Lead Cloud Networking Engineer

About the position

The DHS CDM Program mission is to safeguard and secure cyberspace in an environment where the threat of cyber-attack is continuously growing and evolving. The CDM Program defends the United States (U.S.) Federal Information Technology (IT) networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, and associated services to strengthen the security posture of Government networks. As an AWS Security Engineer, you are responsible for managing an enterprise that consists of multiple flavors of Linux & Windows within the AWS infrastructure. All with Cybersecurity at the core. Although this is a high-pace environment, be assured you'd be joining a high-tech people-oriented team and overall community that's just as flexible as we're hoping you to be.

Responsibilities

• Lead the design, deployment, and troubleshooting of Azure VPN Gateways and ExpressRoute with BGP to support secure inter-account and external connectivity, including mission-critical links to DISA.
• Oversee PPSM edits and IAP whitelisting requests, ensuring alignment with DoD cybersecurity requirements and verifying post-change connectivity.
• Serve as a technical lead in the re-architecture and deployment of the Coast Guard's Azure Enterprise Cloud, including documentation and knowledge sharing.
• Proactively troubleshoot complex hybrid-cloud infrastructure issues across Azure and AWS, including routing conflicts, firewall/NACL/NSG/SG blocks, and CAP/IAP restrictions.
• Lead the redeployment of Cisco FMC/FTDv boundary protection appliances, aligning with Cisco and AWS best practices, including policy design, SSO integration, and testing.
• Develop and maintain Terraform modules to automate deployment of Versa VOS SD-WAN appliances, promoting infrastructure as code and repeatability.
• Build serverless automation using AWS Lambda to enhance operational resilience through remote Cisco firewall backups.
• Architect and implement Ansible automation, including server buildout and playbooks to manage Cisco FMC configurations via configuration as code.
• Configure IAM roles, users, and policies to enable secure integration with third-party tools such as the Versa CMS connector in AWS.
• Lead the provisioning of new AWS and Azure environments, applying security controls, routing, and firewall rules as part of the onboarding process for new accounts and workloads.
• Administer Azure Entra ID, managing admin access and permissions to align with least privilege principles.
• Develop and maintain detailed network documentation, diagrams, and operational runbooks for new deployments and architectural changes.
• Drive Agile delivery by managing JIRA tasks, leading SCRUM contributions, and mentoring junior team members on technical tasks and ticket ownership.

Requirements

• Cleared for Secret work
• DoD Approved 8570 Baseline Certification: IAT Level II
• US Citizenship required.
• University Degree (BS), or equivalent years of related experience, and additionally 10+ years of related IT engineering experience required.
• 10+ years' cumulative experience with customer interactions, including presenting, answering questions, proactively resolving issues.
• 10+ years' cumulative experience with in-depth systems administration in Linux environments (RHCE equivalence) and Windows Server environments.
• 10+ years' cumulative experience integrating and troubleshooting systems in a Cloud environment (AWS Cloud preferred).
• 7+ years' hands-on cumulative experience creating, analyzing and automating Linux scripts (Command, Bash, C, Ansible).
• 5+ years' cumulative experience implementing and securing services relating to remote connections.
• 3+ years' cumulative experience integrating/understanding Multi-factor authentication (MFA, 2MFA).
• 7+ years' cumulative experience with enhance data protection and compliance (such as OpenSSL, KeyStore, Cyphers).
• 3+ years' cumulative experience with securing systems by following STIGs, best practices, and government/compliance requirements (such as NIST 800-53, NIST 800-171, FISMA, FEDRAMP).
• 1+ years' cumulative experience with network devices, integrations and concepts such as VPN, firewall, routing.
• 1+ years' cumulative experience with Agile/Kanban, Git/GitHub.
• Responsible for Configuration, maintenance, and troubleshooting when necessary - IaaS (Linux and windows), SaaS, and PaaS implementations.

Nice-to-haves

• Technical degree in Computer Science, Computer Engineering, or a related subject area.
• Relevant Technical and/or Security Certifications (e.g. CISSP, Sec+ etc.).
• Two or more of the following certifications: AWS DevOps Engineering Expert, AWS Solutions Architect Expert, AWS Security Engineer Associate.
• Proven communication skills both written and verbal to management.
• Familiarity with common cybersecurity tools.
• 2+ years' recent (within the past 3 years) cumulative experience with AWS Cloud Computing.
• 3+ years' cumulative experience with VMWare (implementing, managing, configuring).
• Some experience (1+ years') with any or all these products or technologies: MS SQL, Ansible, Puppet, Chef, Qualys, SCCM, BigFix, MDM solutions, GIT.
• Some experience (1+ years') setup and integration with IIS, SQL Server.
• Experienced and understanding of ADFS, SAML and PKI.
• Experience with AWS Rest API calls.

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits