Location: Hybrid - Washington, DC Responsibilities:As the Cloud Security Engineer, you will serve as a primary technical Subject Matter Expert (SME) within the Information Security (InfoSec) workstream for the Alcohol and Tobacco Tax and Trade Bureau (TTB). You will be responsible for designing, deploying, and maintaining advanced cloud security controls and automated vulnerability reporting pipelines across TTB's modern Azure Gov and containerized environments.
Day-to-day activities include:
- Designing and implementing cloud security controls including Cloud-Native Application Protection Platforms (CNAPP), Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Data Security Posture Management (DSPM).
- Designing and deploying automated, risk-based vulnerability reporting solutions covering key attack surfaces such as virtual machines (VMs), containers, serverless environments, and cloud control planes.
- Providing security architecture and design services for new and existing infrastructure, applications, cloud services, and AI systems, ensuring adherence to Zero Trust principles. Implementing and overseeing cloud-native logging, alerting, encryption, key management, secret management, workload identity, and container registry/image hardening.
- Providing guidance and enforcement oversight for Web Application Firewalls (WAF), Web Application and API Protection (WAAP), API gateways, service meshes, and microservices security controls. Defining, documenting, and auditing secure configuration baselines (aligning with DISA STIGs and CIS Benchmarks) and monitoring for configuration drift.
Required Qualifications & Experience:Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related technical discipline. Experience: 8+ years of hands-on experience in cybersecurity engineering, with a heavy focus on securing enterprise cloud environments (specifically Microsoft Azure Gov).
- Deep technical proficiency with CNAPP, CSPM, Azure native security tools, WAF/WAAP configurations, Infrastructure-as-Code (IaC) security, and container/Kubernetes security.
- Proven ability to engineer and automate vulnerability reporting pipelines, configure zero-trust network access controls, and harden cloud tenants against DISA STIGs and CIS Benchmarks.
- Must be a U.S. Citizen or Lawful Permanent Resident Alien with at least three (3) years of U.S. residency.
Preferred Qualifications & Experience:- Active Treasury clearance.
- Industry-recognized cloud security certifications (e.g., Azure Security Engineer Associate, Microsoft Cybersecurity Architect Expert, CCSP).
- Advanced certifications such as CISSP or CISM.
- Experience integrating security controls within DevSecOps CI/CD pipelines.
Salary: $140,000 - $175,000
Our benefits include:
- Health & Dental Insurance with 100% of individual coverage paid for by the company
- Vision Insurance
- Life & Short Term Disability Insurance
- 401K with company match (employees are immediately vested)
- Paid Vacation
- 9 Paid Holidays per year (plus 2 paid floating holidays)
- Parental Leave
- Employee Bonuses
- Professional Development Reimbursement Program
- Tuition Assistance Program
