Cloud Security Engineer (AWS/GovCloud)

About The Position

Requirements

• Ability to obtain a U.S. government Security Clearance
• Bachelor’s degree and 10 years of experience OR Master's degree and 8 years of experience
• Strong hands-on experience with Amazon Web Services (preferably GovCloud)
• Experience designing and implementing scalable cloud architectures (VPC, Lambda, API Gateway, RDS, S3)
• Proficiency in Infrastructure as Code (Terraform preferred)
• Experience integrating Salesforce with AWS services
• Understanding of data streaming and analytics (Kinesis, Athena, Power BI integration)
• Strong knowledge of cloud security architecture (IAM, least privilege, network segmentation)
• Experience implementing secure connectivity (PrivateLink, VPN, no public exposure patterns)
• Hands-on experience with encryption (TLS for transit, KMS for at-rest data)
• Familiarity with FedRAMP / NIST 800-53 / Zero Trust principles
• Experience supporting ATO documentation and security controls implementation
• Knowledge of logging, monitoring, and threat detection (CloudWatch, CloudTrail, GuardDuty)
• Exposure to DevSecOps practices (secure CI/CD, secrets management, policy enforcement)

Responsibilities

• Identify and implement the most secure cloud-based solutions for the customer including components for zero-trust architectures, identity and access management policy, and data privacy
• Understanding the needs of stakeholders and optimizing solutions that marry security with usability
• Monitor cloud environments for suspicious activities with cloud native monitoring or SIEM solutions and investigate security incidents where appropriate
• Examining infrastructure as code written by others and analyzing risk
• Ensuring that systems are safe and secure against cybersecurity threats through risk assessment, threat modeling, and compliance with industry standards (e.g. NIST, ISO 27011, HIPPA, FISMA, etc.)
• Identifying technical problems, performing root cause analysis, and developing updates and ‘fixes’
• Automate security processes such as vulnerability management and patch management
• Working with software developers and DevSecOps engineers to ensure that development follows established security processes and works as intended
• Support enterprise cloud security through infrastructure as code including any activities around automated server or network configurations, large-scale software deployments, and monitoring and testing
• Ensure effective design and implementation of data protection and encryption mechanisms for data at rest and in transit
• Document as-is state of the environment, perform a gap analysis, and produce artifacts that articulate options and recommendations
• Identify, analyze, and resolve infrastructure vulnerabilities and application deployment issues
• Act as an individual contributor and mentor more junior team members
• Engineer and implement solutions and provide recommendations for continuous improvement for the services provided
• Present regular status updates and provide cross training to other team members.

Benefits

• employee-owned company
• startup mindset
• time-tested approaches tailored for the federal government
• creating solutions that are impactful, practical, and scalable
• empowering our people to find creative solutions to intractable problems
• environment in which to grow and thrive is outside our comfort zone
• human-centered design
• additional Steampunk benefits