AWS Cloud Security Architect
$147.29k - $199.28kGdit
Type of Requisition: Pipeline Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: BI Full 6C (T4) Job Family: Software Engineering Job Qualifications: Skills: AWS Cloud Computing, Cloud Security, Threat Detection Certifications: None Experience: 8 + years of related experience US Citizenship Required: No Job Description: The CMM AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measure to protect data as it moves from on-premises data center servers to cloud storage systems. The candidate shall have experience with network security and security compliance. This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The Architect conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks. Key Responsibilities: Designing secure cloud architectures Performing risk assessments using enterprise tools Coordinating with ITSO and CISA to validate system security through independent evaluations. Creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans Delivers a quarterly Cloud Security Roadmap Provides operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation. Supports incident response planning Supports automation for legacy systems Ensures proper documentation of cybersecurity control artifacts Ensures continuous monitoring and secure data handling Engages in proactive risk mitigation Strengthens the security posture across production and non-production cloud environments within the CMSO ecosystem. REQUIREMENTS Education: Technical Training, Certification(s) or Degree required; BA/BS strongly preferred. 4 years of general experience in information systems may be substituted in lieu of preferred degree. Experience: 8+ years of specialized experience required Container Security — Expert Level: Deep expertise in Amazon EKS security architecture: pod identity, multi-tier namespace isolation, and node group separation across security classification tiers Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening Strong expertise in Kubernetes NetworkPolicy Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code Full lifecycle container image security: ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation Expert GitLab CI/CD pipeline security: OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries Network Security - Expert Level: Expert AWS VPC architecture: multi-tier subnet design, Transit Gateway, EKS hardening Deep experience with security groups, Network ACLs, and AWS Network Firewall: domain allowlist policies, and build node egress controls Expert VPC endpoint design: gateway and interface endpoints Expert AWS WAF Deep expertise in API Gateway security: designing private endpoints, JWT authorizers, resource policies, and mTLS Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) Security Monitoring - Expert Level: Expert design of CloudWatch multi-account architectures: cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response Expert Splunk integration: CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches Vulnerability Management - Expert Level: Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR Enhanced Scanning, Lambda, EKS workload association), pipeline-integrated image scanning, IaC scanning, and Kubernetes configuration assessment Deep experience with pipeline-integrated scanning tools: Tools such as Trivy and Grype for CVE detection, Syft for SBOM generation (CycloneDX), kube-bench for CIS Kubernetes Benchmark assessment Proficiency with AWS native VM tooling: Inspector , Security Hub finding aggregation, Systems Manager Patch Manager for EC2/EKS node OS patching, and Config conformance packs (NIST 800-53, FedRAMP High) for configuration vulnerability tracking Experience with enterprise VM platforms in federal environments: commercial CNAPPs for agentless cloud-native assessment and attack path analysis Expert runtime threat detection: GuardDuty EKS Runtime Monitoring, and correlation of runtime behavioral signals with static CVE findings for prioritized response Ability to design and measure VM program effectiveness metrics: MTTD and MTTR per severity tier, detection coverage gap analysis via threat-to-detection mapping ATO and Compliance: Expert IAM least privilege: SCPs, permission boundaries, condition keys, and IAM Access Analyzer Demonstrated FedRAMP High ATO leadership: SSP authoring, NIST 800-53 rev5 control implementation statements, POA&M management, 3PAO assessment support, and continuous monitoring program design Preferred Certifications: AWS Certified Security - Specialty, Certified Kubernetes Security Specialist, and/or AWS Certified Solutions Architect - Professional Security Clearance Level: Ability to pass a background check to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts Must be a US Person (Green Card Holder, US Permanent Resident Alien, Refugee, Asylee, US Citizen) Location: Remote GDIT IS YOUR PLACE At GDIT, the mission is our purpose, and our people are at the center of everything we do. Growth: AI-powered career tool that identifies career steps and learning opportunities Support: An internal mobility team focused on helping you achieve your career goals Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off Community: Award-winning culture of innovation and a military-friendly workplace OWN YOUR OPPORTUNITY Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward. #GDITLA The likely salary range for this position is $147,292 - $199,278. