Title: Senior Cloud Security Engineer Location: Any Location / Remote - Remote - Morrisville, NC - Falls Church, VA - Eagan, MN Full Part/Time: Full-time Type of Requisition: Pipeline Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: MBI (T2) Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Cloud Security, Information Technology Security, Security Architecture Design Certifications: None Experience: 8 + years of related experience US Citizenship Required: No Job Description: Advance your career while impacting our national security as a Senior Cloud Security Engineer. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government. As a Senior Cloud Security Engineer, you will directly implement technical strategy for securing a massive hybrid ecosystem comprising 30,000+ physical sites and diverse multi-cloud tenants. You will be responsible for building the automated "guardrails" that protect our assets, data, and identity fabric across private data centers and public cloud environments. Your mission is to ensure a high-quality security posture through continuous efficacy assessments, fraud mitigation, and proactive threat detection. MEANINGFUL WORK AND PERSONAL IMPACT This position will support the United States Postal Service (USPS) through: - Security Posture & Compliance Automation: Design and implement automated compliance assessments to enforce hardening standards (CIS, NIST) across cloud accounts and on-premises virtualized environments. - Asset & Data Security: Architect and maintain the security of our sprawling asset inventory. Implement data-at-rest and data-in-transit encryption strategies that span from physical data center servers to cloud-native storage. - Identity & Fraud Mitigation: Develop and secure the "Identity Fabric" linking 600k+ employees and millions of commercial customers. Collaborate with Fraud teams to integrate signals from SIEM and Databricks to detect and block malicious account activity. - Hybrid Engineering: Build and manage secure connectivity (Transit Gateways, Service Mesh) between on-premises hypervisors and multi-cloud environments, ensuring consistent policy enforcement. - Threat Detection & Response: Partner with the SOC to develop high-fidelity detection logic. Build SOAR playbooks that automate the isolation of compromised cloud workloads or on-premises VMs. - Efficacy Assessment: Support ongoing "Purple Team" exercises and control testing to validate that security tools (EDR, WAF, DLP) are performing as intended across all tenants. - AI/ML Security Governance (Adversarial Defense): Establish security guardrails for the enterprise's internal and customer-facing AI models. This includes protecting Databricks training pipelines from data poisoning and implementing mitigations for LLM-specific threats like prompt injection and sensitive data leakage. - Hyper-Automation of Security Operations: Drive the transition from manual "click-to-operate" security to Autonomous Security Operations. This involves building advanced SOAR playbooks that use ML-based triggers to perform auto-remediation across hybrid environments without human intervention. - Business Process Streamlining: Partner with business units to integrate security "invisibly" into their workflows. Use automation to reduce "security friction" in logistics and retail operations, ensuring that compliance checks (like PCI or SOC2) are performed continuously and programmatically. - AI Asset Management: Discover and catalog "Shadow AI" usage across the enterprise, ensuring all third-party AI tools meet the enterprise's privacy and security standards. WHAT YOU'LL NEED TO SUCCEED Education: - Education: B.S. or M.S. in Computer Science, Information Security, or a related technical field. - NOTE: If resources do not have a relevant college degree, an additional 4 years of relevant work experience is required. Preferred Professional Certifications: - CISSP (Certified Information Systems Security Professional) - CCSP (Certified Cloud Security Professional) - Cloud-specific Professional Security Certifications (e.g., AWS Certified Security - Specialty or Google Professional Cloud Security Engineer). Required Experience: - Experience: 8+ years in a technical Cybersecurity Engineering role, with at least 4 years focused on large-scale cloud or hybrid environments, and a portfolio of projects where AI or Machine Learning was directly applied to solve security or operational scaling problems. - Scale Proven: Demonstrated experience managing environments with 10,000+ workloads and high-availability requirements for retail/commercial applications. - Automation Portfolio: Experience with CI/CD and GitOps workflows, treating security configurations as code that is automatically tested and deployed. - Cloud Fluency: Expert-level knowledge of security architectures in AWS, Azure, and Google Cloud. - Infrastructure as Code (IaC): Mastery of Terraform, Ansible, or CloudFormation to deploy and manage security configurations at massive scale. - Big Data Analytics for Security: Ability to leverage Databricks to perform deep-dive analysis on billions of logs for threat hunting and efficacy reporting. - Container & Orchestration Security: Experience securing Kubernetes (EKS/AKS/GKE) and Docker environments, focusing on runtime protection and image integrity. - Identity Mastery: Proficiency with OAuth 2.0, SAML, and CIAM solutions for large-scale customer and employee authentication. - Security Data Science: Proficiency in using Python (PySpark/Pandas) within Databricks to build custom anomaly detection models that go beyond standard SIEM correlation rules. - Generative AI Security: Knowledge of the OWASP Top 10 for LLMs and experience implementing AI gateways or "firewalls" to monitor and filter AI-generated traffic. - API-First