General Dynamics logo
General Dynamics

A business unit of General Dynamics, General Dynamics Information Technology (GDIT) supports some of the United States' most complex government, defense, and in

AWS Cloud Security Architect

Location

United States

Posted

3 days ago

Salary

$169.6K - $229.5K / year

Seniority

Mid Level

Job Description

AWS Cloud Security Architect

General Dynamics

Role Description The AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measures to protect data as it moves from on-premises data center servers to cloud storage systems. The candidate shall have experience with network security and security compliance. This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The Architect conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks. Key Responsibilities - Designing secure cloud architectures - Performing risk assessments using enterprise tools - Coordinating with ITSO and CISA to validate system security through independent evaluations - Creating essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans - Delivering a quarterly Cloud Security Roadmap - Providing operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation - Supporting incident response planning - Supporting automation for legacy systems - Ensuring proper documentation of cybersecurity control artifacts - Ensuring continuous monitoring and secure data handling - Engaging in proactive risk mitigation - Strengthening the security posture across production and non-production cloud environments within the CMSO ecosystem Qualifications - 10+ years of related experience - Technical Training, Certification(s) or Degree - Additional education and/or experience are strongly preferred in the following combinations: - HS Diploma & 18+ Years Experience - AA/AS & 16+ Years Experience - BA/BS & 14+ years Experience - MA/MS & 12+ Years Experience - Doctorate Degree/Ph.D. & 11+ Years Experience Requirements - Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers - Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening - Strong expertise in Kubernetes NetworkPolicy - Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code - Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation - Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion - Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) - Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries - Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening - Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls - Expert VPC endpoint design: gateway and interface endpoints - Expert AWS WAF - Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS - Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening - Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) - Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection - Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response - Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches - Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment - Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment - Proficiency with AWS native VM tooling: Inspector, Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking - Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis - Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response - Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping - Expert IAM least privilege: SCPs, permission boundaries, condition keys, and IAM Access Analyzer - Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design Benefits - Comprehensive benefits and wellness packages - 401K with company match - Competitive pay and paid time off - Full flex work weeks where possible - Paid parental, military, bereavement, and jury duty leave - 15 days of paid leave per calendar year - 10 paid holidays per year - Paid Family Leave program providing up to 160 hours of paid leave in a rolling 12 month period for eligible employees - Short and long-term disability benefits - Life, accidental death and dismemberment, personal accident, critical illness, and business travel and accident insurance

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 10,001+Since 1997H1B No Sponsor

• Assist with monitoring security alerts and investigating potential security incidents. • Support vulnerability scanning and help document findings and remediation efforts. • Participate in security assessments, audits and compliance activities. • Assist with user access reviews and identity and access management processes. • Use data analysis, statistical models, historical information, and financial knowledge to make informed risk exposure and management strategies decisions. • Help develop internal processes and methodologies for risk assessment and risk monitoring. • Perform other cyber security-related projects and tasks as assigned.

California
$27 - $33 / hour
Defy Security logo

Enterprise Account Executive, Cybersecurity

Defy Security

Cybersecurity experts who put customers back where they belong: First.

Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor

• Own the enterprise sales cycle — from prospecting and qualification to negotiation and close — across $1B+ revenue organizations. • Engage directly with CISOs, CIOs, and CFOs to align cybersecurity investments to enterprise goals. • Lead multi-stakeholder deals (6–12 months) in partnership with Solutions Architects, Services, and OEM channel partners. • Drive platform adoption — move customers from point products to integrated cybersecurity architectures. • Collaborate cross-functionally with Defy’s Services, Engineering, and Partner teams to deliver client success and measurable outcomes. • Apply consultative methodologies (e.g., MEDDPICC, Challenger, Command of the Message) to position Defy’s value and differentiation. • Consistently exceed quarterly and annual sales goals for bookings, revenue, and gross margin. • Represent Defy with executive presence — leading presentations, proposals, and value discussions with boards and senior leaders.

Minnesota
$110K - $130K / year
Defy Security logo

Enterprise Account Executive – Cybersecurity

Defy Security

Cybersecurity experts who put customers back where they belong: First.

Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor

• Own the enterprise sales cycle — from prospecting and qualification to negotiation and close — across $1B+ revenue organizations. • Engage directly with CISOs, CIOs, and CFOs to align cybersecurity investments to enterprise goals. • Lead multi-stakeholder deals (6–12 months) in partnership with Solutions Architects, Services, and OEM channel partners. • Drive platform adoption — move customers from point products to integrated cybersecurity architectures. • Collaborate cross-functionally with Defy’s Services, Engineering, and Partner teams to deliver client success and measurable outcomes. • Apply consultative methodologies (e.g., MEDDPICC, Challenger, Command of the Message) to position Defy’s value and differentiation. • Consistently exceed quarterly and annual sales goals for bookings, revenue, and gross margin. • Represent Defy with executive presence — leading presentations, proposals, and value discussions with boards and senior leaders.

New York
$110K - $130K / year
Defy Security logo

Enterprise Account Executive – Cybersecurity

Defy Security

Cybersecurity experts who put customers back where they belong: First.

Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor

• Own the enterprise sales cycle — from prospecting and qualification to negotiation and close — across $1B+ revenue organizations. • Engage directly with CISOs, CIOs, and CFOs to align cybersecurity investments to enterprise goals. • Lead multi-stakeholder deals (6–12 months) in partnership with Solutions Architects, Services, and OEM channel partners. • Drive platform adoption — move customers from point products to integrated cybersecurity architectures. • Collaborate cross-functionally with Defy’s Services, Engineering, and Partner teams to deliver client success and measurable outcomes. • Apply consultative methodologies (e.g., MEDDPICC, Challenger, Command of the Message) to position Defy’s value and differentiation. • Consistently exceed quarterly and annual sales goals for bookings, revenue, and gross margin. • Represent Defy with executive presence — leading presentations, proposals, and value discussions with boards and senior leaders.

Texas
$110K - $130K / year