AWS Cloud Security Architect
$147.29k - $199.28kFull-time
Gdit
Responsibilities for this Position
Location: Any Location / RemoteFull Part/Time: Full time
Job Req: RQ223539 Type of Requisition:
Pipeline Clearance Level Must Currently Possess:
None Clearance Level Must Be Able to Obtain:
None Public Trust/Other Required:
BI Full 6C (T4) Job Family:
Software Engineering Job Qualifications: Skills:
AWS Cloud Computing, Cloud Security, Threat Detection
Certifications:
None
Experience:
8 + years of related experience
US Citizenship Required:
No Job Description: The CMM AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measure to protect data as it moves from on-premises data center servers to cloud storage systems. The candidate shall have experience with network security and security compliance. This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The Architect conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks. Key Responsibilities:
- Designing secure cloud architectures
- Performing risk assessments using enterprise tools
- Coordinating with ITSO and CISA to validate system security through independent evaluations.
- Creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans
- Delivers a quarterly Cloud Security Roadmap
- Provides operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation.
- Supports incident response planning
- Supports automation for legacy systems
- Ensures proper documentation of cybersecurity control artifacts
- Ensures continuous monitoring and secure data handling
- Engages in proactive risk mitigation
- Strengthens the security posture across production and non-production cloud environments within the CMSO ecosystem.
- Deep expertise in Amazon EKS security architecture : pod identity, multi-tier namespace isolation, and node group separation across security classification tiers
- Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening
- Strong expertise in Kubernetes NetworkPolicy
- Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code
- Full lifecycle container image security : ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation
- Expert GitLab CI/CD pipeline security : OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion
- Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit)
- Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries
- Expert AWS VPC architecture : multi-tier subnet design, Transit Gateway, EKS hardening
- Deep experience with security groups, Network ACLs , and AWS Network Firewall : domain allowlist policies, and build node egress controls
- Expert VPC endpoint design: gateway and interface endpoints
- Expert AWS WAF
- Deep expertise in API Gateway security : designing private endpoints, JWT authorizers, resource policies, and mTLS
- Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening
- Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards)
- Expert design of CloudWatch multi-account architectures : cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection
- Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response
- Expert Splunk integration : CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches
- Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment
- Deep experience with pipeline-integrated scanning tools : Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment
- Proficiency with AWS native VM tooling : Inspector , Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking
- Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis
- Expert runtime threat detection : GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response
- Ability to design and measure VM program effectiveness metrics : MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping
- Expert IAM least privilege : SCPs, permission boundaries, condition keys, and IAM Access Analyzer
- Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
- Growth: AI-powered career tool that identifies career steps and learning opportunities
- Support: An internal mobility team focused on helping you achieve your career goals
- Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
- Community: Award-winning culture of innovation and a military-friendly workplace
Explore an enterprise IT career at GDIT and you'll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward. #GDITLA The likely salary range for this position is $147,292 - $199,278. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours:
40 Travel Required:
Less than 10% Telecommuting Options:
Remote Work Location:
Any Location / Remote Additional Work Locations: Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee's date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes. About Our Work:
We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development. Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc . Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
PI285703802
The CMM AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications.
The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measure to protect data as it moves from on-premises data center servers to cloud storage systems. The candidate shall have experience with network security and security compliance.
This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The Architect conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks.
Key Responsibilities:
- Designing secure cloud architectures
- Performing risk assessments using enterprise tools
- Coordinating with ITSO and CISA to validate system security through independent evaluations.
- Creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans
- Delivers a quarterly Cloud Security Roadmap
- Provides operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation.
- Supports incident response planning
- Supports automation for legacy systems
- Ensures proper documentation of cybersecurity control artifacts
- Ensures continuous monitoring and secure data handling
- Engages in proactive risk mitigation
- Strengthens the security posture across production and non-production cloud environments within the CMSO ecosystem.
REQUIREMENTS
Education: Technical Training, Certification(s) or Degree required ; BA/BS strongly preferred. 4 years of general experience in information systems may be substituted in lieu of preferred degree.
