AWS Cloud Security Architect

Cloud EngineerCloud EngineerFull TimeRemoteMid LevelTeam 10,001+Since 1954H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

1 day ago

Salary

$147.3K - $199.3K / year

Seniority

Mid Level

Job Description

AWS Cloud Security Architect

General Dynamics Information Technology

Role Description The CMM AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. - Experience with designing and implementing security measures to protect data as it moves from on-premises data center servers to cloud storage systems. - Experience with network security and security compliance. - Provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. - Conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks. Key Responsibilities - Designing secure cloud architectures - Performing risk assessments using enterprise tools - Coordinating with ITSO and CISA to validate system security through independent evaluations - Creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans - Delivers a quarterly Cloud Security Roadmap - Provides operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation - Supports incident response planning - Supports automation for legacy systems - Ensures proper documentation of cybersecurity control artifacts - Ensures continuous monitoring and secure data handling - Engages in proactive risk mitigation - Strengthens the security posture across production and non-production cloud environments within the CMSO ecosystem Qualifications - Technical Training, Certification(s) or Degree required; BA/BS strongly preferred. - 4 years of general experience in information systems may be substituted in lieu of preferred degree. - 8+ years of specialized experience required. Requirements - Container Security — Expert Level: - Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers - Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening - Strong expertise in Kubernetes NetworkPolicy - Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code - Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation - Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion - Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) - Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries - Network Security - Expert Level: - Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening - Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls - Expert VPC endpoint design: gateway and interface endpoints - Expert AWS WAF - Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS - Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening - Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) - Security Monitoring - Expert Level: - Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection - Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response - Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches - Vulnerability Management - Expert Level: - Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment - Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment - Proficiency with AWS native VM tooling: Inspector, Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking - Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis - Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response - Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping - ATO and Compliance: - Expert IAM least privilege: SCPs, permission boundaries, condition keys, and IAM Access Analyzer - Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design Preferred Certifications - AWS Certified Security - Specialty - Certified Kubernetes Security Specialist - AWS Certified Solutions Architect - Professional Benefits - Comprehensive benefits and wellness packages - 401K with company match - Competitive pay and paid time off - Full flex work weeks where possible - Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement, and jury duty leave - 15 days of paid leave per calendar year for new employees - Paid Family Leave program providing up to 160 hours of paid leave in a rolling 12 month period for eligible employees - Short and long-term disability benefits - Life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance

Related Categories

Related Job Pages

More Cloud Engineer Jobs

Xenon Seven logo

Senior Azure Administrator – Data & AI

Xenon Seven

Human Experts Implementing Artificial Intelligence #AI #ArtificialIntelligence #HumanIntelligence

Cloud Engineer2 days ago
Full TimeRemoteTeam 11-50H1B No Sponsor

• Infrastructure Integration: Design, deploy, and maintain the connective tissue between our on-premises data centers and Azure. • Cloud Infrastructure Management for Data & AI: Provision, configure, and optimize enterprise-grade Azure resources tailored for data workloads, including Microsoft Fabric, Azure Databricks, Azure Data Factory, Synapse Analytics, and Azure Machine Learning environments. • On-Prem & Cloud Security Hardening: Enforce strict identity governance across hybrid environments by aligning on-premises Active Directory (AD) with Microsoft Entra ID. Manage secrets across environments and implement network security boundaries that satisfy Central Bank of Egypt (CBE) regulations. • Automation & Infrastructure as Code (IaC): Standardize deployment processes across both cloud and local infrastructure using Terraform or Azure Bicep, integrating them into CI/CD pipelines via Azure DevOps to support unified DataOps workflows. • Hybrid Disaster Recovery & Monitoring: Architect and test robust Backup and Disaster Recovery (BCDR) strategies that guarantee zero data loss across both local storage arrays and Azure Data Lakes, maintaining continuous visibility through unified monitoring tools.

Egypt
Full TimeRemoteTeam 51-200H1B No Sponsor

• Design scalable, resilient, and secure cloud solutions for Google environment. • Evaluate emerging cloud technologies and assess their potential impact on organizational goals. • ​Drive adoption of DevOps practices, infrastructure as code, and automation frameworks. • Optimize application performance and reliability in cloud environments. • ​Design secure cloud architectures implementing zero-trust principles and defense-in-depth strategies. • ​Ensure compliance with industry standards (SOC 2, HIPAA, PCI-DSS, etc.) and regulatory requirements. • ​Implement identity and access management solutions and security monitoring frameworks. • Facilitate customer onboarding and implement a consistent pathway to cloud adoption. • Assess legacy systems and design modernization strategies including containerization and microservices. • ​Develop migration methodologies and ensure minimal organizational disruption during transitions. • Manage and optimize cloud environments, networking, VPNs, IaaS, PaaS, and SQL systems. • Implement and maintain Jenkins, Terraform, Ansible, Kubernetes, Jira, Confluence, Artifactory, and Guacamole to support DevSecOps practices. • Containerize applications to enhance scalability and deployment efficiency. • Support the design and development of Shared Services. • Configure and troubleshoot cloud, virtual, and physical hardware and software systems. • Establish and maintain SQL and NoSQL databases, ensuring their performance and reliability. • Prepare detailed technical documentation to support development and operational processes. • Conduct security assessments and remediate vulnerabilities in cloud environments. • Collaborate with cross-functional teams including development, operations, security, and product management. • ​Create reference architectures, design patterns, and technical standards for cloud implementations.

Massachusetts
Full TimeRemoteTeam 1,001-5,000Since 1905H1B No Sponsor

• Provide hands-on technical leadership across OpenStack-based cloud platforms, acting as a subject matter expert in cloud infrastructure and distributed systems. • Support the development of engineering standards, patterns, and reusable designs, while mentoring other engineers within the team. • Ensure solutions are designed to meet both customer and business requirements in multi-tenant environments.  • Design, implement, and manage Brightsolid’s OpenStack cloud platform, including compute, storage, and networking components. • Work across the full lifecycle of the platform, including build, deployment, optimisation, and scaling of services. • Ensure the platform remains highly available, resilient, and capable of supporting diverse workloads.  • Design and support large-scale storage platforms underpinning the cloud environment, including high-performance and enterprise storage solutions. • Contribute to the architecture and operation of block, object, and distributed storage services, ensuring performance, durability, and scalability requirements are met. • Drive the adoption of infrastructure-as-code and automation practices across the cloud platform. • Develop and maintain deployment tooling, orchestration templates, and automation pipelines to ensure consistent and repeatable platform delivery. • Support a continuous delivery approach for infrastructure services.  • Support the ongoing operation of the Brightsolid cloud platform, including monitoring, troubleshooting, and resolution of complex issues. • Ensure platform compliance, patching, and lifecycle management activities are performed in line with operational standards. • Contribute to a high-availability, 24x7 service environment.  • Contribute to the evolution of Brightsolid’s cloud platform, working closely with Cloud Engineering leadership and Product Management to enhance capabilities and introduce new technologies. • Support the ongoing transition to open-source platforms and ensure alignment with long-term strategic goals. • Work closely with Network Engineering, Security Operations, Product Management, and Customer Success teams to deliver integrated cloud services. • Engage with external partners including Canonical to support platform development, deployment, and optimisation.

United Kingdom

Role Description This role supports the U.S. Air Force Cloud One Architecture and Common Shared Services contract and currently has an opening for a Google Cloud Platform Engineer. Location: This position will be remote. - Design scalable, resilient, and secure cloud solutions for Google environment. - Evaluate emerging cloud technologies and assess their potential impact on organizational goals. - Drive adoption of DevOps practices, infrastructure as code, and automation frameworks. - Optimize application performance and reliability in cloud environments. - Design secure cloud architectures implementing zero-trust principles and defense-in-depth strategies. - Ensure compliance with industry standards (SOC 2, HIPAA, PCI-DSS, etc.) and regulatory requirements. - Implement identity and access management solutions and security monitoring frameworks. - Facilitate customer onboarding and implement a consistent pathway to cloud adoption. - Assess legacy systems and design modernization strategies including containerization and microservices. - Develop migration methodologies and ensure minimal organizational disruption during transitions. - Manage and optimize cloud environments, networking, VPNs, IaaS, PaaS, and SQL systems. - Implement and maintain Jenkins, Terraform, Ansible, Kubernetes, Jira, Confluence, Artifactory, and Guacamole to support DevSecOps practices. - Containerize applications to enhance scalability and deployment efficiency. - Support the design and development of Shared Services. - Configure and troubleshoot cloud, virtual, and physical hardware and software systems. - Establish and maintain SQL and NoSQL databases, ensuring their performance and reliability. - Prepare detailed technical documentation to support development and operational processes. - Conduct security assessments and remediate vulnerabilities in cloud environments. - Collaborate with cross-functional teams including development, operations, security, and product management. - Create reference architectures, design patterns, and technical standards for cloud implementations. Qualifications - Bachelor’s Degree and 4+ years or more of experience; additional years of experience may be accepted in lieu of degree. - Must have an active Secret clearance. - 1 or more cloud certifications. - US citizenship required. - Certifications: CompTIA Security+ or equivalent (IAT-2). - Excellent verbal and written communications skills. - Experience onboarding customer log-data from cloud platforms to on-premises or cloud-based analysis environments such as Elastic or Splunk. - Cloud architecture and design experience. Preferred Skills - Experience with USAF Cloud One or Platform 1. - Experience with Zero Trust Architecture. - Excellent customer service skills, with experience working in a customer-facing position. - Strong understanding of Active Directory, Azure AD, SAML and the standards, procedures, and processes. - Experience with Ansible, AWS console, Elastic, AWS, Azure, Jira, Confluence, Git, Bitbucket and various cloud Software as a Service (SaaS) offerings. - Administration experience with cloud-based applications (MS O365, SharePoint, Azure AD, AWS). - Experience administering Windows Server, and related services. - Cloud certifications in Google clouds. Benefits - Medical - Dental - Vision - AD&D - STD - LTD - Company paid Life Insurance - 401k with employer contribution - Paid Time Off - Pet Insurance

United States