Automation: Deep expertise in building "glue code" that connects disparate COTS and custom applications via secure, automated APIs to streamline cross-functional business activities. - Algorithmic Literacy: The ability to explain to non-technical stakeholders how AI-driven security decisions (like blocking a suspicious $1M commercial transaction) are made and how to handle "false positives" at scale. - Efficiency Mindset: A relentless focus on identifying repetitive manual tasks (e.g., firewall rule reviews, access audits) and replacing them with self-healing, automated systems. Security Clearance Level: - Ability to obtain and maintain a Public Trust clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting - This position has a U.S. residency requirement. The USPS security clearance process requires the selected candidate to have resided in the U.S. (including U.S. Territories) for the last five years as follows: U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 6 months consecutively in the last 3 years (unless they meet certain exceptions). Non-U.S. Citizens cannot have left the U.S. (including U.S. Territories) for longer than 90 days consecutively in the last 3 years. GDIT IS YOUR PLACE: - 401K with company match - Comprehensive health and wellness packages - Internal mobility team dedicated to helping you own your career - Professional growth opportunities including paid education and certifications - Cutting-edge technology you can learn from - Rest and recharge with paid vacation and holidays The likely salary range for this position is $147,292 - $199,278. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: Less than 10% Telecommuting Options: Remote Work Location: Any Location / Remote Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee's date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

• Own end-to-end vulnerability remediation across Linux package ecosystems and container images. • Analyze CVEs affecting OS packages, runtimes, libraries, and transitive dependencies across multiple Linux distributions. • Validate upstream fixes, evaluate patch applicability, and determine appropriate remediation strategies. • Rebuild, backport, patch, curate, sign, and publish packages across multiple Linux distribution branches. • Maintain and manage trusted package repositories across diverse Linux ecosystems. • Resolve complex dependency, compatibility, and ABI issues across distributions and package versions. • Ensure package and image updates do not break customer environments, builds, or runtime compatibility. • Design and scale automated pipelines for package rebuilding, validation, remediation, signing, publishing, and image generation. • Integrate package validation, repository management, and remediation workflows into pipelines. • Generate and maintain SBOMs, package metadata, provenance data, and trusted software artifacts. • Improve image performance, package footprint, startup efficiency, and operational reliability. • Research emerging threats and best practices in Linux distributions, containers, Kubernetes, and software supply chain security.

Role Description Our client is seeking a highly skilled Cloud Security / DevOps Engineer to focus exclusively on strengthening and maintaining the organization’s cloud security posture. This role is critical in driving remediation efforts, managing security-related backlog, and ensuring systems are secure, updated, and compliant across a large-scale cloud environment. The ideal candidate will have deep expertise in AWS networking and cloud security, along with hands-on experience in vulnerability remediation, patching, and infrastructure hardening. - Take ownership of the security backlog, prioritizing and resolving vulnerabilities across the environment - Perform security remediation activities, including patching, upgrades, and system hardening - Manage and maintain over 1,000 Windows servers (2012 OS), including ongoing upgrade efforts - Utilize Orca Security to identify risks and drive improvements to overall security posture - Perform regular maintenance updates, including system patches and infrastructure upgrades - Work with AWS cloud infrastructure to secure applications and services - Troubleshoot and resolve security issues related to: - Firewalls - AWS load balancers - Network layers and configurations - Collaborate with teams to implement best practices for cloud security and DevOps - Support and enhance utilization of AI-driven tools within AWS (e.g., Anthropic / Mythos) for security initiatives - Partner with penetration testing teams and contribute to remediation efforts based on findings Qualifications - Strong experience in AWS Cloud Security - Deep expertise in AWS networking (VPCs, subnets, routing, security groups, etc.) - Hands-on experience with: - Vulnerability remediation - System patching and upgrades - Infrastructure security hardening - Experience managing and securing large-scale server environments - Knowledge of firewalls, load balancers, and network-layer security controls - Familiarity with security tools such as Orca or similar cloud-native security platforms - Experience working in a DevOps or cloud engineering environment - Understanding of penetration testing processes and remediation workflows Requirements - AWS - Cloud - Security - DevOps - AWS services - Python - CloudWatch - GitHub Benefits - Medical, dental & vision - Critical Illness, Accident, and Hospital - 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available - Life Insurance (Voluntary Life & AD&D for the employee and dependents) - Short and long-term disability - Health Spending Account (HSA) - Transportation benefits - Employee Assistance Program - Time Off/Leave (PTO, Vacation or Sick Leave) Company Description We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