Experience: 8+ years of specialized experience required
Container Security - Expert Level:
- Deep expertise in Amazon EKS security architecture : pod identity, multi-tier namespace isolation, and node group separation across security classification tiers
- Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening
- Strong expertise in Kubernetes NetworkPolicy
- Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code
- Full lifecycle container image security : ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation
- Expert GitLab CI/CD pipeline security : OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion
- Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit)
- Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries
Network Security - Expert Level:
- Expert AWS VPC architecture : multi-tier subnet design, Transit Gateway, EKS hardening
- Deep experience with security groups, Network ACLs , and AWS Network Firewall : domain allowlist policies, and build node egress controls
- Expert VPC endpoint design: gateway and interface endpoints
- Expert AWS WAF
- Deep expertise in API Gateway security : designing private endpoints, JWT authorizers, resource policies, and mTLS
- Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening
- Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards)
Security Monitoring - Expert Level:
- Expert design of CloudWatch multi-account architectures : cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection
- Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response
- Expert Splunk integration : CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches
Vulnerability Management - Expert Level:
- Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment
- Deep experience with pipeline-integrated scanning tools : Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment
- Proficiency with AWS native VM tooling : Inspector , Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking
- Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis
- Expert runtime threat detection : GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response
- Ability to design and measure VM program effectiveness metrics : MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping
ATO and Compliance:
- Expert IAM least privilege : SCPs, permission boundaries, condition keys, and IAM Access Analyzer
- Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design
Preferred Certifications:
AWS Certified Security - Specialty, Certified Kubernetes Security Specialist, and/or AWS Certified Solutions Architect - Professional
Security Clearance Level: Ability to pass a background check to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts
Must be a US Person (Green Card Holder, US Permanent Resident Alien, Refugee, Asylee, US Citizen)
Location: Remote
GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
- Growth: AI-powered career tool that identifies career steps and learning opportunities
- Support: An internal mobility team focused on helping you achieve your career goals
- Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
- Community: Award-winning culture of innovation and a military-friendly workplace
OWN YOUR OPPORTUNITY
Explore an enterprise IT career at GDIT and you'll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.
Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the AWS Cloud Security Architect in Louisiana, MO vacancy
$170.14k - $212.75k
...Job Qualifications: Skills: Cloud Architectures, Cloud Development,... ...Description: GDIT is seeking a Cloud Architect / Developer SME to design, build, and secure large-scale Azure Government... ...Architect Expert (AZ-305) ~-or- AWS Certified Solutions Architect - Professional...Amazon Web ServiceFull timeTemporary workPart timeImmediate startRemote workWorldwideFlexible hours$182.75k - $247.25k
...Qualifications: Skills: Cloud Solutions, Proposal Presentation... ...as a Cloud Solutions Architect and help ensure the mission is... ...clients modernize, automate and secure different environments using advanced... ...) Guide internal teams on AWS best practices, AI/ML...Amazon Web ServiceFull timeTemporary workPart timeLocal areaImmediate startRemote workWorldwideFlexible hours- ...Administrator to manage server environments and cloud platforms. The ideal candidate will have... ...solutions. You will ensure reliable and secure server infrastructures while optimizing... ...Knowledge of cloud platforms such as Azure or AWS is essential. #J-18808-Ljbffr Venture...Amazon Web Service
$83.43k - $222.48k
...workloads. The ideal candidate will have over 5 years of experience, proficiency in Python and SQL, and familiarity with cloud platforms such as Azure or AWS. The position offers a competitive salary range of $83,430 - $222,480, plus a comprehensive benefits package...Amazon Web ServiceFull time$60 per hour
...Mathematics, Engineering, or similar); a master's or PhD is a plus. ~ Relevant credentials are a plus (e.g., Kaggle Competition ranking, AWS/GCP ML certifications, or equivalent demonstrated expertise). Payment is made via PayPal. We will never ask for any money from...Amazon Web ServiceHourly payFull timeRemote workFlexible hours$128.04k - $173.23k
...Engineering Job Qualifications: Skills: AWS Cloud Computing, Linux, Node.js, React.js... ...with Terraform, and ensuring secure and reliable cloud operations. This role... ...with UI/UX designers, cloud engineers, architects, and DevOps teams WHAT YOU'LL NEED...Amazon Web ServicePermanent employmentFull timeTemporary workPart timeImmediate startRemote workWorldwideFlexible hours- ...expertise in enterprise networking, cloud connectivity, and security, and will mentor junior staff while driving... ...Duties & Responsibilities Architect and implement LAN, WLAN, and WAN solutions... ...DNS). Configure and manage Azure and AWS networking components (VPN, Gateway,...Amazon Web Service
$115.8k - $202.7k
A day in the life. As an Enterprise Architect on the MMA Enterprise Architecture team, you will enable business and IT leaders to make... ...standards and best practices for development, quality assurance, security, and service on-boarding Keep current with industry trends (...Remote work- ...mechanical completion and turnover documentation packages. Ensure compliance with applicable industry codes and standards (ASME, API, AWS, ASTM, NEC, ISO, etc., depending on project scope). Confirm qualified personnel are performing specialized work (e.g., certified...Amazon Web ServiceFor subcontractorWork at office
