About the Role:
The candidate will serve as the lead technical authority for a federal cybersecurity modernization program, responsible for designing and implementing modernized, automated, and standards-based cybersecurity support services across cloud and legacy environments. They will architect and deliver a multi-cloud General Support System (GSS) spanning AWS GovCloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration, ensuring secure, scalable, and continuously monitored IT operations in support of the agency's global mission.
The ideal candidate will champion the transition from manual, document-driven compliance to engineering-driven Governance, Risk, and Compliance (GRC). They will translate security requirements into machine-readable code, build automation frameworks that streamline cybersecurity and IT operations, and operationalize Policy-as-Code (PaC) pipelines that enforce DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIG controls in a continuous, version-controlled manner.
They will guide stakeholders and engineering teams in adopting continuous monitoring, automated control evidence, integrated risk scoring, and scalable control inheritance across AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved cloud-native services. Through this leadership, they will strengthen system resiliency, accelerate secure mission delivery, and advance the agency toward a modern, engineering-driven security model.
Role Responsibilities:
• Establish and lead the General Support System (GSS) architecture spanning AWS GovCloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration.
• Architect and deploy enterprise automation frameworks using Infrastructure-as-Code (Terraform, Ansible, AWS CloudFormation), Python, JSON, and AWS boto3 to streamline cybersecurity and IT operations.
• Translate agency security requirements into machine-readable code; design and implement automated, version-controlled compliance checks aligned with DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIGs.
• Integrate automation and Policy-as-Code (PaC) solutions into the continuous monitoring environment, activating AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved cloud-native services.
• Design modular, reusable, and scalable solutions adaptable to evolving DoD policies and emerging threats, ensuring enterprise-wide deployment without performance degradation.
• Own technical execution of contract deliverables: Automation Frameworks (initial deployment within 180 days), Policy-as-Code Framework (within 270 days), Continuous Monitoring Dashboards (within 270 days), and ongoing quarterly updates.
• Drive measurable outcomes against program KPIs: at least 15% reduction in manual security enforcement within 12 months; at least 25% of manual controls under automated configuration management within 12 months; real-time dashboard visibility into at least 90% of cloud-native systems where PaC is implemented.
• Lead recurring governance meetings and stakeholder workshops; partner with agency leadership to refine priorities, surface dependencies, and sustain enterprise adoption of automated controls.
• Direct workforce enablement: design training and documentation packages that achieve cross-training of at least 90% of the agency GRC team within 12 months, ensuring agency personnel can manage, maintain, and expand solutions post-implementation.
• Promote engineering-driven security practices including DevSecOps, supply chain risk management, Zero Trust principles, and AI/ML-enabled analysis across IT and OT environments.
Required Education & Qualifications:
• Master's degree from an accredited institution in a highly relevant technical field such as Computer Science, Software Engineering, Cybersecurity, or Cloud Computing.
• Twelve (12) years of demonstrated experience in systems engineering and cybersecurity, with at least seven (7) of those years focused on security automation, cloud engineering, and architecture.
• Five (5) years of demonstrated experience serving as a lead technical authority on enterprise-level projects, responsible for designing and implementing security solutions, not just assessing them.
• Five (5) years of demonstrated experience translating complex regulatory requirements (RMF, NIST, DISA STIGs) and architectural diagrams into functional, automated, and operational code.
• Must possess one of the following certifications: AWS Certified DevOps Engineer – Professional, AWS Certified Solutions Architect – Professional, AWS Certified Security – Specialty, or (ISC)² Certified Information Systems Security Professional (CISSP), preferably with an engineering or architecture concentration (ISSEP/ISSAP).
• Strong foundational and operational knowledge of DevSecOps and CI/CD pipelines, Zero Trust implementations, Supply Chain Risk Management (SCRM), and Infrastructure-as-Code methodologies.
• Hands-on expertise with Python, JSON, and AWS boto3 for security automation and orchestration.
• Deep functional and technical knowledge of the NIST RMF steps, DoDI 8510.01, NIST SP 800-53, and DISA STIG implementation.
• Experience with continuous monitoring tooling, automated evidence collection, and integrated risk scoring across multi-cloud environments.
Desired Skills:
• Demonstrated multi-cloud architecture experience across AWS GovCloud, Azure Government, and Google Cloud Platform.
• Experience implementing Policy-as-Code (PaC) frameworks to automate control enforcement, compliance validation, and security evidence collection.
• Familiarity with Open Security Controls Assessment Language (OSCAL) for machine-readable representation of control catalogs, baselines, and assessment results.
• Experience supporting Authorizations to Operate (ATOs) for cloud and hybrid DoD environments.
• Prior experience leading technical teams and serving as principal advisor to government system owners and Authorizing Officials.
• Familiarity with DevSecOps tooling including SAST, DAST, SCA, secrets management, and code repositories such as GitHub.
Clearance and Location Requirements:
• Active U.S. Security Clearance is required.
• This hybrid role requires onsite work at a Department of Defense (DoD) facility.
We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.
Contact us