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Scheduled Weekly Hours: 40 Travel Required: Less than 10% Telecommuting Options: Remote Work Location: Any Location / Remote Additional Work Locations: Total Rewards at GDIT: Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most. Our Identity Verification Process: As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes. About Our Work: We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development. Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc. Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans Opportunity Owned From working with technologies like AI, cyber and cloud to careers in intelligence and health, we offer endless opportunities to apply your expertise to create a safer, smarter world. For more information about GDIT's Privacy Policy, click here: Privacy Policy | GDIT
- ...Cloud Security Architect Location: Reston, VA (Hybrid 2/Week) Duration: 6-12+ Months (Possible Ext/C2H) Manager Notes: Cloud Security... ...family/Corporate business division internal applications to AWS cloud Should have expertise in implementation, Design and...Amazon Web Service
- ...Cloud Security Architect Location: Austin, TX Duration : 6+ Months Need Local To Austin, TX Job Description : Need 10+ years... ...Proven experience designing secure cloud-native architectures (AWS preferred) 8 Required In-depth knowledge of Texas...Amazon Web ServiceLocal area
- ...Automation (Linux and Windows servers) in the cloud at scale. Configure and manage cloud security tools such as encryption, identity and... ...Skills/Experience: Experience with AWS & Azure - Hands-on experience architecting & administering with at least one and working...Amazon Web Service
- ...Cloud Architect – 100% Fully Remote The Cloud Architect position will help with the design and... ...cloud systems. Work closely with IT security to monitor the company's cloud privacy.... ...Requirements: ~ Experience with AWS Cloud architecture ~5+ years of experience...Amazon Web ServiceRemote work
- ...Job Title Technical/Functional Skills • Strong expertise in AWS cloud security architecture including IAM, KMS, GuardDuty, and CloudTrail. • Deep understanding of AWS Landing Zone, SCPs, governance, and enterprise security guardrails. • Experience with security...Amazon Web Service
- ...Principal Cloud Security Architect About the Role What if your deep knowledge of cloud security architecture could directly protect organizations... ...What You'll Do Assess cloud architectures across AWS, Azure, and GCP for security vulnerabilities and structural...Amazon Web ServiceOngoing contractContract workFreelanceRemote workFlexible hours
- A leading healthcare organization located in Yonkers, NY is seeking a Cloud Cybersecurity Architect to design and validate secure cloud architectures across AWS and Azure. This role requires extensive experience in cybersecurity, particularly within public cloud environments...Amazon Web Service
- A leading technology company is seeking a Principal Security Architect with cloud focus to lead the security architecture design for enterprise workloads in AWS and OCI. The role involves developing security patterns for Kubernetes environments and implementing Zero Trust...Amazon Web Service
- ...Principal Cloud Security Architect About the Role What if your deep knowledge of cloud security architecture could directly protect large... ...Architect to evaluate complex cloud environments across AWS, Azure, and GCP - identifying architectural risks before they...Amazon Web ServiceHourly payOngoing contractContract workFreelanceRemote workFlexible hours
- Enertia Software is seeking a Cloud & Security Administrator to manage and optimize their cloud-hosted SaaS and infrastructure environments. The ideal candidate should have extensive AWS experience, manage SQL Server environments, and maintain strong security compliance...Amazon Web Service
- ...Role: Cloud Security Architect - Manage offshore team Location: Princeton, NJ - Onsite & No remote requests Tasks & Responsibilities... ...with at least one cloud provider, preferably GCP, Azure, or AWS ~ Strong understanding of Cloud security industry...Amazon Web ServiceWork experience placementRemote workShift work
- ...Cloud Security Architect The Company: Varonis is a leader in data security, fighting a different battle than conventional cybersecurity companies... .... Extensive knowledge of one of the following domains: AWS, Azure, Salesforce. Exposure to administration of Cloud...Amazon Web ServiceRemote workWorldwide
- HIKINEX is seeking a remote Security Consultant to design and maintain secure application and cloud environments. The role focuses on compliance with industry standards... ...application and cloud security, especially with AWS services. Key responsibilities include implementing...Amazon Web ServiceRemote jobContract work
- ...leading tech company in the United States is seeking an experienced Cloud Security Specialist to oversee security controls and compliance in... ...while collaborating on multi-cloud projects across Azure, AWS, and GCP. The ideal candidate has over 7 years of software development...Amazon Web Service
- CloudPay is seeking a Security Architect to shape secure by design cloud native payroll and payments platforms. You will lead security architecture across IAM, AWS/Azure, and AI workloads, chair the SARB, and partner with risk, compliance, and engineering teams to enforce...Amazon Web Service
- ...Overview: Role: Cloud Security Architect (AWS) Location: Irvine, CA (Onsite) Experience: 10+ Years Job Summary We are seeking a highly experienced Cloud Security Architect to lead security architecture for a large-scale Data Center Exit to AWS initiative...Amazon Web Service
- BNY Mellon is seeking a Senior Cloud Security Engineer in New York, NY to lead the implementation of security controls across cloud platforms... ...to enhance cloud security using tools and frameworks like AWS Security Hub, NIST SP 800-53, and automation tools such as Terraform...Amazon Web Service
- ...Cloud Security Architect The Cloud Security Architect is a hands-on security leader with deep expertise in designing, securing, and assessing... ...security into cloud architectures, platforms, and workflows across AWS, with a working knowledge and experience of Azure and GCP in...Amazon Web Service
- Northern Trust is seeking a Sr Lead Cloud Security Engineer to help secure cloud environments and lead PaC/IaC initiatives. You will mentor... ...development workflows. A strong background in cloud security across AWS/Azure and related certifications is preferred. #J-18808-...Amazon Web Service
$135k - $182.1k
SwiftCruit is seeking an Information Security Senior Specialist to join its Cloud Security Team. This role will focus on implementing and managing security... ...have strong experience in cloud security, particularly on AWS and Azure platforms. The ideal candidate will...Amazon Web Service- Overview Caesars Entertainment is seeking a Principal Cloud Security Architect to drive secure cloud architecture across AWS and GCP, ensuring security is integrated from code to cloud for Caesars Sportsbook, iGaming, and digital platforms. This role will embed security...Amazon Web ServiceEarly shift
- ...leading digital transformation firm in Boston is seeking a Cybersecurity Expert to design secure cloud architectures and manage compliance. You will work with cloud services like AWS, GCP, and Azure while ensuring data protection and risk management. The ideal candidate...Amazon Web Service
$240k - $260k
...Cloud Security Architect Job Description About the role: This role is responsible for making our software secure by design and keeping... ...systems ~ Hands-on experience with one major cloud provider (AWS preferred) Preferred Qualifications: Experience in...Amazon Web ServiceWork at officeLocal areaRemote workFlexible hours2 days per week- ...Senior AWS Security Architect As a Senior AWS Security Architect, you will be responsible for designing and implementing secure, scalable, and resilient AWS cloud infrastructures for our organization. You will work closely with engineering, operations, and DevOps teams...Amazon Web Service
- Bank of America is hiring an Information Security Senior Specialist in Chicago to lead cloud security initiatives across AWS, Azure, and Google platforms. This role requires a minimum of 5 years’ experience in cloud security, implementation of security controls, and a strong...Amazon Web Service
- ...Cloud Security Architect Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action.... ...with a strong emphasis on GCP and foundational environments in AWS. Responsibilities: Cloud Infrastructure Security:...Amazon Web Service
$90k - $157.5k
...Cloud Security Architect We are looking for a Cloud Security Architect. You will be responsible for defining, implementing, and governing cloud... ...modern infrastructure platforms. Deep understanding of AWS, Microsoft Azure, and Google Cloud security services and architectures...Amazon Web ServiceTemporary workShift work- Fairygodboss seeks a Principal Cloud Cybersecurity Architect to lead the design and evolution of security architecture for AWS and Azure. This role includes responsibilities such as documenting best practices and providing security consulting for internal applications....Amazon Web Service
$182k - $222k
...cybersecurity company based in Sunnyvale is seeking a Cloud Solution Architect to become a core part of their Cloud Security Consulting team. Ideal candidates will possess... ...of public/private cloud technologies like AWS and Azure. The position offers a salary range of...Amazon Web Service$138.2k - $172.8k
...The Principal Cybersecurity Architect is responsible for driving enterprise-wide technology security strategy and providing technical... ...Architectures (both On-Premise and Public Cloud) and driving and deploying... ...securing AI workloads across AWS and Azure, and on-prem...Amazon Web ServiceTemporary workPart timeWork experience placementInternshipSeasonal work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to AWS Cloud Security Architect. Be the first to apply!
- cloud engineer intern United States
- senior cloud solutions architect United States
- graduate cloud engineer United States
- cloud engineering manager United States
- senior principal cloud computing engineer United States
- cloud architect United States
- java cloud engineer United States
- aws cloud infrastructure engineer United States
- principal cloud engineer United States
- cloud operations engineer United States

