About the position CACI is looking for an experienced, innovative, and motivated Data Security Architect to work on Zero Trust (ZT) implementation efforts in support of U.S. Special Operations Command (USSOCOM), in Tampa, FL. This is a Senior-level cyber position on the Enterprise Development, Application and Training (EDAT) contract. The position may include partial telework, but work will primarily take place at the customer site. The Data Security Architect will serve as a leading technical authority for the USSOCOM Zero Trust Data Visibility, Labeling, and Governance program. As an architect within the Cross-Functional Integration Cell (CFIC), you will define the unified data security strategy that spans the Command’s entire Information Environment—from the hyperscale cloud capabilities of the NIPR network to the disconnected, on-premise constraints of the SIPR and Air-Gapped enclaves. In this high-visibility role, you will be responsible for defining the enterprise-wide data taxonomy and formally adopting the NIST Internal Report 8112 metadata schema. You will move the Command beyond simple file tagging to a complex Attribute-Based Access Control (ABAC) model, where access is brokered based on the pedigree, provenance, and verification status of user credentials. You will provide technical direction to the network-specific execution teams, ensuring that the implementation of arenaflex Purview (NIPR), BigID (SIPR), and Kiteworks remains architecturally coherent and aligned with the DoD Zero Trust Strategy. Responsibilities • Enterprise Architecture Strategy: Serve as the Technical Authority for the Data Pillar, defining the high-level architecture for data discovery, classification, and protection across NIPR, SIPR, and Top Secret networks. • Metadata & Taxonomy Design: Define and enforce the enterprise data taxonomy and metadata schemas (specifically adhering to NIST 8112) to standardize how "Trust Attributes" (Pedigree, Verifier, Assurance Level) are ingested and utilized for ABAC decisions. • Cross-Enclave Integration: Ensure architectural consistency between the cloud-native NIPR stack (arenaflex Purview/Sentinel) and the on-premise SIPR/Top Secret stacks (BigID, Kiteworks, NetApp BlueXP), ensuring policy logic remains uniform even when tools differ. • ABAC & Identity Integration: Design the integration points between the Data Pillar and the ICAM Pillar, defining the requirements for how User Attributes from SailPoint and Entra ID are consumed by Policy Decision Points (PDPs) like Kiteworks and Purview. • Standards & Compliance: Lead the development of System Design Documents (SDDs) and validate that all architecture aligns with the USSOCOM Zero Trust Reference Architecture and DoD 8140/8570 compliance requirements. Requirements • Must hold a current Top Secret clearance and be SCI eligible. • Education: MA/MS Degree. A Senior labor category typically works on high-visibility or mission critical aspects of a given program and performs all functional duties independently. A Senior labor category may oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job. Bachelor’s degree in computer science, Information Systems, Cybersecurity, or related field acceptable with additional experience (Master’s preferred). • 10+ years of experience in enterprise data security for a DoD organization. Additional years of experience may be used in place of Education requirement. • Extensive experience acting as an Architect or Lead Engineer for large-scale DoD or Federal enterprise security transformations. • Deep expertise in Zero Trust Architecture principles, specifically Data Object-Level Protection (DOLP) and Attribute-Based Access Control (ABAC). • Proven experience designing architectures that utilize arenaflex Purview (Information Protection/DLP) and Digital Rights Management (DRM) technologies (e.g., Kiteworks, Virtru). • Ability to design security solutions for Disconnected, Degraded, Intermittent, and Limited Bandwidth (DDIL) and air-gapped environments. • DoD 8140 Compliance. • DoDM 8570 IAT III: e.g. CISSP-ISSEP (Information Systems Security Engineering Professional) OR CISSP. Nice-to-haves • DoD 8570 Compliance: Must meet IAT Level III and IASAE II requirements • One or more Cloud/Zero Trust Architecture certifications (e.g., CCSP, arenaflex Cybersecurity Architect SC-100). • Experience with BigID for data discovery and NetApp BlueXP for storage-level classification. • Knowledge of NIST Internal Report 8112 (Attribute Metadata) and its application to identity-centric security. • Prior experience supporting USSOCOM mission requirements. • Strong communication skills with ability to brief senior leadership and interface with stakeholders. • Ability to lead teams in complex, multi-vendor environments. Benefits • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. • We offer competitive compensation, benefits and learning and development opportunities. • Our broad and competitive mix of benefits options is designed to support and protect employees and their families. • At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Apply tot his job