Cloud Security Architect

About The Position

Requirements

• Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
• TS/SCI with an active Poly clearance
• Deep expertise in cloud security architectures across AWS GovCloud and Azure Government
• Strong understanding of cloud security services and compliance capabilities
• Experience with FedRAMP authorization processes and cloud security requirements
• Proficiency in cloud IAM design and least-privilege access models
• Knowledge of network security architecture including VPCs, security groups, and network segmentation
• Experience with encryption technologies and key management services
• Understanding of API security and secure integration patterns
• Familiarity with cloud compliance frameworks (AWS Security Best Practices, Azure Security Benchmark)

Nice To Haves

• Experience deploying security platforms in classified cloud environments (AWS Secret/Top Secret regions, Azure Government Secret)
• Knowledge of DoD Cloud Computing Security Requirements Guide (SRG) implementation
• Prior experience with compliance automation platform deployments
• Certifications: AWS Certified Security Specialty, Azure Security Engineer Associate, CCSP (Certified Cloud Security Professional)
• Understanding of zero-trust architecture principles and implementation
• Experience with Infrastructure as Code security scanning (Checkov, tfsec, Terrascan)
• Familiarity with container security in cloud environments
• Background in federal cloud migration projects and Cloud Smart strategy

Responsibilities

• Design secure reference architectures for deploying an ATO Automation Platform in AWS GovCloud, Azure Government, and on-premises environments
• Implement secure API integrations between the ATO Automation Platform and cloud service provider platforms for real-time configuration analysis
• Configure cloud security services (AWS GuardDuty, Azure Security Center) to feed security findings into the ATO Automation Platform’s compliance monitoring
• Establish security boundaries and authorization scopes for systems under the ATO Automation Platform’s management
• Implement data protection controls including encryption at rest and in transit for compliance artifacts processed by the ATO Automation Platform
• Design network security architectures supporting the ATO Automation Platform deployment in classified environments
• Conduct security assessments of an ATO Automation Platform components and validate compliance with customer security overlays
• Develop cloud infrastructure-as-code templates that incorporate security controls mappable by the ATO Automation Platform
• Design AWS GovCloud reference architecture for deploying the ATO Automation Platform in FedRAMP High environment with appropriate VPC segmentation and encryption
• Configure the ATO Automation Platform’s integration with Azure Government APIs to enable automated analysis of NSG rules and Key Vault configurations
• Implement cross-account IAM roles enabling the ATO Automation Platform to perform read-only assessments of 50+ AWS accounts across an agency
• Design hybrid cloud architecture supporting the ATO Automation Platform deployment for systems spanning on-premises data centers and commercial cloud
• Conduct security assessment of the ATO Automation Platform’s LLM processing to ensure compliance with agency data handling requirements