem interrogation, diagnostics, and process controlEnsure scripts are secure, deterministic, and compatible with Federal endpoint hardening requirements Networking, Transport & Cryptographic Protocol ExpertiseArchitect-level understanding of:IP packet structure and routing behaviorTCP three-way handshake and session lifecycleARP, GARP, and Proxy ARP functionalityDeep knowledge of:TLS 1.2 / TLS 1.3 and QUICMutual TLS (mTLS)Certificate validation and trust chainsFamiliarity with:VPN architectures and tunneling modelsDifferences between VPN and identity-centric ZTNAMPLS and SDWAN Architectures and traffic flowsDemonstrate Architect level knowledge and experience designing, articulating, and implementing complex Network integrations and Cybersecurity solitonsArchitect level familiarity with network security solutions such as firewalls/next generation firewalls, network access control and VPNs, Logging / SYSLOG integration, IT Operations, IT Security Operations, SDWAN, WAN, and other Layer3/4 Network technologyDenied, Disrupted, Intermittent, and Limited (DDIL) environmental chalangesSingle Packet Authorization or port knocking familiarity desiredExpertise with Zero Trust Network and Univeral ZTNA concepts and Software Defined Perimeter desirableDiagnose failures using:tcpdumpWiresharkOS-level packet tracing STIG, SCAP & Compliance EngineeringSupport STIG compliance for Linux-based platformsWorking knowledge of SCAP, including:OpenSCAP toolingInterpreting scan output and false positivesMapping findings to mitigationsSupport RMF and ATO efforts through technical evidence and explanationCommunicate effectively with ISSMs, ISSEs, and assessors Interoperability & Federal IntegrationArchitect interoperability between Appgate and adjacent Federal systems:Identity platformsEndpoint security toolsSIEM, SOAR, and ITSM platformsNetwork and boundary security systemsEnable Appgate to operate as a composable Zero Trust control within multi-vendor Federal architecturesSupport integrators and partners implementing joint solutions Senior Technical LeadershipServe as final escalation point for the most complex Federal deploymentsLead deep technical architecture reviews with government and integrator teamsMentor senior Solution Architects and engineersInfluence product direction related to automation, integration, and operability Required Qualifications & Experience12+ years in networking, security, systems, platform, or automation engineering rolesDemonstrated mastery of:BashPowerShellJavaScriptLinux systems administrationREST APIs and automationStrong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)Experience supporting Federal or other high-assurance environmentsAbility to obtain or maintain a U.S. security clearanceAbility to work extended hours / flextime as needed to meet customer needs / deadlines / escalations There are times when this role requires more than 40 hours a week  Travel Requirements: Flexibility and ability to travel to meet project and customer needs Travel requirements will vary depending on project and for some projects can exceed 50% Appgate is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class. In furtherance of Appgate's policy regarding affirmative action and equal employment opportunity, Appgate has developed a written affirmative action program. This program is available for review upon request by any applicant or employee during normal business hours by contacting the company's EEO Coordinator.