Cloud Security Engineer

About the position

Join our newly-awarded, groundbreaking initiative with the Naval Air Systems Command (NAVAIR) as a Cloud Security Engineer. You will lead the design and implementation of a secure, state-of-the-art Engineering Network (eNET) prototype, revolutionizing research, development, and engineering activities within NAVAIR. This position requires onsite support in California, MD. Open to relocation for the absolute best fit! An Interim Secret clearance is required to begin working.

Responsibilities

• Design, plan, and integrate secure cloud computing and virtualization systems for eNET.
• Leading Authority to Operate (ATO) process, including documentation, POA&Ms, and liaising with Authorizing Officials (AOs).
• Interfacing with DoD security officers, compliance teams, and security accessors to ensure security best practices.
• Provide detailed guidance on hardware/software selection, implementation techniques, and data migration.
• Develop and test cloud and virtualization systems, ensuring robust security measures.
• Maintain expertise in cloud computing and virtualization technologies and industry standards.
• Evaluate and recommend new cloud and security technologies.

Requirements

• Bachelor's degree in a technical field.
• Knowledge of DoD and Federal Compliance Frameworks (RMF, ATO, JSIG, FedRAMP, NIST 800-53, NIST 800-171).
• Experience with classified security controls, Cross-Domain Solutions (CDS), and handling classified data in cloud environments.
• Proficiency in AWS security tools like IAM, GuardDuty, Security Hub, CloudTrail.
• Strong understanding of AWS networking (VPCs, Transite Gateways, PrivateLink, Route53) encryption (KMS, HSM) and secure compute/storage practices.
• 9+ years of IT industry experience with a focus on cloud solutions and security.
• Experience with Infrastructure as Code (IaC) tools like AWS CloudFormation or Terraform and CI/CD pipeline security.
• Proficiency in Kubernetes architecture, operations, and security.
• Ability to manage and scale containerized applications using Amazon EKS.
• Familiarity with EKS integration points and security configurations.
• Active Secret clearance required, Top Secret clearance preferred.

Nice-to-haves

• Expertise in cloud provider security services (AWS IAM, Azure Active Directory, GCP Security Command Center).
• Experience with Identity and Access Management, including role-based access control and multi-factor authentication.
• Ability to design secure Virtual Private Clouds and implement AWS Direct Connect, Azure ExpressRoute.
• Understanding of Zero Trust Architecture and secure access models in cloud environments.