LED FastStart logo
LED FastStart

We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

AWS Cloud Security Architect

Location

United States

Posted

1 day ago

Salary

$147.3K - $199.3K / year

Seniority

Mid Level

Job Description

AWS Cloud Security Architect

LED FastStart

Role Description The AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. - Designing secure cloud architectures - Performing risk assessments using enterprise tools - Coordinating with ITSO and CISA to validate system security through independent evaluations - Creating essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans - Delivering a quarterly Cloud Security Roadmap - Providing operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation - Supporting incident response planning - Supporting automation for legacy systems - Ensuring proper documentation of cybersecurity control artifacts - Ensuring continuous monitoring and secure data handling - Engaging in proactive risk mitigation - Strengthening the security posture across production and non-production cloud environments within the CMSO ecosystem Qualifications - Technical Training, Certification(s) or Degree required; BA/BS strongly preferred - 4 years of general experience in information systems may be substituted in lieu of preferred degree - 8+ years of specialized experience required Requirements - Container Security — Expert Level: - Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers - Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening - Strong expertise in Kubernetes NetworkPolicy - Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code - Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation - Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion - Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) - Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries - Network Security - Expert Level: - Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening - Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls - Expert VPC endpoint design: gateway and interface endpoints - Expert AWS WAF - Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS - Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening - Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) - Security Monitoring - Expert Level: - Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection - Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response - Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches - Vulnerability Management - Expert Level: - Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment - Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment - Proficiency with AWS native VM tooling: Inspector, Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking - Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis - Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response - Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping - ATO and Compliance: - Expert IAM least privilege: SCPs, permission boundaries, condition keys, and IAM Access Analyzer - Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design Benefits - Comprehensive benefits and wellness packages - 401K with company match - Competitive pay and paid time off - Full flex work weeks where possible - Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement, and jury duty leave - GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12-month period for eligible employees - Short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance

Related Categories

Related Job Pages

More Cloud Engineer Jobs

CDW logo

Principal Consulting Engineer – VMware Cloud Foundation

CDW

CDW Corporation is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. For more information about CDW, please visit www.CDW.com. Our broad array of products and services range from hardware and software to integrated IT solutions such as security, cloud, hybrid infrastructure and digital experience.

Full TimeRemoteTeam 10,001+Since 1984H1B Sponsor

• Lead a project team, directing coworker and client teams in solution design and development • Provide leadership in creating business cases, financial justification and solution benefit content for customer ready deliverables and presentations • Proactively addresses or escalates any budget issues that are identified during the project • Quality Assurance for SOW requests that meet triggers for size, cross brand, and complexity • Perform peer review of deliverables from other team members for technical content to ensure accuracy • Maintain client relationships as a trusted Technical Advisor providing best practices for virtualization, high availability, storage integration, and DR/business continuity • Architect, deploy, and integrate VMware Cloud Foundation solutions, including comprehensive use of VCF Operations and VCF Automation • Collaborate with sales and solution architects to design VCF solutions tailored to customer requirements

California
$164K - $240.8K / year
OtherRemoteTeam 501-1,000

Role Description We are seeking a Cloud & Integration Developer supporting our Digital, CRM, and Retail (POS) ecosystem to design, build, and maintain cloud-based integrations and automation solutions. This role sits within the Digital Technology organization and directly supports platforms spanning eCommerce, OMS, CRM, Marketing, Loyalty, and Store/Point-of-sale (POS) systems. The developer will play a critical role in enabling reliable data flows and system connectivity across enterprise platforms such as Salesforce Commerce Cloud, Salesforce CRM: Loyalty Cloud, Data Cloud & Marketing Cloud, Snowflake, and Aptos ONE POS integrations. This is a hands-on technical execution and support role focused on building and maintaining integrations, with operational responsibility for ensuring system reliability and security, including after-hours support when critical issues arise. Qualifications - Experience in cloud-based application development and integration. - Proficiency with AWS services and tools. - Strong understanding of API and event-driven integrations. - Experience with SQL and data analytics. - Ability to work collaboratively with cross-functional teams. Requirements - Build, maintain, and enhance cloud-based applications and integrations on AWS. - Develop and optimize AWS Lambda functions for automation, backend processing, and system integration. - Manage AWS services including S3, API Gateway, CloudWatch, IAM. - Monitor system security, performance, troubleshoot issues, and optimize cost and efficiency. - Design and maintain API and event-driven integrations across various platforms. - Support integration between store systems and digital/CRM platforms. - Build automation workflows to streamline operational and customer-facing processes. - Write and optimize SQL queries across multiple schemas and datasets. - Participate in monitoring, incident response, and root cause analysis. - Provide on-call / after-hours support for production issues when needed. - Document issues, resolutions, and preventative measures. - Participate in Agile ceremonies as part of delivery teams. Benefits - Remote work flexibility. - Opportunity to work with cutting-edge technology. - Collaborative team environment. - Professional development opportunities.

United States
$120K - $135K / year
HOESSLER & HOESSLER logo

Cloud Engineer – Karriereambitionen

HOESSLER & HOESSLER

Full-Service. Full-Power. Full-Success.

Full TimeRemoteTeam 1-10H1B No Sponsor

• Selbstbestimmte Arbeitszeiten und Homeoffice • Teams leiten und Unternehmen führen lernen • Leistungs- und ergebnisorientierte Bezahlung • Unterstützung unserer Kunden in Cloud-Projekten

Germany
€70K - €77K / year
Full TimeRemoteTeam 51-200Since 2020H1B No Sponsor

• Drive the development of GenAI initiatives globally • Build and scale LLM-powered applications for customer interactions • Design custom solutions leveraging foundation models • Contribute to responsible AI governance • Extend GenAI applications into document processing, claims decisioning, and reporting

Portugal
€2K - €2.5K / month