Lead Infrastructure and Cybersecurity Architect

Caliola Engineering, LLC

$150K — $185K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Active Secret Clearance required.
  • Bachelor's degree in relevant technical field or equivalent experience.
  • Over 10 years in infrastructure architecture and cybersecurity roles.
  • Experience with DoD or federally regulated environments essential.
  • Advanced expertise in network architecture and cloud security.
  • Hands-on experience with vulnerability management and incident response necessary.
  • Ability to mentor and collaborate across diverse teams.

Responsibilities

  • Design and maintain secure infrastructure across various environments.
  • Evaluate and integrate enterprise network technologies for security and efficiency.
  • Implement security monitoring technologies and improve response capabilities.
  • Architect and support secure cloud environments under federal requirements.
  • Govern compliance with CMMC Level 2 and other regulations during project lifecycles.
  • Lead technical documentation and compliance artifact creation for assessments.
  • Mentor and guide engineering teams in secure architecture and operational practices.

Benefits

  • Full-time position with on-site requirements.
  • Collaborative work environment with diverse teams.
  • Opportunity to work on cutting-edge AI integration in cybersecurity.
  • Exposure to federal security frameworks and compliance requirements.
  • Support for professional development and certifications.
Full Job Description
Lead Infrastructure and Cybersecurity Architect

City/State: Colorado Springs, CO USA

Type and Schedule: Full-Time, Salary/Exempt, on-site in Colorado Springs, CO

Annualized Salary Range: $150,000 - $185,000 commensurate with experience.

Position Description:

Caliola is seeking a highly capable Lead Infrastructure and Cybersecurity Architect who reports to the Director of Infrastructure Operations to support the design, modernization, security, and governance of our internal infrastructure, enterprise networks, cloud environments, and regulated systems.

This role will serve as a hands-on technical anchor as Caliola scales, building the secure architecture needed to support new programs, mature our technical infrastructure, operate secure spaces, sustain CMMC Level 2 compliance, and design secure AI capabilities. This person leads the architecture, documentation, configuration management, and risk mitigation efforts supporting the continued growth and maturity of Caliola's infrastructure and cybersecurity capabilities.

The ideal candidate will be comfortable moving between high-level architecture decisions and direct technical execution across on-premises, cloud, hybrid, network, endpoint, cybersecurity, AI, and compliance environments.

This role requires deep technical capability across enterprise networking, cybersecurity architecture, Microsoft GCC High / Azure Government, secure monitoring, disaster recovery, and regulated government systems. The successful candidate will work closely with engineering, cybersecurity, compliance, facilities, and program management to ensure Caliola's systems remain secure, resilient, compliant, and ready for growth.

Technical Responsibilities:
  • Design, build, and maintain secure, resilient, and scalable core infrastructure across on-premises, cloud, hybrid, and multi-site environments. Drive modernization initiatives including cloud integration, virtualization, software-defined networking, LAN/WAN, SD-WAN, VPN, network segmentation, and Infrastructure as Code automation.
  • Evaluate, integrate, and govern enterprise network technologies, including routers, switches, firewalls, IDS/IPS, NAC, load balancing, encryption, wireless, and secure connectivity solutions.
  • Implement, configure, tune, and improve security monitoring technologies, including endpoint protection, SIEM/SOAR, Microsoft Defender, Microsoft Sentinel, logging, alerting, dashboards, and incident-response integrations.
  • Architect, administer, and support Microsoft GCC High, Azure Government, and hybrid commercial cloud environments in accordance with federal security requirements. Govern foundational systems, backup environments, identity, endpoint, collaboration, monitoring, and data protection capabilities.
  • Implement and govern secure cloud and hybrid architectures using Microsoft Entra ID, Conditional Access, MFA/PIM, Intune, Purview, AvePoint, and related tools to support resource protection, access control, monitoring, and compliance.
  • Secure and harden foundational IT components, including software development environments, databases, endpoints, servers, cloud resources, and network devices by applying DISA STIGs, configuration baselines, vulnerability remediation, and risk mitigation strategies.
  • Provide hands-on technical support during security incidents, including investigation, containment, remediation, recovery, documentation, and follow-up hardening.
  • Architect and oversee disaster recovery and business continuity strategies, including backup validation, recovery planning, high availability, resilience, and continuity of critical infrastructure and business systems.
  • Supports the evaluation, implementation, and secure operation of approved AI-enabled tools and workflows in accordance with organizational security, risk mitigation, and compliance requirements.

