Position Title: Security Architect – Zero Trust / Cloud Security
Location: Remote (U.S.) with Occasional Travel
Client: Federal / Public Sector Programs
Work Authorization: Candidates must be authorized to work in the United States. U.S. Citizenship may be required based on client assignment.
📩 To apply, please submit your resume to careers@wintrio.com or complete the application form below.
Job Summary
WINTrio LLC is seeking an experienced Security Architect – Zero Trust / Cloud Security to support Federal cybersecurity modernization, enterprise architecture, cloud adoption, and Zero Trust transformation initiatives.
This role is responsible for designing, assessing, and implementing secure architectures across cloud, hybrid, on-premises, application, data, and network environments. The successful candidate will provide technical leadership in the development of secure solutions that align with Federal cybersecurity requirements, Zero Trust Architecture principles, FedRAMP requirements, and agency-specific compliance frameworks.
The ideal candidate will possess deep expertise in cloud security, identity-centric security, secure application design, enterprise architecture, and Federal cybersecurity governance. This position requires close collaboration with enterprise architects, cloud engineers, developers, ISSOs, cybersecurity teams, and executive leadership.
Job Responsibilities
- Design and assess enterprise security architectures across cloud, hybrid, on-premises, application, data, and network environments.
- Develop and implement Zero Trust Architecture strategies aligned with identity, device, network, application, workload, and data security principles.
- Support cloud security architecture and modernization initiatives within AWS GovCloud, Microsoft Azure Government, and hybrid environments.
- Define secure patterns for identity and access management, role-based access control (RBAC), privileged access management (PAM), encryption, logging, monitoring, and network segmentation.
- Review application, infrastructure, and cloud architectures to ensure compliance with NIST SP 800-53, FedRAMP, FISMA, RMF, and agency-specific requirements.
- Support secure DevSecOps implementations, including pipeline security, secrets management, infrastructure-as-code security scanning, container security, and automated compliance validation.
- Develop security architecture documentation, technical reference architectures, control mappings, implementation roadmaps, and design standards.
- Support ATO activities, cloud authorization efforts, control inheritance analysis, security assessments, and compliance reviews.
- Collaborate with enterprise architects, cloud engineers, cybersecurity teams, developers, ISSOs, and operational stakeholders.
- Conduct security architecture reviews, threat modeling exercises, and risk assessments.
- Advise executive leadership on cybersecurity modernization, risk reduction strategies, compliance requirements, and emerging technologies.
- Support continuous improvement initiatives that strengthen enterprise security posture and architecture maturity.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related field.
- Minimum ten (10) years of experience in cybersecurity, security architecture, cloud security, enterprise architecture, or related disciplines.
- Experience designing and implementing security architectures within Federal, regulated, or mission-critical environments.
- Strong knowledge of Zero Trust Architecture, NIST SP 800-207, NIST SP 800-53, FedRAMP, FISMA, and Risk Management Framework (RMF) requirements.
- Experience supporting AWS, Microsoft Azure, or hybrid cloud security architectures.
- Strong understanding of identity and access management, encryption, network segmentation, logging, vulnerability management, and secure software development lifecycle (SDLC) practices.
- Strong written and verbal communication skills.
- Strong analytical, leadership, and problem-solving abilities.
- Ability to communicate complex technical concepts to both technical and executive audiences.
Technical Areas
Zero Trust Architecture
- NIST SP 800-207
- CISA Zero Trust Maturity Model
- Identity-Centric Security
- Least Privilege Access
- Micro-Segmentation
- Continuous Verification
- Device Trust
- Workload Protection
Cloud Security Architecture
- AWS GovCloud
- Microsoft Azure Government
- Hybrid Cloud Security
- Cloud Security Controls
- FedRAMP Compliance
- Cloud Authorization Support
- Cloud Control Inheritance
Identity & Access Management
- Active Directory
- Microsoft Entra ID (Azure AD)
- Okta
- SailPoint
- PIV/CAC Integration
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control (ABAC)
- Privileged Access Management (PAM)
DevSecOps & Secure Engineering
- Secure CI/CD Pipelines
- Secrets Management
- Container Security
- Infrastructure-as-Code Security
- Application Security Testing
- Automated Compliance Validation
Security Architecture & Engineering
- Threat Modeling
- Security Design Reviews
- Encryption & Key Management
- Secure Data Exchange
- API Security
- Microservices Security
- Enterprise Security Architecture
Tools & Platforms
Cloud Security Platforms
- AWS Security Hub
- Amazon GuardDuty
- AWS Key Management Service (KMS)
- Microsoft Defender for Cloud
- Azure Policy
- Azure Key Vault
DevSecOps & Security Automation
- GitHub Advanced Security
- GitLab
- Jenkins
- Azure DevOps
- SAST Platforms
- DAST Platforms
- Software Composition Analysis (SCA)
- Infrastructure-as-Code Scanning Tools
Container & Platform Security
- Docker
- Kubernetes
- OpenShift
- Helm
Security Assessment & Monitoring
- Splunk
- Tenable
- Nessus
- ACAS
- Fortify
- WebInspect
- SonarQube
Compliance & Governance
- NIST RMF
- FedRAMP
- FISMA
- STIGs
- SCAP
- CIS Benchmarks
Preferred Certifications
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Information Security Manager (CISM)
- AWS Certified Security – Specialty
- AWS Certified Solutions Architect – Professional
- Microsoft Azure Solutions Architect Expert
- Microsoft Azure Security Engineer Associate
- Zero Trust Architecture Certifications
- SABSA Certification
- TOGAF Certification
- CompTIA Advanced Security Practitioner (CASP+)
Preferred Qualifications
- Experience supporting Federal Zero Trust modernization initiatives.
- Experience supporting FedRAMP-authorized cloud environments and cloud ATO packages.
- Experience implementing identity governance, privileged access management, or enterprise IAM solutions.
- Experience supporting DevSecOps transformation initiatives and secure cloud migration programs.
- Experience working within Federal civilian, defense, or intelligence community environments.
- Experience supporting large-scale cybersecurity modernization and digital transformation efforts.
Work Environment
- Full-time position.
- Remote within the United States.
- Standard business hours Monday through Friday.
- Occasional travel may be required in support of customer meetings, architecture reviews, security assessments, and program activities.
WINTrio Benefits
- Healthcare (Medical, Dental, and Vision)
- Flexible Spending Account (FSA) and Health Savings Account (HSA)
- 401(k) and Retirement Savings Plan
- Annual Bonus and Profit Sharing Opportunities
- Paid Time Off (PTO) and Vacation
- Employee Assistance Program (EAP)
- Life, Personal, and Voluntary Disability Insurance
Growth Opportunities
There is ample opportunity to grow in multiple dimensions, including Zero Trust Architecture, cloud security, cybersecurity leadership, enterprise architecture, compliance modernization, DevSecOps, digital transformation, and business development. We are a completely employee-driven company, and our continued success is built on the talent, dedication, and innovation of our team members.
Equal Opportunity Employer
WINTrio LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.