Cyber Security Architect - SOCEUR

CACI International
$105,100 - $231,100Hybrid

About The Position

As a CACI Cyber Security Architect, you will be the technical leader responsible for the vision, design, and continuous improvement of security boundaries across the enterprise's Google Cloud environment. This role sits inside the Special Operations Command Europe (SOCEUR) Hybrid Threat Action Platform (HTAP) program team and is responsible for championing secure-by-default blueprints, establishing zero-trust identity perimeters, and ensuring compliance with the most stringent federal security baselines. The individual will act as the senior technical advisor for all cloud security matters, translating high-level regulatory mandates into automated, secure-by-design Infrastructure as Code (IaC) for Allied, partner, and US operations.

Requirements

  • Must be a US Citizen possessing an active TS/SCI security clearance.
  • Bachelor's degree in Computer Science, Cyber Security, or a related STEM field (or equivalent practical experience).
  • CISSP certification (or equivalent, to meet DoD 8570/8140 IAM/IASAE Level III requirements).
  • 8+ years of technical experience in roles such as Cybersecurity Architect, Infrastructure Engineer, or a similar senior technical position.
  • 5+ years of dedicated experience designing, migrating, and securing workloads on Google Cloud Platform (GCP), including deep expertise in networking, IAM, and security services.
  • Proven expertise in writing and securing Terraform deployments and automating security workflows in CI/CD pipelines.
  • Demonstrated experience architecting solutions to meet strict compliance frameworks (e.g., NIST SP 800-53, FedRAMP, DoD SRG) and supporting the Risk Management Framework (RMF) process to achieve an Authority to Operate (ATO).
  • Google Cloud Professional Cloud Security Engineer certification.
  • Google Cloud Professional Cloud Architect certification.

Nice To Haves

  • Hands-on experience securing Kubernetes clusters (GKE) and utilizing service mesh technologies.
  • Deep familiarity with GCP-native threat defense tools like Security Command Center (SCC) Premium.

Responsibilities

  • Security Architecture: Design and maintain scalable, secure-by-default architectural blueprints for GCP landing zones, IAM hierarchies, and hybrid networking, in accordance with the DoD Cloud Computing Security Requirements Guide (SRG).
  • Compliance as Code: Lead the translation of complex regulatory requirements (NIST SP 800-53, FedRAMP, CMMC) into technical controls, authoring and enforcing security policies within IaC (Terraform) templates.
  • Identity and Access Architecture: Develop and govern the enterprise IAM strategy, leveraging Workload Identity, Just-In-Time (JIT) access, context-aware controls, and MFA/CAC/PIV integration.
  • Data Protection & Encryption: Define the strategic vision for data protection, designing key management strategies across Cloud KMS/HSM/EKM and architecting data encryption protocols to secure data at-rest and in-transit.
  • Network Security Design: Oversee the architectural design of network security controls, including VPC Service Controls, Cloud Armor policies, and firewalls, to mitigate data exfiltration risks.
  • Technical Leadership: Act as the primary technical advisor and final point of escalation for cloud security risks, threat models, and architectural design decisions. Mentor engineers and developers on secure cloud practices.
  • Security Automation: Architect secure, automated telemetry and audit logging pipelines that route seamlessly into SIEM systems (e.g., Google Security Operations/Chronicle).

Benefits

  • flexible time off benefit
  • robust learning resources
  • comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service