Role Description This role is contingent upon a contract award. ICF is seeking an experienced Cybersecurity Manager to lead cybersecurity governance, risk management, compliance coordination, and security integration for a complex federal technology services program. This role will be responsible for ensuring cybersecurity requirements are addressed across systems, applications, integrations, cloud services, product delivery, and operational support functions. The ideal candidate has demonstrated experience supporting federal cybersecurity programs that require RMF alignment, assessment documentation, POA&M management, contingency planning, vulnerability coordination, cybersecurity reporting, and integration with engineering and product delivery teams. This role requires strong knowledge of federal cybersecurity requirements, practical risk management judgment, and the ability to coordinate across technical, program, operations, assessor, and client stakeholder groups. Job Location: This position is remote within the United States. Please note that ICF monitors employee work locations, restricts access from foreign locations and IP addresses, and prohibits the use of personal VPN connections. What You’ll Be Doing - Lead cybersecurity governance and RMF coordination across a complex federal technology services environment. - Develop, maintain, and coordinate cybersecurity assessment documentation, including FIPS 199 analyses, E-Authentication Risk Assessments, security control implementation statements, and supporting control artifacts. - Support system teams, product teams, security assessors, and client stakeholders in preparing and maintaining cybersecurity evidence and compliance documentation. - Evaluate cybersecurity risks associated with new capabilities, including applications, integrations, plug-ins, software tools, system connections, and platform changes. - Track system security deficiencies, remediation activities, and Plans of Action and Milestones through closure. - Lead or support development, maintenance, and testing of contingency plans for systems and services within program scope. - Develop and maintain cybersecurity governance standard operating procedures, workflows, templates, and reporting mechanisms. - Coordinate cybersecurity inputs into engineering, product delivery, architecture, DevSecOps, cloud, data, and service operations activities. - Support vulnerability management, incident response coordination, risk reviews, control evidence collection, and security-related data calls. - Partner with service operations, identity, device, network, platform, and application teams to ensure cybersecurity responsibilities are clear and evidence is maintained. - Monitor cybersecurity risks, issues, dependencies, and compliance gaps, and escalate items requiring leadership attention. - Translate cybersecurity requirements and risks into practical guidance for technical teams, program leadership, and client stakeholders. Qualifications - Bachelor’s Degree - U.S. Citizenship required due to federal contract requirements. - Must be able to obtain and maintain a Federal Public Trust clearance. - 10+ years of experience supporting cybersecurity, information assurance, security governance, risk management, compliance, or RMF activities in federal or regulated environments. - Active CISSP, CISM, CAP, Security+, GSEC, or equivalent cybersecurity certification. Preferred Qualifications - 7+ years of experience supporting federal cybersecurity requirements, including FISMA, NIST 800-53, RMF, POA&M management, system assessment, or authorization activities. - 5+ years of experience developing or maintaining cybersecurity assessment documentation, control implementation statements, security plans, contingency plans, risk assessments, or security artifacts. - 5+ years of experience coordinating with system owners, security assessors, engineering teams, product teams, operations teams, or federal cybersecurity stakeholders. - 5+ years of experience supporting vulnerability management, incident response coordination, remediation tracking, control evidence collection, or cybersecurity reporting. - 3+ years of experience evaluating cybersecurity risks for new technologies, applications, integrations, SaaS platforms, cloud services, or system connections. - 3+ years of experience supporting cybersecurity governance for cloud, SaaS, application modernization, DevSecOps, data, or enterprise platform environments. - Experience supporting HHS, NIH, FDA, CMS, CDC, or other health-focused federal environments. - Experience with Zero Trust, identity and access management, endpoint security, secure cloud architecture, secure SaaS governance, TIC 3.0, or continuous monitoring. - Experience integrating cybersecurity requirements into Agile, DevSecOps, CI/CD, product delivery, and application modernization workflows. - Experience supporting ATO packages, security assessment activities, security control validation, audit responses, and independent verification or validation reviews. - Experience with cybersecurity tools and repositories used for POA&M tracking, vulnerability management, audit evidence, incident coordination, SIEM/SOAR, or continuous monitoring. - Experience aligning cybersecurity activities with NIST 800-53 Rev. 5, NIST 800-37, NIST 800-61, NIST 800-34, FedRAMP, FISMA, CISA guidance, or HHS security policy. - Experience developing cybersecurity dashboards, executive risk reporting, compliance scorecards, and metrics-based security governance materials. - Additional cybersecurity, cloud security, Agile, ITIL, AWS, Azure, Google Cloud, or project management certification. Pay Range The pay range for this position based on full-time employment is: $158,819.00 - $269,993.00.