Job Closed

This listing is no longer active.

LED FastStart logo
LED FastStart

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

AWS Cloud Security Architect

Location

United States

Posted

21 days ago

Salary

$153K - $207K / year

Seniority

Mid Level

Job Description

AWS Cloud Security Architect

LED FastStart

Role Description The AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. - Designing secure cloud architectures - Performing risk assessments using enterprise tools - Coordinating with ITSO and CISA to validate system security through independent evaluations - Creating essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans - Delivering a quarterly Cloud Security Roadmap - Providing operational support for cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation - Supporting incident response planning - Supporting automation for legacy systems - Ensuring proper documentation of cybersecurity control artifacts - Ensuring continuous monitoring and secure data handling - Engaging in proactive risk mitigation - Strengthening the security posture across production and non-production cloud environments within the CMSO ecosystem Qualifications - Technical Training, Certification(s) or Degree required; BA/BS strongly preferred - 4 years of general experience in information systems may be substituted in lieu of preferred degree - 8+ years of specialized experience required Requirements - Container Security — Expert Level: - Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers - Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening - Strong expertise in Kubernetes NetworkPolicy - Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code - Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation - Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion - Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) - Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries - Network Security - Expert Level: - Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening - Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls - Expert VPC endpoint design: gateway and interface endpoints - Expert AWS WAF - Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS - Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening - Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) - Security Monitoring - Expert Level: - Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection - Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response - Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches - Vulnerability Management - Expert Level: - Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment - Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment - Proficiency with AWS native VM tooling: Inspector, Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking - Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis - Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response - Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping - ATO and Compliance: - Expert IAM least privilege: SCPs, permission boundaries, condition keys, and IAM Access Analyzer - Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design - Preferred Certifications: - AWS Certified Security - Specialty - Certified Kubernetes Security Specialist - AWS Certified Solutions Architect - Professional - Security Clearance Level: Ability to pass a background check to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts - Must be a US Person (Green Card Holder, US Permanent Resident Alien, Refugee, Asylee, US Citizen) Benefits - Comprehensive benefits and wellness packages - 401K with company match - Competitive pay and paid time off - Full flex work weeks where possible - Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement, and jury duty leave - 15 days of paid leave per calendar year for vacations, personal business, and illness - 10 paid holidays per year - GDIT Paid Family Leave program provides up to 160 hours of paid leave in a rolling 12-month period for eligible employees - Short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance Company Description We are GDIT, a global technology and professional services company that delivers consulting, technology, and mission services to every major agency across the U.S. government, defense, and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation.

Related Categories

Related Job Pages

More Cloud Engineer Jobs

Full TimeRemoteTeam 10,001+Since 1954H1B Sponsor

• Support design, implementation, and sustainment of an IL6 and multi-domain environments for a defense program • Directly support Enigma capabilities, including CSfC solutions, cross-domain architectures, secure remote access, and high-side cloud environments • Play a key role in automation initiatives and cybersecurity compliance within mission-critical environments • Responsible for designing, architecting, deploying, maintaining, and ensuring the reliability and scalability of cloud environments • Support configuration, sustainment, and modernization of CSfC-based solutions, secure remote access capabilities, and multi-domain connectivity • Handle installation, configuration, and maintenance of cloud systems under the guidance of the cloud engineering team • Collaborate with engineering, development, and quality assurance teams to establish guidelines for automated monitoring and alerting protocols • Monitor, troubleshoot, and resolve any operational issues in cloud environments, maintaining thorough logs and operational records • Work with cross-functional infrastructure and engineering teams to identify and apply emerging trends and technologies in cloud solutions • Prepare and update documentation to align with organizational standards and procedures related to cloud operations • Contribute to automation initiatives supporting provisioning, monitoring, patching, and compliance validation across IL6, CSfC, and cross-domain systems • Provide technical expertise and consultative guidance for cloud strategies and solutions, ensuring effective implementation and support of enterprise cloud environments

United States
$112.8K - $141.5K / year
Job Closed
1KOMMA5° logo

Senior IoT Cloud Engineer

1KOMMA5°

Immer der günstigste und sauberste Strom!

Cloud Engineer21 days ago
Full TimeRemoteTeam 1,001-5,000Since 2021H1B No Sponsor

• Take ownership of our systems at the intersection of Cloud Services and residential IoT Gateways • Operate and evolve our Kubernetes-based IoT Cloud Platform, including the deployment, scaling, and hardening of our connectivity and fleet services • Develop and run our Eclipse Hono stack as the messaging backbone between gateways and the cloud • Design, build and operate features around fleet management enabling the lifecycle of gateways from production line to field • Integrate tightly with Mender to operate safe OTA rollouts across the fleet. • Contribute to load and resilience tests to prove the platform scales and to find limits before our customers do • Build and own the observability pipelines for the IoT Platform and turn metrics into automated monitors, alerts, and self-healing mechanisms • Build data pipelines and BI models to turn raw data into fleet insights • Work collaboratively with product managers, data engineers, IoT engineers, as well as cloud engineers to understand problems, support discoveries, and create solutions enabling a scalable virtual power plant • Foster a culture of experiment-driven innovation within the team

Germany
GovCIO logo

Infrastructure & Cloud Operations Engineer

GovCIO

GovCIO is a service-disabled-veteran-owned small business (SDVOSB) that offers technology services to improve business performance for government organizations.

Cloud Engineer21 days ago

Support and administer enterprise cloud infrastructure, focusing on AWS and Linux systems. Manage observability and logging platforms, ensuring system reliability and security while collaborating across technical disciplines for operational continuity...

Georgia
EY logo

Senior Data Engineer – AWS

EY

Building a #BetterWorkingWorld by providing trust through assurance and helping organizations grow, transform & operate.

Cloud Engineer21 days ago
Full TimeRemoteTeam 10,001+Since 1989H1B Sponsor

• Develop and optimize data pipelines, integrate multiple information sources, and ensure data availability and quality for analytical and operational consumption. • Develop and maintain data pipelines using AWS services, particularly AWS Glue, Amazon Athena, and Amazon S3. • Design and implement ETL processes and data integration between different corporate systems. • Consolidate data from multiple sources into centralized, scalable environments. • Develop complex SQL queries for data transformation, modeling, and analysis. • Ensure data quality, performance, reliability, and data governance. • Support initiatives to migrate data platforms to AWS. • Work on evolving cloud data architectures. • Create and maintain dashboards, reports, and analytical solutions using data visualization tools. • Monitor production environments, identify bottlenecks, and resolve incidents. • Collaborate with Product Owners, business stakeholders, and technical teams to translate business needs into data solutions. • Participate in agile ceremonies and contribute to the continuous improvement of development processes. • Support Data Analytics, Business Intelligence, and Data Platform initiatives.

Brazil