ZTA Engineer/Architect - TS/SCI Clearance | Stuttgart, ...

ZTA Engineer/Architect - TS/SCI Clearance | Stuttgart, GermanyCambridge International Systems, Inc.Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, youll work alongside top talent worldwide, tackling some of todays most complex and critical challenges in defense and security.We are currently seeking a ZTA Engineer/Architect to support operations in Stuttgart. This is a full-time, OCONUS position requiring an active DoD TS/SCI, eligibility for NATO Indoctrination and TESA accreditation.TESA certification provides significant tax exemptions for U.S. employees stationed in Germany — along with other great benefits like housing, COLA, and dependent education reimbursements, etc.What Youll DoAs a ZTA Engineer/Architect, you will play a critical role in Zero Trust security architecture, that serve U.S. government missions overseas. You will:Zero Trust Architecture Design & ImplementationLead the creation and execution of a comprehensive Zero Trust security framework, ensuring that security is enforced across all users, devices, applications, and networks. Design the architecture to ensure least privilege access, micro-segmentation, and continuous monitoring for a zero-trust environment.Access Control StrategyDevelop and implement least privilege access strategies, ensuring minimal access rights to resources for all users. Collaborate to implement role-based access controls (RBAC) and Identity and Access Management (IAM) systems to enforce fine-grained access policies based on user roles, responsibilities, and the principles of Zero Trust.Authentication & AuthorizationDesign and enforce strong authentication and authorization protocols, including multi-factor authentication (MFA) and adaptive authentication mechanisms, to verify user identities and enforce secure access across the work Security & Micro-SegmentationImplement comprehensive micro-segmentation strategies to isolate sensitive data, systems, and applications, minimizing lateral movement and reducing the attack surface. Collaborate with network engineers to ensure proper network segmentation and secure configuration of network devices.Endpoint Security & Device Posture ManagementOversee the development and implementation of robust endpoint protection strategies, including device posture assessment and continuous monitoring. Ensure that all devices adhere to security policies before being granted network access.Application Security & Access ControlImplement application-level security policies that enforce secure application control and device authentication to prevent unauthorized access or execution. Collaborate with development and security teams to integrate Zero Trust principles into application lifecycle management.Continuous Monitoring & Threat DetectionImplement continuous monitoring solutions to detect and respond to potential security incidents in real-time. Establish mechanisms for anomaly detection, logging, and auditing to proactively identify and mitigate security cident Response & Security AuditingDevelop and maintain incident response plans tailored to Zero Trust environments. Conduct regular security assessments, vulnerability scans, and penetration testing to identify weaknesses and improve security measures. Review access logs and monitoring systems to detect any abnormal activities and mitigate risks.Collaboration & Cross-Functional LeadershipCollaborate with key stakeholders across IT, operations, compliance, and legal teams to integrate Zero Trust principles seamlessly into business operations. Provide guidance and mentorship to junior security engineers, fostering a culture of security-first thinking throughout the pliance & Regulatory AlignmentEnsure that the Zero Trust implementation aligns with industry best practices and complies with relevant regulations, such as GDPR, HIPAA, and PCI-DSS, as applicable. Provide regular security reports and updates to senior management and relevant stakeholders.What Youll BringRequired Qualifications:Education & Experience: BA/BS + 7 years of relevant experience, or AA/AS + 9 years recent specialized or Major technical cert + 11 years recent specialized or13 years of recent specialized experience Technical Expertise: Strong experience with identity and access management solutions, network security, and endpoint protection. Strong experience as a Zero Trust Architect or in a similar cybersecurity roleKnowledge in cybersecurity principles, protocols, and best practices.Experience with cybersecurity frameworks, compliance standards, and regulations. Strong problem-solving and analytical skillsCertifications:Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Zero Trust Architect (CZTA) are a plus. Must have a current and active DoD TS/SCI security clearance.Proficient with modern IT tools and infrastructure technologiesTravel & PassportMust have an active passport to support OCONUS travel and/or living requirements.Work EnvironmentCompliance with vaccination and medical requirements for TDY/OCONUS roles as per

Created: 2025-10-04