Cloud Security Engineer - AWS GovCloud / Multi-CloudPosition OverviewWe are looking for a highly talented, technical, hands-on Cloud Security Engineer to help accelerate our growing Professional Services business within the Government Sector.You will build and operate the secure cloud foundation and security automation that produces continuous control evidence across AWS - and Azure/GCP as the environment expands - enforcing guardrails as code and remediating drift in near real time for a federal continuous Authorization to Operate (cATO) program.
Duties & Responsibilities- Cloud Infrastructure-as-Code: Build and maintain AWS GovCloud/Commercial IaC (Terraform, Ansible) across Production, Staging, Test, and Integration tiers.
- Cloud-Native Security Services: Operate Security Hub, GuardDuty, and Config; run cloud security posture management (CSPM) across AWS plus Azure/GCP.
- Security Automation: Architect event-driven alerting (identity event hooks to serverless functions and notifications), privileged-access monitoring, and drift auto-remediation.
- Hardening & Compliance: Implement credentialed scanning, WAF/IP allowlisting, and least-privilege access; maintain a FedRAMP-aligned compliance posture.
- Pipelines & Observability: Maintain CI/CD pipelines (Jenkins + Terraform + Ansible) and observability (Splunk, CloudWatch) for cloud control evidence.
Qualifications- High level of attention to detail, needs minimal guidance, effective verbal and written communication.
- 8+ years delivering federal cloud infrastructure on AWS GovCloud, with hands-on Terraform/IaC across multiple environment tiers.
- Multi-cloud breadth: architecture-level proficiency across AWS and at least one of Azure or GCP.
- Cloud security automation: serverless/event-driven controls, identity-event integration, and drift remediation.
- FedRAMP-aligned operations - credentialed scanning, WAF, and least-privilege access management.
- Scripting in Python and Bash; CI/CD (Jenkins) and observability (Splunk/CloudWatch).
- CSPM/CNAPP tooling (e.g., Prisma Cloud) and Okta/Entra ID integration a plus.
Education- Bachelor of Science (or higher) in computer engineering, computer science, information technology, cyber security, or a related field.
- Another major will be considered, provided it clearly addresses at least one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems, or information technology.
CERTIFICATIONClearance Level- No Clerance required, but an active Secret Clearance is preferred.
Work Location- Primary location(s) are Arlington and Alexandria VA. Remote work is authorized, but the employee may have to report to one of the primary sites occasionally or as requested by management or the client.
Hours of OperationSALARY RANGE: - Ability to pass a minimum background investigation.