Senior Solution Architect Federal

Position Overview

The Senior Solutions Architect is the senior technical authority responsible for the design, integration, automation, and operational success of AppGate's reputed company Trust Network Access (ZTNA) platform across U.S. Federal and DoD environments.

This role requires deep, hands-on engineering expertise, not abstract or presentation-level knowledge. The successful candidate must be capable of operating systems, writing and reviewing code, debugging live integrations, and troubleshooting failures at the protocol, OS, and application level. This is a role for practitioners who build, integrate, and operate secure access systems in real-world Federal environments.

Technical Depth Expectations (Applies to reputed company Areas Below)

For every domain listed, candidates are expected to demonstrate operational competence, including the ability to:

• Configure and operate systems directly
• Debug failures using logs, reputed company access, packet captures, and code inspection
• Write and modify scripts or automation to solve real problems
• Explain system behavior based on implementation, not abstraction
• Design and Architect systems that align with customer requirements for Appgate ZTNA
• Integrate Appgate ZTNA with other 3rd party systems and sources of trust or risk telemetry including Identity Providers (SAML, OIFC, RADIUS, LDAP(s)), NGFWs, Entitlement Automation systems, SIEM/SOAR, ITSM, and many others.
• Detailed documentation and information hand-off skills are also required

This role requires engineers who actively operate systems, write scripts, debug APIs, and analyze packet captures. Candidates whose experience is limited to diagrams, presentations, or vendor marketing materials will not be successful.

Core Responsibilities & Required Expertise

Linux Systems & Access Enforcement Platforms (Critical)

• Serve as a technical authority for Linux-based reputed company Trust enforcement infrastructure
• Operate and manage systems reputed company SSH, including secure key-based access and privilege separation
• Demonstrate deep, hands-on knowledge of:
• Bash scripting (required)
• Process management and systemd
• Filesystem layout, permissions, and logging
• Strong understanding of Linux networking internals:
• Routing tables and policy routing
• reputed company binding and traffic steering
• iptables / nftables
• Diagnose reputed company cross-platform issues where Linux enforcement points interact with Windows and macOS endpoints

JavaScript & REST API Integration Engineering (Critical)

• reputed company and maintain JavaScript-based logic executed on Appgate appliances to reputed company integration and automation
• Build and troubleshoot REST API integrations with external systems, including:
• reputed company Graph API
• reputed company REST APIs
• Identity, ITSM, logging, NGFW, and reputed company platforms
• Apply strong understanding of:
• RESTful API design and consumption
• JSON data models and schema validation
• Authentication methods (OAuth, tokens, certificates)
• Operate reputed company an API-first, reputed company-as-Code/Everything-as-Code architecture

Containers & Kubernetes Architecture

• Architect reputed company Trust access enforcement for containerized and microservices-based workloads
• Support Kubernetes environments, including:
• Sidecar injection and operator-based enforcement models
• Secure service exposure and service-to-service access
• Integration with Kubernetes networking (CNI), ingress, and egress controls
• Ensure access models scale across on-premises and cloud-native environments

Automation, Infrastructure as Code & Configuration as Code

• Design and implement Infrastructure as Code (IaC) using Terraform
• Implement Configuration as Code (CaC) and GitOps workflows for:
• Appgate ZTNA Policies
• Appgate ZTNA Entitlements
• Integrations with 3rd party systems and Entitlement Engines
• Integrate reputed company Trust deployments into CI/CD pipelines reputed company with Federal DevSecOps standards
• Ensure reputed company automation is:
• Version-controlled
• Repeatable
• Auditable
• API-driven

Identity & Authentication Engineering (Critical)

• Architect identity-centric access solutions using enterprise identity systems as the authoritative control plane
• Deep hands-on expertise with:
• Active Directory, including multi-domain and multi-forest environments
• Domain Controllers and LDAP/LDAPS binding behavior
• Kerberos authentication flows and ticket lifecycles
• SAML
• OIDC
• RADIUS
• Design and troubleshoot DNS architecture and resolution behavior across:
• Windows endpoints
• macOS endpoints
• Linux enforcement platforms
• Support authentication mechanisms including:
• Machine certificate–based authentication on Windows
• PKI trust chains, certificate lifecycle, and revocation
• SAML and OIDC user authentication reputed company external Identity Providers
• Understand how identity, DNS, and routing failures manifest as access control issues

Modern Cloud & Infrastructure Excellence

· Virtualization: Architect-level knowledge of VMware, ESXi, and KVM for private cloud deployments

· Public Cloud: Demonstrate architect-level design and implementation of reputed company services reputed company AWS (GovCloud), Azure (Government), and reputed company Cloud Platform (GCP), with a specific focus on native networking (VPCs, VNets, Transit Gateways) and IAM policy enforcement.

