AWS Cloud Compliance Engineer, Lead

Booz Allen Hamilton•Arlington, VA

11d

About The Position

We are seeking a Cloud Compliance Engineer with a strong technical background to ensure that our cloud-based systems meet stringent SOC 1 SSAE 18 audit control objectives and compliance requirements. In this role, you will act as the single technical point of contact for implementing and validating security controls in an AWS environment, integrating commercial off-the-shelf (COTS) tools, such as Splunk, with cloud services and verifying that all technical controls operate effectively to support a successful SOC 1 audit. This is a hands-on engineering role focused on control implementation and assurance. You will work closely with security, DevOps, and compliance teams to maintain an audit-ready posture through continuous monitoring, centralized logging, and robust cloud configuration management. This role is crucial in bridging the gap between DevOps and governance, ensuring that our technical cloud implementations meet audit and compliance standards while supporting our mission-critical operations. You will have the opportunity to shape how our organization implements cloud security controls and to work on cutting-edge AWS technologies in a regulated, impactful environment. Success in this position means our systems remain secure, reliable, and audit-ready, instilling confidence in our stakeholders and auditors alike. Join us. The world can't wait.

Requirements

8+ years of experience in cloud engineering or security engineering
3+ years of experience with AWS security and compliance engineering
Experience supporting audits, IT general controls, compliance frameworks, or assessments, such as SOC 1, SOC 2, NIST 800-53, or ISO 27001, in a technical capacity and evaluating how system-level controls impact financial reporting and align with SOC 1 control objectives
Experience with Git, Infrastructure-as-Code tools, such as Terraform, integrating security checks into CI/CD pipelines, and using Policy-as-Code frameworks or scripts to enforce compliance
Experience with log management and SIEM tools, such as Splunk, setting up log ingestion from AWS services, and creating queries or dashboards for monitoring
Experience scripting or programming using Python, PowerShell, or Bash to automate routine tasks, audits, or report generation
Experience implementing and managing cloud security controls in a production environment
Knowledge of AWS services and architecture, including identity and access management (IAM), networking, including VPC or security groups, logging or monitoring, including CloudTrail or CloudWatch, and data protection, including KMS, encryption, or backups
Secret clearance
Bachelor's degree

Nice To Haves

Experience with security or compliance standards and frameworks, such as FedRAMP, DoD STIGs, ISO 27001, or CIS Benchmarks
Experience tailoring or implementing controls in alignment with frameworks in a cloud environment
Experience working with or for U.S. Department of Defense or other federal agencies
Experience with COTS or open-source security tools used in cloud environments, such as vulnerability scanners, configuration compliance scanners, or SIEM connectors
Experience with continuous compliance tools or cloud security posture management (CSPM) solutions
Experience with Terraform Sentinel, OPA, Rego, or AWS Config Rules
Experience with Docker or Kubernetes
Knowledge of government security requirements and procedures, such as obtaining Authority to Operate or security clearance processes
AWS Certified Solutions Architect or Security Specialty, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) Certification