Type of Requisition:
Pipeline

Clearance Level Must Currently Possess:
Secret

Clearance Level Must Be Able to Obtain:
Secret

Public Trust/Other Required:
None

Job Family:
IT Infrastructure and Operations

Job Qualifications:

Skills:
Cloud Architectures, Cloud Based Services, Identity Access Management (IAM), Information Technology (IT) Systems, Security Compliance
Certifications:
None
Experience:
10 + years of related experience
US Citizenship Required:
Yes

Job Description:

Senior Cloud Architect

Overview / Your Impact

AETC recruits, trains, and educates Airmen to deliver 21st-century airpower. AWAKEN is AETC's enterprise-managed, accredited wireless and network service spanning flight lines, classrooms, dorms, and administrative facilities across the U.S. As Senior Cloud Architect, you are the technical lead driving AWAKEN's transformation to a cloud-native, software-defined, Zero-Trust enterprise-enhancing performance and cybersecurity for mission training at scale.

You will design, implement, and enforce secure cloud and hybrid architectures, integrating identity, visibility, and continuous monitoring to protect mission systems and enterprise infrastructure. You'll partner with government stakeholders to align solutions with DoD/USAF requirements and ensure reliable, end-to-end connectivity for mission users.

Responsibilities

Architecture & Design

• Architect end-to-end cloud-native, software-defined solutions that meet AETC's performance, scalability, and user-experience objectives; lead the enterprise evolution to Zero-Trust architectures.
• Design and implement secure hybrid environments (public cloud + on-prem), including cloud networking, segmentation, service-to-service security, and federation models.
• Engineer Identity and Access Management (IAM) with role-based access controls (RBAC), least privilege, and single-/multi-domain federation.
• Secure Kubernetes platforms and container runtimes (network segmentation, RBAC, workload isolation) and guide standards for virtualized environments.
• Develop Infrastructure-as-Code (IaC) security baselines to enable repeatable, compliant deployments.
• Lead technical options, costed alternatives, and future-state roadmaps aligned to mission priorities and budget.

Security & Compliance

• Implement RMF-aligned controls; produce/maintain ATO artifacts; support continuous monitoring strategy and control assessments with ISSM/ISSO/SCV.
• Enforce DISA STIG/SRG configurations across Linux/Windows systems, cloud services, VMs, and Kubernetes clusters; maintain timely patching and flaw remediation.
• Enable ACAS/Nessus vulnerability scanning, report results, remediate findings, and sustain POA&Ms in coordination with Government cybersecurity leads.
• Implement web content filtering and traffic prioritization consistent with DoD/USAF policy and AWAKEN rules of behavior.
• Map technical controls to NIST SP 800-53, DISA STIGs, and (as applicable) CMMC requirements; maintain secure logging, audit trails, and evidence packages.
• Support incident response in cloud environments (log analysis, containment, recovery) and contribute to the Government's cyber incident reporting processes.

Engineering, Testing & Delivery

• Operate in a pre-deployment test/lab environment, perform MBSE-driven validation, and deliver successful test results prior to production rollout.
• Troubleshoot complex enterprise connectivity issues impacting performance or user experience; provide Tier-3 engineering guidance to operations teams.
• Optimize network and cloud configurations for resilience, availability, latency, jitter, and QoS in line with AWAKEN KPIs/SLAs.

Collaboration & Governance

• Engage the COR and AWAKEN Government Technical Leads as a trusted advisor; communicate clearly across diverse technical backgrounds.
• Partner with the Program Manager, providing status, recommendations, and technical insight; contribute to PMRs and enterprise planning.
• Support Configuration Control Boards (CCBs) by proposing changes, documenting artifacts, and sustaining the enterprise baseline.

Location:: San Antonio area; located within 25 miles of JBSA-Randolph, TX
Clearance: Ability to obtain and maintain a Secret clearance
Customer: Air Education and Training Command (AETC), United States Air Force

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, or related field (or equivalent practical experience).
• 10+ years of experience in enterprise IT/cloud architecture, systems engineering, or network modernization; 5+ years leading technical efforts on large programs.
• Hands-on expertise with cloud-integrated network designs, hybrid cloud architectures, and Zero-Trust patterns.
• Strong experience with IAM/RBAC, Kubernetes/container security, and Linux hardening; working knowledge of Windows hardening.
• Architect secure, scalable Cloud infrastructures and network connectivity.
• Design cloud-native data platforms, pipelines, and analytics architectures.
• Automate cloud provisioning with Terraform/ARM/Bicep; ensure consistent, FedRAMP-compliant environments.
• Implement RBAC, least-privilege, encryption, and NIST-aligned security controls.
• Drive FinOps optimization and guide engineering teams on cloud best practices.
• Enhance the security and administration of Spectrum IT systems operations.
• Migrate and modernize with config-level changes.
• Push toward Platform as a Service (PaaS) and cloud-native where possible.
• Replatform if the application can leverage PaaS.
• Rehost using AWS/Azure Infrastructure-as-a-Service (IaaS) if the application can't leverage PaaS.
• Use Microsoft Cloud Adoption Framework (CAF) and the Azure Well-Architected Framework.
• Leverage the NTIA FSDS IL5 tenant based on the single tenant architect
• Demonstrated ability to enforce STIGs/SRGs, remediate ACAS/Nessus findings, and produce RMF/ATO documentation.
• Proficiency with cloud-native monitoring/logging (e.g., CloudWatch or platform equivalents), securing service meshes, and IaC security baselines.
• Experience with Agile/Lean delivery; effective communicator able to brief senior business and government stakeholders.
• U.S. citizen; able to obtain Secret clearance and USAF CAC; pass government background checks and fingerprinting.
• AWS Certified Cloud Architect

Desired Qualifications

• Experience with 5G integration and enterprise Wi-Fi architectures.
• DoDM 8140.03-aligned cyber workforce qualification or willingness to obtain
• Familiarity with AETC/USAF operational environments; prior support to USAREUR-AF or other DoD organizations is a plus.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.

The likely salary range for this position is $147,292 - $199,278. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
10-25%

Telecommuting Options:
Onsite

Work Location:
USA TX San Antonio

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.