Cloud Security Engineer - Aws Govcloud / Multi-Cloud

ZermountArlington, VA
Hybrid

About The Position

We are looking for a highly talented, technical, hands-on Cloud Security Engineer to help accelerate our growing Professional Services business within the Government Sector. You will build and operate the secure cloud foundation and security automation that produces continuous control evidence across AWS - and Azure/GCP as the environment expands - enforcing guardrails as code and remediating drift in near real time for a federal continuous Authorization to Operate (cATO) program.

Requirements

  • High level of attention to detail, needs minimal guidance, effective verbal and written communication.
  • 8+ years delivering federal cloud infrastructure on AWS GovCloud, with hands-on Terraform/IaC across multiple environment tiers.
  • Multi-cloud breadth: architecture-level proficiency across AWS and at least one of Azure or GCP.
  • Cloud security automation: serverless/event-driven controls, identity-event integration, and drift remediation.
  • FedRAMP-aligned operations - credentialed scanning, WAF, and least-privilege access management.
  • Scripting in Python and Bash; CI/CD (Jenkins) and observability (Splunk/CloudWatch).
  • Ability to pass a minimum background investigation.

Nice To Haves

  • CSPM/CNAPP tooling (e.g., Prisma Cloud) and Okta/Entra ID integration a plus.
  • An active Secret Clearance is preferred.

Responsibilities

  • Build and maintain AWS GovCloud/Commercial IaC (Terraform, Ansible) across Production, Staging, Test, and Integration tiers.
  • Operate Security Hub, GuardDuty, and Config; run cloud security posture management (CSPM) across AWS plus Azure/GCP.
  • Architect event-driven alerting (identity event hooks to serverless functions and notifications), privileged-access monitoring, and drift auto-remediation.
  • Implement credentialed scanning, WAF/IP allowlisting, and least-privilege access; maintain a FedRAMP-aligned compliance posture.
  • Maintain CI/CD pipelines (Jenkins + Terraform + Ansible) and observability (Splunk, CloudWatch) for cloud control evidence.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service