Additional Responsibilities:
  • Lead the technical implementation and sustainment of GRC controls aligned with CMMC Level 2, NIST SP 800-171/800-53, DFARS, DISA STIGs, and applicable DoD cybersecurity requirements. Support internal assessments, remediation planning, customer reviews, and external C3PAO assessments.
  • Develop and maintain compliance and engineering artifacts, including System Security Plans, POA&Ms, configuration management documentation, HLDs/LLDs, network diagrams, technical standards, implementation plans, incident response procedures, and security control evidence.
  • Provide technical architecture and infrastructure support for secure rooms, classified or controlled environments, and related systems in coordination with the ISSM, FSO, security, compliance, facilities, and program teams.
  • Partner across engineering, cybersecurity, compliance, facilities, program management, customer stakeholders, and vendors to embed security throughout the system lifecycle. Participate in architecture reviews, risk assessments, vendor evaluations, change management, and IT Configuration Control Board activities.
  • Prepare and maintain technical roadmaps and standards for infrastructure, cybersecurity tooling, cloud architecture, network modernization, endpoint management, disaster recovery, secure AI adoption, and compliance sustainment.
  • Provide technical guidance and mentorship to engineering and technical staff to build organization-wide capability in secure design, cloud operations, infrastructure engineering, and cybersecurity practices.
  • Evaluate emerging technologies, threats, and industry trends to guide strategic upgrades while balancing long-term architecture goals with operational needs.

What We Require:
  • Active Secret Clearance
  • Bachelor's degree in Computer Science, Information Technology, Engineering, Cybersecurity, or a related field, or equivalent professional experience.
  • 10+ years of progressive experience in enterprise infrastructure architecture, network engineering, cybersecurity architecture, cloud security, systems architecture, or related technical roles.
  • Experience supporting DoD, Federal Government, defense contractor, or similarly regulated environments.
  • Advanced knowledge of enterprise network and infrastructure architecture, including routing, switching, firewalls, VPNs, wireless, VLANs, network segmentation, secure connectivity, and high availability / disaster recovery architectures.
  • Experience designing, administering, or supporting Microsoft GCC High, Azure Government, or comparable secure cloud, identity, endpoint, collaboration, monitoring, or data protection environments.
  • Strong working familiarity with CMMC Level 2, NIST SP 800-171, RMF, DFARS cybersecurity requirements, DISA STIGs, and related DoD cybersecurity expectations.
  • Hands-on experience with security hardening, vulnerability management, vulnerability remediation, configuration baselines, endpoint protection, access control, logging, SIEM/security monitoring, and incident response support, including Microsoft Sentinel or comparable platforms.
  • Ability to translate business, program, compliance, engineering and emerging technology needs into secure technical architecture, implementation plans, and operational documentation.
  • Ability to mentor technical teammates, collaborate effectively across engineering, cybersecurity, compliance, facilities, and program teams, and influence outcomes without direct management authority.

What We Value:
  • Active Top Secret or TS/SCI security clearance.
  • Direct involvement in CMMC Level 2 sustainment, C3PAO or DIBCAC assessments, secure rooms, classified systems, SSPs, POA&Ms, audit evidence, and continuous compliance.
  • Deep knowledge of Microsoft GCC High, Azure Government, Entra ID, Intune, Defender, Sentinel, Purview, Conditional Access, MFA/PIM, Zero Trust Architecture, FedRAMP, DoD SRG, or related federal cloud/security frameworks.
  • Familiarity with Cisco, Palo Alto, Fortinet, Aruba, Juniper or comparable network platforms.
  • Windows/Linux server administration and infrastructure automation using tools such as Windows Server, Ubuntu, RHEL, Terraform, Ansible, Bicep, PowerShell, Bash, or Python.
  • Secure AI architecture and governance, including approved tools, workflows, access controls, logging, monitoring, and data boundary protections.
  • Relevant certifications such as CISSP, CISM, CCNP, CCIE, Microsoft Cybersecurity Architect Expert, Microsoft Azure Solutions Architect Expert, Certified CMMC Professional, Security+, Network+, or SANS/GIAC.

Minimum Physical Requirements:
  • Must possess exceptional written and verbal English communication skills, with the ability to convey complex technical concepts to both technical and non-technical audiences.
  • Ability to multitask across multiple programs, manage competing priorities, and maintain high focus in a fast-paced environment.
  • Ability to navigate an office or server room setting, including prolonged periods at a workstation.
  • Ability to bend, kneel, crouch, or reach to install, inspect, or maintain IT hardware, server racks, and cabling.
  • Close visual acuity required for analyzing data, engineering diagrams, and extensive reading.
  • Fine motor skills and dexterity to manipulate small technical devices and components.
  • Ability to occasionally lift, move, and set up infrastructure equipment weighing up to 35 lbs.

Please contact Human Resources with questions about ADA accommodations.

Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities at Caliola Engineering. Should a match be identified between your skillset and Caliola's requirements for this or a future opening, you may be contacted.

The posted salary range represents our good faith estimate for this role based on current organizational needs and the qualifications reasonably expected for the position. Final compensation will be determined based on factors such as experience, skills, education, clearance status, and business needs.

This position will remain open until filled, and applications will be reviewed on a continuous basis.

Similar Jobs

More Jobs at Caliola Engineering, LLC

More Information Technology Jobs

Find similar Lead Infrastructure and Cybersecurity Architect jobs: