CLOUD SECURITY ENGINEER - AWS GOVCLOUD / MULTI-CLOUD

Zermount, Inc

$155K — $190K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years of experience with federal cloud infrastructure on AWS GovCloud, utilizing Terraform/IaC across various environments.
  • Proficiency in multi-cloud architecture, particularly AWS and either Azure or GCP.
  • Experience in automating cloud security processes involving event-driven controls and integration.
  • Solid understanding of FedRAMP compliance, including credentialed scanning and least-privilege access management.
  • Strong scripting skills in Python and Bash, along with CI/CD pipeline experience using Jenkins.
  • Familiarity with CSPM/CNAPP tools and Okta/Entra ID is advantageous.
  • Excellent attention to detail, self-guided with strong communication skills.

Responsibilities

  • Build and maintain Infrastructure-as-Code for AWS GovCloud and commercial environments using Terraform and Ansible.
  • Operate cloud-native security services like Security Hub and GuardDuty, managing CSPM across multi-cloud.
  • Architect security automation for alerting and monitoring, focusing on drift remediation.
  • Implement hardening measures and compliance protocols aligned with FedRAMP.
  • Maintain CI/CD pipelines and observability tools for continuous cloud control evidence.

Benefits

  • Remote work flexibility with occasional site visits to Virginia locations.
  • Opportunity to work on high-impact projects within the government sector.
  • Exposure to multi-cloud environments, broadening technical skill sets.
  • Potential for career advancement in a growing Professional Services business.
Full Job Description
Cloud Security Engineer - AWS GovCloud / Multi-Cloud

Position Overview

We are looking for a highly talented, technical, hands-on Cloud Security Engineer to help accelerate our growing Professional Services business within the Government Sector.You will build and operate the secure cloud foundation and security automation that produces continuous control evidence across AWS - and Azure/GCP as the environment expands - enforcing guardrails as code and remediating drift in near real time for a federal continuous Authorization to Operate (cATO) program.

Duties & Responsibilities
  • Cloud Infrastructure-as-Code: Build and maintain AWS GovCloud/Commercial IaC (Terraform, Ansible) across Production, Staging, Test, and Integration tiers.
  • Cloud-Native Security Services: Operate Security Hub, GuardDuty, and Config; run cloud security posture management (CSPM) across AWS plus Azure/GCP.
  • Security Automation: Architect event-driven alerting (identity event hooks to serverless functions and notifications), privileged-access monitoring, and drift auto-remediation.
  • Hardening & Compliance: Implement credentialed scanning, WAF/IP allowlisting, and least-privilege access; maintain a FedRAMP-aligned compliance posture.
  • Pipelines & Observability: Maintain CI/CD pipelines (Jenkins + Terraform + Ansible) and observability (Splunk, CloudWatch) for cloud control evidence.

Qualifications
  • High level of attention to detail, needs minimal guidance, effective verbal and written communication.
  • 8+ years delivering federal cloud infrastructure on AWS GovCloud, with hands-on Terraform/IaC across multiple environment tiers.
  • Multi-cloud breadth: architecture-level proficiency across AWS and at least one of Azure or GCP.
  • Cloud security automation: serverless/event-driven controls, identity-event integration, and drift remediation.
  • FedRAMP-aligned operations - credentialed scanning, WAF, and least-privilege access management.
  • Scripting in Python and Bash; CI/CD (Jenkins) and observability (Splunk/CloudWatch).
  • CSPM/CNAPP tooling (e.g., Prisma Cloud) and Okta/Entra ID integration a plus.

Education
  • Bachelor of Science (or higher) in computer engineering, computer science, information technology, cyber security, or a related field.
  • Another major will be considered, provided it clearly addresses at least one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems, or information technology.

CERTIFICATION
  • None required.

Clearance Level
  • No Clerance required, but an active Secret Clearance is preferred.

Work Location
  • Primary location(s) are Arlington and Alexandria VA. Remote work is authorized, but the employee may have to report to one of the primary sites occasionally or as requested by management or the client.

Hours of Operation
  • 6:00 am ET - 6:00 pm ET

SALARY RANGE:
  • $155,000 - $190,000+
  • Ability to pass a minimum background investigation.

Similar Jobs

More Jobs at Zermount, Inc

More Information Technology Jobs

Find similar CLOUD SECURITY ENGINEER - AWS GOVCLOUD / MULTI-CLOUD jobs: