Sr. Cloud Engineer

HyertekColumbia, MD
Onsite

About The Position

HyerTek is a federal technology consulting firm delivering secure enterprise applications, data analytics, and modernization services to federal government agencies. HyerTek is hiring a Sr. Cloud Engineer to design, build, and own the secure cloud foundation that powers our federal solutions in Azure Government across DoD Impact Levels IL5 through IL7. You will architect landing zones, harden them to DISA STIG and DoD Cloud SRG standards, automate them as code, and operate them under the Risk Management Framework (RMF) — partnering with developers, architects, and security engineers to deliver accredited, performant, well-architected cloud services for government customers. This is a hands-on, builder role. On the infrastructure side, you will own landing-zone design, network isolation, identity, and Infrastructure as Code. On the security side, you will engineer the STIG-hardened baselines, zero-trust controls, and audit and encryption guarantees that mission workloads depend on to earn and keep an Authority to Operate. You will work directly with developers, architects, and security engineers, embedded with delivery teams rather than sitting in a separate platform organization. Your work will go to federal customers handling sensitive and classified data, and the correctness and durability of the environments you build will directly shape their trust in HyerTek.

Requirements

  • 7+ years of hands-on cloud engineering experience across architecture, security hardening, and infrastructure automation.
  • 5+ years hands-on Azure Government (or demonstrable IL4/IL5 delivery), including workloads meeting DoD Cloud SRG IL5 controls.
  • Expert in Infrastructure as Code (Bicep/ARM or Terraform for Azure Gov) and CI/CD with embedded security scanning.
  • Demonstrated DISA STIG hardening, NIST SP 800-53, and RMF/ATO artifact production — not just deploying resources, but making them accreditable.
  • Strong Azure networking: VNets, private endpoints, firewalls, and disconnected/air-gapped deployment concepts.
  • Identity engineering with Entra ID (Government) and CAC/PIV authentication.
  • Production experience with managed data services (Azure SQL / relational databases, Key Vault, secure storage), including migrating relational workloads to managed Azure data tiers.
  • Proficiency in a backend language for the service and automation layer — C# / .NET or strong Python; comfort re-platforming existing applications without regressing security invariants (PII masking, audit logging, role scoping).
  • Working knowledge of zero-trust design, data-access/security controls (row-level and role-based), and encryption/key management.
  • DoD 8570/8140 IAT Level II baseline — Security+ CE minimum (CISSP or CASP+ preferred for IL6/IL7).
  • Excellent troubleshooting, documentation, and stakeholder communication skills.
  • Comfort working independently across multiple concurrent engagements.
  • Candidates must have and maintain an active TS/SCI clearance with the Department of Defense.
  • This position requires U.S. citizenship and an active TS/SCI clearance with the Department of Defense.
  • Candidates must be authorized to work in the United States without the need for employment-based visa sponsorship now or in the future.
  • HyerTek will not sponsor applicants for a U.S. work visa status for this opportunity.

Responsibilities

  • Design and own Azure Government landing zones across development, test, and production tiers, treating the environment.
  • Re-platform existing applications into scalable, resilient Azure designs — managed database, secrets in Key Vault, private networking — without loss of role-scoped behavior or audit fidelity.
  • Build and maintain CI/CD pipelines with embedded security gates (SAST/DAST, dependency and container scanning, policy-as-code via Azure Policy) that operate in both connected and disconnected modes.
  • Implement DISA STIG and CIS-hardened baselines, with automated application, drift detection, and continuous configuration-compliance evidence rather than point-in-time scans.
  • Engineer controls to satisfy the DoD Cloud SRG (IL5/IL6), NIST SP 800-53 control families, and the RMF lifecycle; produce artifacts supporting ATO/cATO packages (SSP inputs, control implementation statements, POA&Ms).
  • Implement data-protection controls for sensitive workloads — FIPS-validated encryption at rest and in transit, PII masking with logged least-privilege reveal, and enclave-appropriate data boundaries by CUI/classification marking.
  • Design network isolation (VNets, private endpoints, NSGs, Azure Firewall) appropriate to each Impact Level, including disconnected/air-gapped topologies.
  • Integrate CAC/PIV smartcard authentication and Entra ID (Government) with conditional access and PIM; map application roles to least-privilege RBAC and zero-trust segmentation.
  • Partner with security engineers to apply hardening, de-identification, and governed-release controls; remediate findings and support audit and assessment activities.
  • Design the reusable IaC baseline so environments promote cleanly.
  • Instrument centralized logging and monitoring (Azure Monitor, Log Analytics, Microsoft Sentinel for Gov) with audit-log retention meeting DoD requirements.
  • Document architectures, control implementations, and as-built records suitable for customer handoff.
  • Support operational monitoring, incident root-cause analysis, backup/DR, and continuous improvement across managed environments.
  • Stay current on the Azure Government ecosystem and bring relevant capabilities into delivery patterns.

Benefits

  • Medical, dental, and vision insurance
  • 401(k) with employer contribution
  • Paid time off (PTO) and company holidays
  • Flexible work arrangements
  • Professional development and certification support
  • Employee assistance program (EAP)
  • Life and disability insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service