[Contingent] Cloud Security Engineer

About The Position

Requirements

• Deploy and secure complex cloud architectures hands-on.
• Understand IaC, IAM, encryption, and network security at a deep technical level.
• Integrated security tooling into CI/CD pipelines.
• Review infrastructure-as-code with a security lens.
• Handled cloud security incidents: triage, contain, eradicate, and document them.
• Build playbooks that make future responses faster.
• Hands-on experience with SIEM platforms, vulnerability scanning tools, and enterprise security tools.
• Understand FedRAMP, FISMA, and NIST SP 800-53 compliance requirements as they apply to cloud deployments and can translate them into concrete technical controls.
• Explain cloud security risks and findings clearly to security officers, system owners, and non-technical stakeholders.
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field
• 5+ years of hands-on experience in cloud-native security; demonstrated experience with IaC, DevSecOps CI/CD pipelines, application security, and cloud incident response in a federal or regulated environment
• Minimum one (1) of the following certifications: CISA (ISACA), CRISC (ISACA), CISM (ISACA), CGEIT (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)
• Public Trust / Suitability clearance required
• Must be a U.S. Citizen.

Nice To Haves

• AWS Certified Security - Specialty or equivalent cloud security certification
• Experience with Azure security services in addition to AWS
• Experience with container security (Docker, Kubernetes) in federal cloud environments
• FedRAMP authorization support experience (control implementation and evidence gathering)
• Scripting proficiency: Python, Bash, or PowerShell for security automation
• Hands-on experience with tools such as Splunk, Nessus/Tenable Security Center, Palo Alto Prisma, and enterprise firewall platforms

Responsibilities

• Design and implement cloud-native security architectures: network segmentation, identity and access management (IAM), encryption (in-transit and at-rest), infrastructure-as-code (IaC) security, API security, serverless function security, and egress controls.
• Build and maintain DevSecOps CI/CD pipelines with integrated security controls including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
• Support cloud security Incident Response activities: analyze security events, recommend forensic approaches, implement recovery procedures, develop and maintain IR playbooks, and facilitate post-incident reviews documenting root causes.
• Execute vulnerability scans and assessments across cloud infrastructure; correlate findings with SIEM data; develop remediation plans; track and close findings in POA&Ms.
• Implement and maintain cloud security governance policies and procedures aligned with FedRAMP, NIST SP 800-53, CIS Benchmarks, and applicable federal cybersecurity standards.
• Support cloud ATO activities: implement and document security controls, produce control implementation evidence, and support security control assessments.
• Perform risk assessments of cloud security configurations, audits, and procedures; drive security incidents and vulnerabilities to resolution.
• Assist engineering teams in implementing cloud data privacy and protection practices including encryption key management, authentication, domain segmentation, and data protection.
• Develop and maintain cloud security documentation including architecture diagrams, standard operating procedures (SOPs), and compliance artifacts.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance