Type of Requisition:
Pipeline

Clearance Level Must Currently Possess:
Secret

Clearance Level Must Be Able to Obtain:
Secret

Public Trust/Other Required:
None

Job Family:
IT Infrastructure and Operations

Job Qualifications:

Skills:
Amazon Web Services (AWS) Security, Cloud Security, Platform Security, Security Architecture Design, Vulnerability Management
Certifications:
None
Experience:
6 + years of related experience
US Citizenship Required:
Yes

Job Description:

Information System Security Manager (ISSM) - Cloud Security Architect

Position Summary

This role is ideal for a hands-on cloud security engineer first, policy-aware second. You will actively engineer and enforce security controls across cloud and hybrid environments while maintaining RMF/ATO governance, continuous monitoring, and compliance. Expect roughly 66% platform engineering (secure design/implementation, automation, remediation) and 33% governance/policy enforcement (RMF artifacts, POA&Ms, attestations, board cadence).

Core Responsibilities

Governance, RMF & Compliance

• Lead RMF/ATO/ATC activities: develop and maintain SSP, control implementations, evidence, POA&Ms, and continuous monitoring strategy; coordinate with Government ISSO, SCV, AO; sustain ATO per USAF guidance.
• Enforce DISA STIG/SRG configurations across enterprise hardware/software; ensure timely patching/bug-fix deployment and flaw remediation with documented procedures.
• Enable and manage ACAS/Nessus vulnerability scanning (external and internal), deliver bi-weekly/30-day reports, and drive remediation to closure.
• Support incident response: immediate notification (phone/email) within six hours of discovery; 30-day follow-up reporting; maintain secure audit logs and event evidence.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (topologies, inventories, rack elevations, ports/protocols) and read-only visibility to Government tools/portals.

Cloud Security Architecture

• Implement secure configurations in AWS, Azure, GCP (or comparable platforms).
• Engineer IAM: RBAC, least-privilege, multi-account strategy, federation (IdP integration).
• Configure cloud-native logging/monitoring/alerting for security visibility (e.g., provider equivalents to CloudWatch).
• Apply Zero-Trust principles across cloud networking and service-to-service comms (authN/authZ, encryption, segmentation).
• Develop IaC security baselines; codify guardrails/policies; enforce drift detection.

Vulnerability Management & Compliance

• Operate ACAS and vulnerability scanners; analyze findings; prioritize remediation; validate fixes; sustain POA&Ms and compliance dashboards (NIST SP 800-53, DISA STIGs, CMMC as applicable).
• Produce traceability mapping of technical controls to required frameworks; prepare audit evidence and assessor packages.

Platform Security (Linux, Windows, Virtualization)

• Linux (≈70%): hardening, auditing, patching, secure configuration, STIG application/validation.
• Windows (≈30%): server security configuration, patch management, policy baselines.
• Virtualization: secure VMs and management planes (e.g., VMware), including isolation, logging, and role segmentation.

Kubernetes & Container Security

• Secure clusters: RBAC, network policies, secrets management, pod security standards; image signing and vulnerability scanning; protect service meshes and encrypted service communication.

Networking & Zero Trust

• Apply TCP/IP, firewalls, VLANs, VPNs, routing, micro-segmentation to enforce least-privilege access across hybrid environments; integrate CoS/QoS and performance KPIs where applicable.

Automation & DevSecOps

• Bash/Python automation for remediation and control validation.
• Terraform/Ansible (or equivalent) for enforcing baselines, policy-as-code, and repeatable secure deployments.
• CI/CD security integration, pre-deployment testing, and lab validation prior to production changes.

Collaboration & Leadership

• Serve as trusted advisor to COR and Government Technical Leads; brief diverse stakeholders in clear, mission-focused terms.
• Coordinate with PM, architects, network engineers, helpdesk/T3, and cybersecurity analysts; maintain cadence with PMRs and escalation SOPs.

Customer: Air Education and Training Command (AETC), United States Air Force
Location: San Antonio area; located within 25 miles of JBSA-Randolph, TX
Clearance: Ability to obtain and maintain Secret; USAF CAC eligibility; U.S. citizen with required background screening

Required Qualifications

• U.S. citizenship; Security clearance level: Must have Secret clearance to start and ability to obtain and maintain a Top Secret and USAF CAC; comply with base access requirements.

• Meets DoDM 8140.03 cyberspace workforce qualifications for the role (documentation upon request).
• 5-8+ years in cybersecurity/CloudSec; significant experience in hybrid cloud architecture, IAM, Zero-Trust, Kubernetes/container security, and Linux hardening.
• Demonstrated experience enforcing DISA STIGs/SRGs, executing ACAS/Nessus scans, and delivering RMF/ATO artifacts and continuous monitoring.
• Proficiency with cloud logging/monitoring, IaC, automation (Bash/Python, Terraform/Ansible), and CI/CD security integration.
• Excellent communication skills; ability to brief senior Government stakeholders and translate complex risks into actionable plans.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (Scan results/ATO/RMF information) to Government tools/portals

Preferred Qualifications

• Experience supporting Air Force or DoW enterprise environments (e.g., USAREUR-AF).
• DoDM 8140.03-aligned cyber workforce qualification or willingness to obtain
• Contributions to ATO/RMF packages and control documentation.
• Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
• Security+ (IAT II) required; CASP/CISSP/CISA preferred.

• Willingness to co-locate near JBSA-Randolph, TX for key personnel collaboration, and to engage with Government stakeholders regularly.
• Availability to support after-hours incident response or critical events as needed; adherence to AWAKEN governance, reporting, and board cadence.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.

The likely salary range for this position is $128,039 - $173,229. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
10-25%

Telecommuting Options:
Onsite

Work Location:
USA TX San Antonio

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc.