Senior Cloud Infrastructure Engineer

Job not on LinkedIn

🔥 0 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Cole Engineering Services, Inc. (CESI), a By Light Company

Cole Engineering Services, Inc. (CESI), a By Light Company

1001 - 5000 employees

Founded 2004

🏛️ Government

🔒 Cybersecurity

🥽 AR/VR

Government • Cybersecurity • AR/VR

Cole Engineering Services, Inc. (CESI) is a defense-focused engineering and software services company (a By Light company) that designs and delivers modeling & simulation, software development, systems integration, and interoperability solutions. CESI builds cyber operations and training environments, serious gaming and virtual-worlds, and provides technical services and training to support military and government mission readiness. The company has a track record supporting Department of Defense programs such as PEO STRI and AFLCMC, delivering software and simulation products for warfighter training and operational use.

📋 Description

• Support the design and maintain landing zones using cloud applications such as AWS Organizations, Control Tower, SCP guardrails, Identity and Access Management (IAM) multi-account patterns, and VPC architectures (Transit Gateway, PrivateLink, NAT, IGW) for enclave isolation and cross-domain needs. • Engineer high-availability, multi-Region solutions leveraging cloud tools such as EC2, EKS/ECS Fargate, RDS/Aurora, DynamoDB, S3/EFS/FSx, Load Balancers, Route 53, and API Gateway. • Implement Zero Trust-aligned patterns (micro-segmentation, strong identity, continuous verification) consistent with DoD Zero Trust guidance. • Implement security controls and evidence generation for RMF ATO packages (SSP, SAR, POA&M) in coordination with cybersecurity teams. • Apply DISA STIGs (OS, DB, Kubernetes, Container) and SRG requirements for workloads at IL2–IL6. • Tailor and automate STIG application using IaC and configuration management. • Integrate encryption and key management with cloud tools such as AWS KMS/HSM; enforce IAM least privilege, SCPs, permission boundaries, ABAC, and robust secrets management. • Implement cloud logging and metrics tools such as CloudTrail/CloudWatch/GuardDuty/Config for comprehensive audit and detection. • Align architectures with FedRAMP Moderate/High baselines when required and ensure boundary compliance for controlled workloads. • Develop secure connectivity (AWS Direct Connect/VPN), hybrid routing, and segmentation; implement TLS mutual auth, certificate management, and private service endpoints. • Design logging and telemetry pipelines (CloudWatch, OpenTelemetry, Kinesis, S3, SIEM integration such as Splunk/ELK) with retention, metadata/tagging, and data lifecycle policies. • Own SLOs/SLAs for platform services. • Implement autoscaling, health checks, and proactive capacity management. • Lead cost management and alerting practices of cloud environments in coordination with project leads. • Provide Tier 3 support, on-call rotations during exercises, and incident response coordination with cybersecurity and training operations. • Collaborate with agile teams and product owners to translate training requirements into platform capabilities. • Provide mentorship for junior engineers. • Establish standards, design reviews, and repeatable processes. • Present cloud solutions to project leadership and accreditation authorities.

🎯 Requirements

• Bachelor’s degree in a related technical discipline such as computer science or information technology from an accredited college or university. • 8–12+ years of experience in cloud/platform engineering with at least 5 years focused on Amazon Web Services (AWS) with a demonstrated leadership delivering secure, scalable, production-grade cloud-based systems. • DoD 8570/8140 compliance: IAT II (Security+) required; IAT III/CISSP or CASP+ preferred • AWS Certifications: Certified Solutions Architect – Professional, Security – Specialty, and/or DevOps Engineer – Professional. • Kubernetes certifications: CKA/CKS. • Experience with HashiCorp Vault, Service Mesh (Istio), policy-as-code (OPA), and zero trust implementations in government environments. • Infrastructure-as-code mastery (Terraform and/or CloudFormation), pipelines (GitLab/Jenkins), and configuration management (Ansible/Chef). • Deep AWS tool expertise: Organizations/Control Tower, IAM, Bedrock, KMS/HSM, VPC/Transit Gateway, Direct Connect/VPN, EC2/EKS/ECS, RDS/Aurora, DynamoDB, S3/EFS/FSx, ELB/API Gateway/Lambda, CloudTrail/CloudWatch/Config/GuardDuty, Route 53, EventBridge/SQS/SNS. • Understanding of RMF accreditation (SSP, POA&M, Continuous Monitoring) and control implementation under NIST SP 800-53 Rev. 5. • Hands-on application of DISA STIGs and DoD Cloud Computing SRG for IL2–IL6 workloads. • Strong understanding of GovCloud (US) patterns and boundary controls. • Strong knowledge of networking fundamentals: TCP/IP, DNS, TLS/PKI, routing, micro-segmentation, Zero Trust patterns. • Logging/monitoring design and SIEM integration. • Incident response and troubleshooting across app, infra, and network layers. • Excellent communication, documentation, stakeholder engagement skills, and the ability to lead cross-functional initiatives.

🏖️ Benefits

• Medical, Dental & Vision Coverage • Wellness Program • 401(k) Matching • Disability (Short Term & Long Term) • Employee Assistance Program • Life Insurance • Education & Training • Generous Leave Policy (11 Federal Holidays, PTO, Military Leave, Bereavement and Jury Duty)

Apply Now

Similar Jobs

🔥 46 minutes ago

By Light Professional IT Services

1001 - 5000

🔒 Cybersecurity

Senior Cloud Infrastructure Engineer handling implementation and operations of DoD cyber training cloud environments. Collaborating with cybersecurity teams to ensure secure, scalable cloud platforms.

🔥 1 hour ago

CrowdStrike

5001 - 10000

🔒 Cybersecurity

☁️ SaaS

🤖 Artificial Intelligence

Network Security Engineer at CrowdStrike safeguarding cybersecurity against advanced threats using diverse network architectures and cross-functional teamwork.

🔥 12 hours ago

Executive 1 Holding Company, LLC

11 - 50

🤝 B2B

🏢 Enterprise

Cloud Infrastructure Engineer supporting AWS infrastructure and Linux systems for a cloud-native SaaS platform. Collaborating with engineering teams to enhance platform reliability and security.

🔥 23 hours ago

Sedgwick

10,000+ employees

🏢 Enterprise

📋 Compliance

Design and maintain security architecture for cloud and on-premise systems at Sedgwick. Provide technical guidance and mentorship while collaborating with infosec and business teams.

🕒 Yesterday

Guidehouse

10,000+ employees

Data Infrastructure Engineer building and operating data platforms for AI/ML analytics. Responsibilities include data ingestion pipelines and CI/CD for data workflows on AWS.