Cloud Security Architect - Federal / DoD Programs - Remote

About The Position

Requirements

• One or more active certifications such as CISSP, CCSP, CISM, Azure Security Engineer, or AWS Security, meeting DoD 8570/8140 expectations
• 7+ years of experience in cloud security architecture within regulated environments
• 5+ years of experience supporting FedRAMP-authorized systems, federal ATOs, or DoD authorization efforts
• 5+ years of experience designing secure solutions across Azure, AWS, and hybrid cloud environments
• Experience leading or advising on the secure modernization of legacy on-prem systems into cloud and hybrid environments
• Experience with application rationalization, cloud readiness assessments, dependency mapping, migration planning, and transition architecture
• Experience with modernization strategies including rehost, replatform, refactor, replace, retain, and retire
• Experience partnering across engineering, infrastructure, IAM, networking, application, data, compliance, and operations teams to drive secure architectural outcomes
• Solid knowledge of DoD IL4/IL5, FedRAMP Moderate/High, NIST RMF, DoD RMF (DoDI 8510.01), NIST SP 800-53 Rev. 5, and Zero Trust principles
• Demonstrated ability to balance security, compliance, mission delivery, and technical feasibility in complex environments
• Solid written and verbal communication skills, including experience presenting to technical leaders, program stakeholders, and customer/government audiences
• Ability to obtain and maintain a favorable federal suitability determination and/or security clearance
• If you are offered this position, you will be required to provide extensive personal information to obtain and maintain a suitability or determination of eligibility for a Confidential/Secret or Top Secret security clearance as a condition of your employment
• United States Citizenship

Nice To Haves

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience
• 5+ years of experience supporting DoD or civilian federal agencies
• 2+ years of experience supporting healthcare or life sciences environments
• Experience modernizing monolithic, COTS, or highly integrated legacy enterprise applications in regulated environments
• Experience with legacy platforms such as VMware, Windows/Linux server estates, enterprise databases, middleware, and on-prem identity services during cloud transformation
• Experience designing or governing AI/ML security architectures in regulated environments
• Experience participating in architecture review boards, technical governance forums, or enterprise architecture functions
• Additional certifications such as CISSP-ISSEP, CySA+, GSLC, GCSA, FITSP-A, or equivalent

Responsibilities

• Define and maintain security reference architectures, design patterns, and technical guardrails for cloud and hybrid environments supporting federal and DoD healthcare workloads
• Partner with cloud engineering, infrastructure, IAM, networking, application, data, compliance, and operations teams to embed security requirements into solution designs and modernization initiatives
• Serve as the security architecture lead for new capabilities, major enhancements, and platform changes by conducting architecture reviews and providing risk-based design guidance
• Translate regulatory, mission, and business requirements into practical security architectures that enable delivery while maintaining compliance
• Collaborate with enterprise architecture, program leadership, and customer stakeholders to align security strategy with platform roadmaps and system lifecycle planning
• Lead the design of secure cloud and hybrid architectures aligned with DoD IL4/IL5, FedRAMP Moderate/High, NIST SP 800-53 Rev. 5, and DoD RMF (DoDI 8510.01) requirements
• Establish architectural standards for network segmentation, encryption, key management, logging, resiliency, boundary protection, and secure service integration across Azure, AWS, and hybrid environments
• Define hardening and configuration expectations using DISA STIGs, DoD SRGs, and CIS Benchmarks, in collaboration with platform and operations teams responsible for implementation and sustainment
• Guide secure architecture decisions for systems handling PHI, PII, and CUI
• Define secure target-state architectures and transition roadmaps for migrating legacy on-prem applications, infrastructure, and data platforms to Azure, AWS, and hybrid environments
• Lead or advise on cloud readiness assessments, application rationalization, dependency mapping, and migration wave planning to determine appropriate modernization strategies such as rehost, replatform, refactor, replace, retain, or retire
• Partner with application, infrastructure, IAM, network, and data teams to design secure migration patterns for legacy workloads, hybrid connectivity, identity federation, segmentation, data migration, resiliency, and observability
• Establish security and compliance guardrails for interim hybrid states, including compensating controls for systems that cannot be fully modernized immediately
• Guide modernization approaches such as containerization, API enablement, service decomposition, managed service adoption, and legacy platform decommissioning
• Evaluate modernization impacts on authorization boundaries, control inheritance, shared services, and continuous monitoring to support ATO and compliance objectives
• Advise teams on reducing legacy technical debt while preserving mission continuity, operational stability, and regulatory compliance
• Lead adoption of security architectures aligned with the DoD Zero Trust Reference Architecture and OMB M-22-09, driving maturity across identity, device, network, workload, application, and data pillars
• Partner with IAM and platform teams to define authentication, authorization, federation, privileged access, and service-to-service trust models aligned with NIST SP 800-63
• Develop architecture patterns that support continuous verification, least privilege, micro-segmentation, and conditional access, while balancing security, usability, and mission needs
• Define architectural requirements and secure design patterns for DevSecOps pipelines, including Infrastructure as Code (IaC), policy as code, SAST/DAST, software composition analysis, container security, secrets management, and software supply chain controls
• Partner with engineering and platform teams to ensure security controls are integrated by design and validated through automation and continuous compliance mechanisms
• Advise on the selection, integration, and architectural use of security tooling supporting vulnerability management, CSPM, DLP/DRM, configuration compliance, and monitoring, in collaboration with teams responsible for day-to-day operations.
• Define security architecture and governance guardrails for the adoption of AI/ML and generative AI capabilities within regulated cloud environments
• Partner with engineering, data, privacy, and compliance teams to design secure patterns for data ingestion, model hosting, inference APIs, retrieval integrations, and mission system connectivity
• Evaluate and mitigate AI-specific risks including model poisoning, prompt injection, data leakage, hallucinations, model abuse, and third-party/model supply chain risk
• Ensure AI-enabled solutions appropriately protect PHI, PII, and CUI and align with NIST SP 800-53 Rev. 5, NIST SP 800-171, and healthcare-specific compliance requirements
• Incorporate AI security considerations into Security Impact Analyses (SIAs), Significant Change Requests (SCRs), and ATO documentation when AI capabilities materially affect system risk posture
• Define logging, monitoring, and explainability expectations for AI components to support auditability, incident response, and continuous monitoring
• Advise leadership and engineering teams on compliant and responsible use of generative AI, ensuring sensitive data is not exposed to non-authorized or non-FedRAMP AI services where prohibited
• Apply emerging principles such as NIST AI Risk Management Framework (AI RMF 1.0) to support secure, responsible, and defensible AI adoption
• Provide architecture leadership in support of ATO lifecycles, including control strategy, system boundary design, inheritance models, implementation approaches, and continuous monitoring alignment
• Partner with ISSOs, compliance teams, system owners, PMOs, customer stakeholders, and assessors to develop defensible architectures that support FedRAMP and customer authorization objectives
• Support Change Control Boards (CCB), architecture reviews, SIAs, and SCRs to ensure system changes are evaluated for security and compliance impact
• Advise teams on evolving federal requirements, including FedRAMP Rev. 5, NIST SP 800-53 Rev. 5, FIPS 140-3, EO 14028, and software supply chain security expectations
• Support FedRAMP package strategy and marketplace readiness activities in partnership with compliance, PMO, and agency stakeholders
• Provide architectural guidance during security incidents, post-incident reviews, and root cause analyses to improve resilience and reduce future risk
• Identify systemic security gaps and recommend roadmap improvements across platforms, applications, and shared services
• Develop and maintain architecture artifacts, standards, decision records, and technical security documentation
• Mentor teams on cloud security, Zero Trust, modernization, and AI security best practices

Benefits

• a comprehensive benefits package
• incentive and recognition programs
• equity stock purchase and 401k contribution