DOJ - Cloud Architect

About The Position

Requirements

• Active Public Trust clearance
• M.S. degree in Computer Science, Information Technology, or a related field.
• 10 years of experience in cloud and cloud security solutions in federal government systems.
• Networking Expertise: Strong knowledge of networking, with a focus on AWS native firewall, AWS Direct Connect, AWS Outposts network configuration, reverse proxy configurations, and related automation. This expertise will be valuable in assessing FedRAMP-specific responses against various controls.
• Continuous Monitoring (ConMon): Proven ability to design and implement continuous monitoring solutions for cloud systems and applications.
• AI-Enabled Compliance Automation: Capability to design AI-powered tools that can scan all cloud accounts and VPCs, collect FedRAMP-specific responses, store them in a centralized repository for ConMon, and analyze them to identify unmet requirements.
• Security Event Analysis: Strong experience in accessing, reviewing, and interpreting reports and alerts generated by SIEM tools such as Splunk.
• AWS Security Services: Proficient in reviewing and analyzing reports from AWS GuardDuty, Security Hub, and Amazon Inspector, including interpreting compliance and non-compliance metrics such as pie charts.
• Data Encryption: In-depth understanding of end-to-end data encryption in transit and at rest, including SSL/TLS implementation.
• Vulnerability Identification: Ability to identify potential vulnerabilities, particularly those related to data or configuration tampering.

Nice To Haves

• Prior Department of Justice (DOJ) and/or Bureau of Prisons (BOP) experience and domain knowledge preferred.

Responsibilities

• Serve as the cloud architecture subject matter expert supporting DOJ and BOP Rapid ATO activities.
• Design, evaluate, and validate secure cloud architectures supporting SaaS, PaaS, and IaaS environments.
• Ensure cloud architecture aligns with DOJ cybersecurity policies, NIST standards, FedRAMP requirements, and RMF processes.
• Provide technical guidance on cloud networking, segmentation, encryption, and access control strategies.
• Support integration of cloud environments into enterprise architectures and authorization boundaries.
• Support system preparation activities by defining cloud system architectures, hosting environments, and shared responsibility models.
• Identify and document cloud assets, services, and dependencies within authorization boundaries.
• Assist in identifying information types processed, stored, or transmitted within cloud environments, including PII.
• Support system security categorization by providing architectural input for confidentiality, integrity, and availability determinations.
• Assist with continuous cloud asset discovery using automated scanning tools to maintain accurate system boundaries.
• Support selection of cloud-specific security and privacy controls using DOJ Cybersecurity Standard 0904 and NIST SP 800-53.
• Map cloud services, components, and architectures to applicable NIST and FedRAMP control requirements.
• Support control tailoring decisions based on cloud service models, deployment patterns, and risk tolerance.
• Assist in defining control inheritance models from cloud service providers (CSPs) and shared responsibility matrices.
• Provide architectural input to the System Security and Privacy Plan (SSPP) and Requirements Traceability Matrix (RTM).
• Provide architectural guidance for implementation of security controls within cloud environments.
• Ensure secure design and implementation of: Network segmentation and firewalls (e.g., AWS native firewall services) Connectivity solutions (AWS Direct Connect, AWS Outposts) Reverse proxies and ingress/egress controls
• Support implementation of encryption in transit and at rest, including SSL/TLS and key management services.
• Assist with integration of DevSecOps pipelines and infrastructure-as-code to enforce and verify cloud security controls.
• Validate alignment between documented controls and “as-implemented” cloud configurations.
• Support security and privacy control assessments by providing architectural explanations and technical evidence.
• Assist in collection and analysis of cloud security evidence using: SIEM tools (e.g., Splunk) AWS GuardDuty, Security Hub, and Amazon Inspector
• Interpret compliance dashboards, alerts, and metrics to identify security gaps or misconfigurations.
• Support remediation planning for cloud-related findings and POA&M development.
• Support development of authorization packages by providing cloud architecture documentation and risk inputs.
• Assist in evaluating cloud-specific risks and residual risk impacts.
• Support AO briefings by explaining cloud architectures, inherited controls, and shared responsibility considerations.
• Provide technical input for risk response strategies related to cloud services and deployments.
• Design and support continuous monitoring architecture for cloud systems.
• Implement and maintain automated monitoring solutions to: Scan cloud accounts and VPCs Collect FedRAMP-specific control evidence Store artifacts in centralized repositories
• Support AI-enabled compliance automation to identify unmet FedRAMP and RMF requirements.
• Assist with ongoing assessments and security posture reporting for cloud systems.
• Support assessment of cloud service providers to ensure valid FedRAMP authorization (JAB or Agency-authorized).
• Review and validate FedRAMP security packages for SaaS, PaaS, and IaaS offerings.
• Assist in documenting control inheritance and CSP responsibilities.
• Support DOJ CIO approval processes for Agency-sponsored FedRAMP authorizations when required.
• Ensure all cloud architecture documentation complies with DOJ, NIST, FedRAMP, and FISMA requirements.
• Maintain accurate cloud architecture artifacts within JCAM.
• Collaborate with Lead and Senior ATO SMEs, Cloud Security Engineers, and system owners.
• Support audits, inspections, and government reviews by providing technical cloud architecture expertise