Cloud Security Engineer

About The Position

Requirements

• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 3–10 years of experience in cloud security engineering, cybersecurity operations, or a closely related discipline within federal, DoW, or enterprise cloud environments.
• Demonstrated hands-on experience with cloud-native security and monitoring tools including AWS CloudWatch, GuardDuty, and either Splunk or Elastic SIEM platforms, with applied experience in vulnerability scanning, patch management, and incident response operations across classified or government cloud environments.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Responsibilities

• Conducts patch management operations across War Data Platform (WDP) Core Integration cloud enclaves by operating vulnerability scanning workflows, identifying required updates, tracking patch applicability, and automating deployment actions aligned with Department of War patching directives supporting Joint Staff elements and mission-owner communities.
• Validates patch implementation in controlled environments by executing test sequences, reviewing system behavior, and confirming compliance with configuration baselines across virtual machines, containerized services, Infrastructure as Code modules, and platform services.
• Operates cloud logging and monitoring mechanisms using CloudWatch, GuardDuty, Splunk, Elastic clusters, and integrated SIEM pipelines to detect configuration drift, unauthorized change activity, and misconfigurations affecting War Data Platform (WDP) Core Integration readiness.
• Supports deployment and evaluation of incident response procedures by executing data collection steps, performing event correlation, documenting operational impact, and generating incident response metrics such as mean time to detect, mean time to respond, containment intervals, and recovery validation results.
• Contributes to incident triage by analyzing indicators of compromise, correlating system logs, validating remediation actions, and preparing status reporting for senior operational leaders.
• Participates in lessons learned reviews by identifying root causes, proposing corrective actions, and incorporating process improvements into standardized runbooks, intelligence feeds, and automated control mechanisms.
• Strengthens defensive posture across NIPRNet, SIPRNet, and JWICS environments by maintaining operational continuity, supporting cyber readiness objectives, and contributing to mission-aligned cloud security modernization efforts.
• Performs other duties as assigned.