Cloud Architect (Azure, AWS) with TS/SCI

About The Position

Requirements

• BS degree and 12+ years of prior relevant experience or a Masters degree with 10+ years of prior relevant experience, additional years of experience may be considered in lieu of a degree.
• 7+ years of experience designing and implementing secure Azure-based solutions in enterprise or government environments.
• Active AWS Certified Solutions Architect – Professional and/or Microsoft Certified: Azure Solutions Architect Expert certification.
• Proven expertise with IAM, federated identity, and multi-cloud access management.
• Demonstrated experience integrating Microsoft Entra ID (Azure AD), AWS Identity Center, and on-premises Active Directory.
• Strong understanding of federated identity, SAML/OIDC protocols, and cross-cloud authentication mechanisms.
• Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, and Bicep.
• Familiarity with DoD cybersecurity frameworks including DISA STIGs, CMMC, and Zero Trust Architecture guidance.
• Strong communication skills and ability to collaborate effectively with government stakeholders, security teams, and engineering personnel.
• Familiarity with Azure Government (DoD), FedRAMP, and DISA STIG compliance frameworks.
• Hands-on experience with Terraform, Bicep, Azure CLI, and CI/CD automation.
• Active DoD Top Secret clearance with SCI.
• DoD 8570 IAT Level II certification.

Responsibilities

• Architect, design, and implement multi-cloud (Azure, AWS, hybrid) solutions that meet DoD mission objectives and cybersecurity requirements.
• Lead the configuration, integration, and optimization of Microsoft Entra ID (Azure AD) and AWS Identity Center (formerly AWS SSO) for federated identity and centralized access control.
• Develop and enforce IAM governance, Zero Trust Architecture (ZTA) principles, and role-based access controls (RBAC) across cloud and on-premises systems.
• Design and implement cross-cloud identity federation and SSO solutions using SAML 2.0, OIDC, and SCIM protocols.
• Integrate Azure Policy, AWS Service Control Policies (SCPs), and Terraform/Bicep automation for compliance enforcement and least-privilege security.
• Collaborate with cybersecurity and compliance teams to align architectures with DISA STIGs, DoD Cloud Computing SRG (IL4/IL5), NIST 800-53, and FedRAMP High baselines.
• Provide architectural leadership for hybrid cloud connectivity, data protection, and cross-domain security.
• Stay current on Azure and multi-cloud capabilities relevant to DoD, federal, and intelligence mission systems.