AWS Cloud Security Architect

Job not on LinkedIn

🔥 0 minutes ago

🇺🇸 United States – Remote

💵 $153k - $207k / year

⏰ Full Time

🟠 Senior

🔴 Lead

☁️ Cloud Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

General Dynamics Information Technology

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 1954

🔒 Cybersecurity

🤖 Artificial Intelligence

Defense • Cybersecurity • Artificial Intelligence

General Dynamics Information Technology is a company at the forefront of technological innovation, offering a wide range of services including consulting, digital modernization, and application services. The company is heavily involved in implementing solutions related to artificial intelligence, cloud computing, cybersecurity, high-performance computing, and quantum technologies. GDIT is committed to supporting government and defense sectors, providing mission-critical services such as logistics and supply chain management, intelligence, and homeland security. The company also focuses on diverse and inclusive hiring practices and actively promotes employee well-being. Through its digital accelerator solutions and pioneering use of emerging technologies, GDIT aims to propel agencies' missions forward and address complex technological challenges.

📋 Description

• Work as part of an agile development team to build and support the modernization of enterprise-class software applications • Provide technical cloud security subject matter expertise to meet security design and architecture requirements for IaaS, PaaS, and SaaS implementations • Design and implement security measures to protect data as it moves from on-premises data center servers to cloud storage systems • Provide expert advisory services to ensure secure design and deployment of cloud-based systems • Conduct threat and vulnerability assessments, monitor risks, and ensure compliance with federal cybersecurity standards • Coordinate with ITSO and CISA to validate system security through independent evaluations • Create essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans • Deliver a quarterly Cloud Security Roadmap • Provide operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation • Support incident response planning • Ensure proper documentation of cybersecurity control artifacts • Ensure continuous monitoring and secure data handling • Engage in proactive risk mitigation • Strengthen the security posture across production and non-production cloud environments within the CMSO ecosystem.

🎯 Requirements

• 8 + years of related experience • AWS Cloud Computing, Cloud Computing, Cloud Security • Technical Training, Certification(s) or Degree required; BA/BS strongly preferred • Container Security — Expert Level: Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers • Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening • Strong expertise in Kubernetes NetworkPolicy • Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code • Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation • Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), immutable artifact promotion • Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) • Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries • Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening • Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls • Expert VPC endpoint design: gateway and interface endpoints • Expert AWS WAF • Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS • Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening • Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) • Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection • Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response • Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches • Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, Kubernetes configuration assessment • Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment • Proficiency with AWS native VM tooling: Inspector, Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking • Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis • Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response • Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping • Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design.

🏖️ Benefits

• Comprehensive benefits and wellness packages • 401K with company match • Competitive pay and paid time off • Full flex work weeks where possible • Variety of paid time off plans including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave • Paid Family Leave program provides up to 160 hours of paid leave in a rolling 12 month period for eligible employees • Short and long-term disability benefits • Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance.