ZTA Engineer/Architect – TS/SCI Clearance | Stuttgart, Germany

ZTA Engineer/Architect – TS/SCI Clearance | Stuttgart, Germany

Cambridge International Systems, Inc.

Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security.

We are currently seeking a ZTA Engineer/Architect to support operations in Stuttgart. This is a full-time, OCONUS position requiring an active DoD TS/SCI, eligibility for NATO Indoctrination and TESA accreditation.

TESA certification provides significant tax exemptions for U.S. employees stationed in Germany — along with other great benefits like housing, COLA, and dependent education reimbursements, etc.

As a ZTA Engineer/Architect, you will play a critical role in Zero Trust security architecture that serves U.S. government missions overseas. You will:

• Zero Trust Architecture Design & Implementation
• Lead the creation and execution of a comprehensive Zero Trust security framework, ensuring that security is enforced across all users, devices, applications, and networks. Design the architecture to ensure least privilege access, micro-segmentation, and continuous monitoring for a zero-trust environment.
• Access Control Strategy
• Develop and implement least privilege access strategies, ensuring minimal access rights to resources for all users. Collaborate to implement role-based access controls (RBAC) and Identity and Access Management (IAM) systems to enforce fine-grained access policies based on user roles, responsibilities, and the principles of Zero Trust.
• Authentication & Authorization
• Design and enforce strong authentication and authorization protocols, including multi-factor authentication (MFA) and adaptive authentication mechanisms, to verify user identities and enforce secure access across the network.
• Network Security & Micro-Segmentation
• Implement comprehensive micro-segmentation strategies to isolate sensitive data, systems, and applications, minimizing lateral movement and reducing the attack surface. Collaborate with network engineers to ensure proper network segmentation and secure configuration of network devices.
• Endpoint Security & Device Posture Management
• Oversee the development and implementation of robust endpoint protection strategies, including device posture assessment and continuous monitoring. Ensure that all devices adhere to security policies before being granted network access.
• Application Security & Access Control
• Implement application-level security policies that enforce secure application control and device authentication to prevent unauthorized access or execution. Collaborate with development and security teams to integrate Zero Trust principles into application lifecycle management.
• Continuous Monitoring & Threat Detection
• Implement continuous monitoring solutions to detect and respond to potential security incidents in real-time. Establish mechanisms for anomaly detection, logging, and auditing to proactively identify and mitigate security threats.
• Incident Response & Security Auditing
• Develop and maintain incident response plans tailored to Zero Trust environments. Conduct regular security assessments, vulnerability scans, and penetration testing to identify weaknesses and improve security measures. Review access logs and monitoring systems to detect any abnormal activities and mitigate risks.
• Collaboration & Cross-Functional Leadership
• Collaborate with key stakeholders across IT, operations, compliance, and legal teams to integrate Zero Trust principles seamlessly into business operations. Provide guidance and mentorship to junior security engineers, fostering a culture of security-first thinking throughout the organization.
• Compliance & Regulatory Alignment
• Ensure that the Zero Trust implementation aligns with industry best practices and complies with relevant regulations, such as GDPR, HIPAA, and PCI-DSS, as applicable. Provide regular security reports and updates to senior management and relevant stakeholders.

• Education & Experience:
• BA/BS + 7 years of relevant experience, or
• AA/AS + 9 years recent specialized or
• Major technical cert + 11 years recent specialized or
• 13 years of recent specialized experience

• Technical Expertise:
• Strong experience with identity and access management solutions, network security, and endpoint protection.
• Strong experience as a Zero Trust Architect or in a similar cybersecurity role
• Knowledge in cybersecurity principles, protocols, and best practices.
• Experience with cybersecurity frameworks, compliance standards, and regulations.
• Strong problem-solving and analytical skills

• Certifications:
• Relevant certifications such as CISSP or CZTA are a plus.

• Must have a current and active DoD TS/SCI security clearance.
• Proficient with modern IT tools and infrastructure technologies

• Must have an active passport to support OCONUS travel and/or living requirements.

• Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil.

• Office setting:
• Primarily an office-based role in Germany
• Standard desk/computer work with flexibility for walking and movement on site
• Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday.
• Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc.
• May be required to travel short distances to offices/conference rooms and buildings on site.

• Employment is contingent upon successful background investigation
• Drug screening may be required for federal contract compliance

• Medical, dental, vision, life, accident, and critical illness insurance
• 401(k) immediate vesting and match
• Paid time off and company holidays
• Generous tuition & training support
• Relocation assistance
• Sign-on and performance-based bonuses
• Employee referral program
• Access to Tickets at Work, EAP, wellness initiatives, and more

If you\'re driven by mission, technology, and teamwork—we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Referrals are welcome—both employees and non-employees may qualify for a bonus.

Apply today and help shape the future of secure cloud computing for national security.

At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at www.cbridgeinc.com.

When you join the Cambridge team, you are part of a skilled and talented global community that is united by a set of core values: commitment, integrity, and perseverance. Join our team and help us confront today’s most threatening and complex obstacles!