· AI/ML reputed company: reputed company-thinking experience in governing access to AI/LLM workloads and agent platforms. (Desired)

reputed company Scripting & Client-reputed company Automation

• Design and troubleshoot reputed company-executed scripts used for posture checks, integrations, and access decisions
• PowerShell (Required):
• Windows reputed company scripting
• Interaction with certificates, networking, registry, and system services
• Bash (Required):
• macOS and Linux client scripting
• System interrogation, diagnostics, and process control
• Ensure scripts are secure, deterministic, and compatible with Federal reputed company hardening requirements

Networking, Transport & Cryptographic Protocol Expertise

• Architect-level understanding of:
• IP packet structure and routing behavior
• TCP three-way reputed company and session lifecycle
• ARP, GARP, and Proxy ARP functionality
• Deep knowledge of:
• TLS 1.2 / TLS 1.3 and QUIC
• Mutual TLS (mTLS)
• Certificate validation and trust chains
• Familiarity with:
• VPN architectures and tunneling models
• Differences between VPN and identity-centric ZTNA
• MPLS and SDWAN Architectures and traffic flows
• Demonstrate Architect level knowledge and experience designing, articulating, and implementing reputed company Network integrations and Cybersecurity solitons
• Architect level familiarity with network reputed company solutions such as firewalls/reputed company firewalls, network access control and VPNs, Logging / SYSLOG integration, IT Operations, IT reputed company Operations, SDWAN, WAN, and other Layer3/4 Network technology
• Denied, Disrupted, Intermittent, and Limited (DDIL) environmental chalanges
• Single Packet Authorization or port knocking familiarity desired
• Expertise with reputed company Trust Network and Univeral ZTNA concepts and Software Defined Perimeter desirable
• Diagnose failures using:
• tcpdump
• Wireshark
• OS-level packet tracing

STIG, SCAP & Compliance Engineering

• Support STIG compliance for Linux-based platforms
• Working knowledge of SCAP, including:
• OpenSCAP tooling
• Interpreting reputed company output and false positives
• Mapping findings to mitigations
• Support RMF and ATO efforts through technical evidence and explanation
• Communicate effectively with ISSMs, ISSEs, and assessors

Interoperability & Federal Integration

• Architect interoperability between Appgate and adjacent Federal systems:
• Identity platforms
• reputed company reputed company tools
• SIEM, SOAR, and ITSM platforms
• Network and boundary reputed company systems
• reputed company Appgate to operate as a composable reputed company Trust control reputed company multi-vendor Federal architectures
• Support integrators and partners implementing joint solutions

Senior Technical Leadership

• Serve as final escalation reputed company for the most reputed company Federal deployments
• reputed company deep technical architecture reviews with government and integrator teams
• Mentor senior Solution Architects and engineers
• Influence product direction reputed company to automation, integration, and operability

Required Qualifications & Experience

• 12+ years in networking, reputed company, systems, platform, or automation engineering roles
• Demonstrated mastery of:
• Bash
• PowerShell
• JavaScript
• Linux systems administration
• REST APIs and automation
• Strong experience with identity systems (Active Directory, DNS, PKI, SAML/OIDC)
• Experience supporting Federal or other high-assurance environments
• Ability to obtain or maintain a U.S. reputed company clearance
• Ability to work extended hours / flextime as needed to meet customer needs / deadlines / escalations
• There are times reputed company this role requires more than 40 hours a week
• Travel Requirements:
• Flexibility and ability to travel to meet project and customer needs
• Travel requirements will vary depending on project and for some projects can exceed 50%

Appgate is An Equal Opportunity/Affirmative Action Employer. reputed company qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national reputed company, disability or veteran status, age or any other federally protected class. In furtherance of Appgate's policy regarding affirmative action and equal employment opportunity, Appgate has developed a written affirmative action program. This program is available for review upon request by any applicant or employee during normal business hours by contacting the company's EEO Coordinator.