Everforth ECS is seeking a Cloud Security Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Cloud Security Engineer delivers hands-on cloud security engineering and cyber defense operations across WDP's classified and unclassified environments, with a focus on patch management, continuous monitoring, and incident response spanning NIPRNet, SIPRNet, and JWICS. This role is integral to sustaining the security posture, authorization compliance, and operational readiness of WDP's multi-enclave AWS cloud infrastructure in direct support of DoW mission-owner communities and Joint Staff elements.
• Conducts patch management operations across War Data Platform (WDP) Core Integration cloud enclaves by operating vulnerability scanning workflows, identifying required updates, tracking patch applicability, and automating deployment actions aligned with Department of War patching directives supporting Joint Staff elements and mission-owner communities.
• Validates patch implementation in controlled environments by executing test sequences, reviewing system behavior, and confirming compliance with configuration baselines across virtual machines, containerized services, Infrastructure as Code modules, and platform services.
• Operates cloud logging and monitoring mechanisms using CloudWatch, GuardDuty, Splunk, Elastic clusters, and integrated SIEM pipelines to detect configuration drift, unauthorized change activity, and misconfigurations affecting War Data Platform (WDP) Core Integration readiness.
• Supports deployment and evaluation of incident response procedures by executing data collection steps, performing event correlation, documenting operational impact, and generating incident response metrics such as mean time to detect, mean time to respond, containment intervals, and recovery validation results.
• Contributes to incident triage by analyzing indicators of compromise, correlating system logs, validating remediation actions, and preparing status reporting for senior operational leaders.
• Participates in lessons learned reviews by identifying root causes, proposing corrective actions, and incorporating process improvements into standardized runbooks, intelligence feeds, and automated control mechanisms.
• Strengthens defensive posture across NIPRNet, SIPRNet, and JWICS environments by maintaining operational continuity, supporting cyber readiness objectives, and contributing to mission-aligned cloud security modernization efforts.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• 3-10 years of experience in cloud security engineering, cybersecurity operations, or a closely related discipline within federal, DoW, or enterprise cloud environments.
• Demonstrated hands-on experience with cloud-native security and monitoring tools including AWS CloudWatch, GuardDuty, and either Splunk or Elastic SIEM platforms, with applied experience in vulnerability scanning, patch management, and incident response operations across classified or government cloud environments.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).