- Austin Bergstrom International Airport (AUS) is seeking an Enterprise Architect for the MMA Enterprise Architecture team. The role involves enabling business leaders to balance operational demands with strategic vision. You will provide technology guidance and create roadmaps...Remote job
- ...in shipyard, manufacturing or similar setting Certified Welding Inspector (CWI) certification is preferred Strong knowledge in ASME, AWS, ABS, and/or related technical documents regarding welding practices/procedures SKILLS Strong organizational, analytical, and problem...Amazon Web ServiceWork at office
- ...Plan in accordance with the Sector Quality Manual, contract requirements, and applicable codes (e.g., ASME B31.3/B31.4/B31.8, API 1104, AWS D1.1, NETA, NFPA 70E as applicable). Lead the development, review, and approval of project-specific Inspection and Test Plans (ITPs)...Amazon Web ServiceContract workTemporary workFor subcontractorRemote work
- ...related technical field. Advanced degrees or certifications in quality engineering, welding inspection, or maritime standards (e.g., AWS, ASQ, NDT Level II/III) are a plus. Experience: 3–5 years of experience in quality engineering, quality assurance, or related roles within...Amazon Web ServiceTemporary workWork at office
$118.69k - $189.91k
...medical rebate data. (Highly preferred) Facets experience a plus. Experience leading project teams. Experience with Snowflake, AWS cloud environments. What You'll Get The opportunity to work at the cutting edge of health care delivery with a team that's deeply invested...Amazon Web Service- ..., Windows/Linux server administration, cloud infrastructure, and enterprise backup solutions... ...our server environments are reliable, secure, well‑architected, and capable of supporting business... ...enhance cloud environments (Azure / AWS / Private Cloud). Configure and manage...Amazon Web Service
- ...with expertise in virtualization (VMware), cloud platforms (Azure), mobile device... ...role involves ensuring the reliability, security, and performance of our customer’s data center... ...cloud platforms (e.g., Microsoft Azure, AWS, Google Cloud) is a plus. Knowledge of ITIL...Amazon Web Service
$83.43k - $222.48k
...standards, data governance frameworks, and security policies for data storage and access... ...junior data engineers. Design and architect data infrastructure analytical... ...Experience deploying data pipelines in a cloud environment (Azure, AWS, GCP). Understanding of data...Amazon Web ServiceHourly payFull timeTemporary workWork experience placementLocal area$143.62k - $229.79k
...high-performing team of Solution Architects that partner with business and... ...to ensure our solutions are secure, scalable, cost‑effective, and... ...four of the following areas: Cloud, integration, data, AI/ML/GenAI... ...such as TOGAF, Azure, AWS, Snowflake, Databricks, and/or...Amazon Web ServiceWork at officeLocal areaRemote workFlexible hours2 days per week$106.61k - $284.28k
...knowledge will brainstorm with architects, product managers, data... ...highly scalable, fault tolerant, cloud native services using container... ...design (DDD), design patterns, secure coding, automated testing strategies... ...a track record developing in AWS or GCP or Azure or similar...Amazon Web ServiceHourly payFull timeContract workTemporary workLocal areaFlexible hours- ...Information Warfare Center Atlantic (NIWC LANT) Cloud Computing Innovation, Transformation, and... ..., as well as other DoD and Homeland Security (HLS) applications utilizing both... ...scripting, virtualization, automation tools, AWS, or cybersecurity practices is helpful but...Amazon Web Service
- ...the specifications of a project Ability to categorize and quantify weld defects Proficiency with applicable codes and standards (e.g., AWS D1.2 for aluminum, AWS D1.1 for steel, ASME Section IX, ABS rules) Job Proficiency Updates and develops PQR’s, WPS’s, techniques,...Amazon Web ServicePermanent employmentTemporary workWork at office
$125 - $150 per hour
...snow removal, or clearing brush); and # Confirm the system is secure and hasn't been tampered with. Each maintenance visit should... ...technicians this contract may be subject to a successful background check and drug screen. AWS Truepower | UL SolutionsAmazon Web ServiceContract workWork at officeRemote work- A leading AI development company is seeking proficient programmers to join their remote coding team. This role involves designing and solving coding challenges for AI systems, with a focus on Android development. Candidates should have fluency in English and preferred experience...Remote job
- The Maxfield Group is looking for a Support Specialist to stabilize the Oracle Cloud Finance environment post-go-live. This role requires diagnosing and resolving month-end and year-end close issues while providing hands-on functional expertise across Oracle Cloud Financials...
- An IT consulting firm in Missouri seeks a skilled Data Center Engineer to manage data center infrastructure. This role requires expertise in VMware, Azure, and Microsoft Intune, along with strong problem-solving skills. Candidates should have at least 3 years of relevant...
$40 per hour
A leading tech firm is seeking experienced cybersecurity professionals for a remote role. You will evaluate AI-generated security content and provide critical feedback to improve AI systems. Candidates should have over two years of experience in hands-on cybersecurity,...Remote jobHourly pay- A cybersecurity technology company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity problems. This role offers a flexible schedule, with options for full-time or part-time remote work. Candidates should have...Full timePart timeRemote workFlexible hours
$40 per hour
A leading cybersecurity firm is seeking experienced professionals to evaluate AI-generated content and solve technical problems to enhance AI systems. This role offers the flexibility of working remotely, along with the chance to select projects that fit your schedule. ...Remote jobHourly pay$60 per hour
A leading AI technology firm is seeking experienced cybersecurity professionals to evaluate AI-generated security content and solve technical security problems. This remote position offers flexible scheduling and competitive hourly pay up to $60. Ideal candidates should...Remote jobHourly payFlexible hours$40 per hour
A cybersecurity AI training company is seeking experienced professionals to evaluate AI-generated security content and solve technical cybersecurity challenges. In this remote position, you will work on various projects, contribute to AI model training, and enhance the...Remote jobHourly payFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to AWS Cloud Security Architect. Be the first to apply!

