Security Architect Jobs

About The Position

Requirements

• U.S. citizenship
• Security clearance level: Must have Secret clearance to start and ability to obtain and maintain a Top Secret and USAF CAC
• Comply with base access requirements.
• Meets DoDM 8140.03 cyberspace workforce qualifications for the role (documentation upon request).
• 5–8+ years in cybersecurity/CloudSec
• Significant experience in hybrid cloud architecture, IAM, Zero‑Trust, Kubernetes/container security, and Linux hardening.
• Demonstrated experience enforcing DISA STIGs/SRGs, executing ACAS/Nessus scans, and delivering RMF/ATO artifacts and continuous monitoring.
• Proficiency with cloud logging/monitoring, IaC, automation (Bash/Python, Terraform/Ansible), and CI/CD security integration.
• Excellent communication skills; ability to brief senior Government stakeholders and translate complex risks into actionable plans.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (Scan results/ATO/RMF information) to Government tools/portals.

Nice To Haves

• Experience supporting Air Force or DoW enterprise environments (e.g., USAREUR‑AF).
• DoDM 8140.03‑aligned cyber workforce qualification or willingness to obtain
• Contributions to ATO/RMF packages and control documentation.
• Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
• Security+ (IAT II) required; CASP/CISSP/CISA preferred.
• Willingness to co‑locate near JBSA‑Randolph, TX for key personnel collaboration, and to engage with Government stakeholders regularly.
• Availability to support after‑hours incident response or critical events as needed; adherence to AWAKEN governance, reporting, and board cadence.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.

Responsibilities

• Lead RMF/ATO/ATC activities: develop and maintain SSP, control implementations, evidence, POA&Ms, and continuous monitoring strategy; coordinate with Government ISSO, SCV, AO; sustain ATO per USAF guidance.
• Enforce DISA STIG/SRG configurations across enterprise hardware/software; ensure timely patching/bug‑fix deployment and flaw remediation with documented procedures.
• Enable and manage ACAS/Nessus vulnerability scanning (external and internal), deliver bi‑weekly/30‑day reports, and drive remediation to closure.
• Support incident response: immediate notification (phone/email) within six hours of discovery; 30‑day follow‑up reporting; maintain secure audit logs and event evidence.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (topologies, inventories, rack elevations, ports/protocols) and read‑only visibility to Government tools/portals.
• Implement secure configurations in AWS, Azure, GCP (or comparable platforms).
• Engineer IAM: RBAC, least‑privilege, multi‑account strategy, federation (IdP integration).
• Configure cloud‑native logging/monitoring/alerting for security visibility (e.g., provider equivalents to CloudWatch).
• Apply Zero‑Trust principles across cloud networking and service‑to‑service comms (authN/authZ, encryption, segmentation).
• Develop IaC security baselines; codify guardrails/policies; enforce drift detection.
• Operate ACAS and vulnerability scanners; analyze findings; prioritize remediation; validate fixes; sustain POA&Ms and compliance dashboards (NIST SP 800‑53, DISA STIGs, CMMC as applicable).
• Produce traceability mapping of technical controls to required frameworks; prepare audit evidence and assessor packages.
• Linux (≈70%): hardening, auditing, patching, secure configuration, STIG application/validation.
• Windows (≈30%): server security configuration, patch management, policy baselines.
• Virtualization: secure VMs and management planes (e.g., VMware), including isolation, logging, and role segmentation.
• Secure clusters: RBAC, network policies, secrets management, pod security standards; image signing and vulnerability scanning; protect service meshes and encrypted service communication.
• Apply TCP/IP, firewalls, VLANs, VPNs, routing, micro‑segmentation to enforce least‑privilege access across hybrid environments; integrate CoS/QoS and performance KPIs where applicable.
• Bash/Python automation for remediation and control validation.
• Terraform/Ansible (or equivalent) for enforcing baselines, policy‑as‑code, and repeatable secure deployments.
• CI/CD security integration, pre‑deployment testing, and lab validation prior to production changes.
• Serve as trusted advisor to COR and Government Technical Leads; brief diverse stakeholders in clear, mission‑focused terms.
• Coordinate with PM, architects, network engineers, helpdesk/T3, and cybersecurity analysts; maintain cadence with PMRs and escalation SOPs.

Benefits

• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Flexibility: Full-flex work week to own your priorities at work and at home
• Community: Award-winning culture of innovation and a military-friendly workplace
• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.