The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
• The Cloud Security Lead SME is a senior subject matter expert responsible for the enterprise cloud security posture of the WDP across NIPRNet, SIPRNet, and JWICS environments, serving as the authoritative voice on Zero Trust compliance, Risk Management Framework execution, and cloud security architecture across all WDP-supported Cloud Service Provider environments. This role works in close coordination with cybersecurity leadership, platform engineers, and Authorizing Officials to sustain and continuously improve the authorization posture of mission-critical cloud infrastructure supporting the DoW's AI-First mission.
• Provides enterprise cloud security oversight supporting Department of War mission systems operating within AWS GovCloud, Azure Government, and approved DoW cloud environments.
• Monitors cloud-native security posture using Cloud Security Posture Management platforms integrated with native provider tooling to identify misconfigurations, policy drift, and compliance gaps.
• Configures and enforces cloud security controls aligned to the DoW Cloud Computing Security Requirements Guide, Zero Trust Architecture, and Risk Management Framework objectives.
• Reviews Infrastructure-as-Code artifacts to validate secure baseline configurations prior to deployment, integrating security checks into DevSecOps pipelines and automated compliance workflows.
• Analyzes cloud audit logs, configuration events, and security alerts to support continuous monitoring, threat detection, and incident response coordination.
• Collaborates with cloud engineers, platform teams, and cybersecurity leadership to remediate findings impacting authorization posture and mission availability.
• Maintains traceable evidence supporting security assessments, authorization packages, and ongoing compliance reporting through eMASS, SharePoint, and centralized dashboards.
• Produces cloud security posture reports, risk summaries, and remediation plans for Authorizing Officials and senior cybersecurity leadership.
• Supports cloud migration initiatives by embedding security requirements into design reviews, architecture decisions, and operational handoff processes.
• Delivers measurable improvements in cloud compliance posture, configuration consistency, risk visibility, and operational resilience while reinforcing program values of security-by-design, accountability, mission assurance, and disciplined cloud operations.
• Performs other duties as assigned.
• Current Secret security clearance.
• 12 or more years of progressively responsible experience in cybersecurity, cloud security, or a closely related field, with demonstrated expert-level proficiency securing mission-critical cloud environments in support of DoW or federal government programs.
• DoW 8140/8570 IAM Level I baseline certification, satisfied by one of the following active credentials: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Demonstrated experience implementing and assessing Zero Trust security capabilities in alignment with the DoW Zero Trust Reference Architecture and NIST SP 800-207, including Attribute-Based Access Control, Privileged Access Management, Identity and Access Management federation, and continuous monitoring across multi-enclave cloud environments.
• Hands-on experience executing Risk Management Framework activities, including preparation and management of cybersecurity Body-of-Evidence artifacts, eMASS administration, and support for Authority to Operate processes across multiple security enclaves.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).