Senior Cloud Security Architect

Job Title:

Senior Cloud Security Architect Location:

Falls Church, VA Job Description:

As a Senior Cloud Security Architect, you will lead the strategic vision for protecting our multi-cloud ecosystem. You are responsible for designing the security blueprints that govern our entire digital footprint from identity perimeters to AI-driven threat detection. This role requires a "Security as Code" mindset, where you build automated guardrails that empower developers to move at speed without compromising the safety of our data or infrastructure.

Key Responsibilities:

Security Architecture Vision:

Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, or Google Cloud Platform.

AI-Native Security Strategy:

Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors. Automated Guardrails (Policy as Code): Develop and enforce enterprise-wide security policies using Terraform, etc., ensuring that non-compliant infrastructure is automatically remediated or blocked from deployment.

Cloud Posture Management:

Design and oversee the integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions.

Threat Modeling & Resilience:

Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and "blast radius" scenarios to strengthen system resilience.

Security Consultancy:

Act as the lead security advisor for the Cloud Architecture team, bridging the gap between DevOps agility and rigorous regulatory compliance (SOC2).

Technical Qualifications:

Category:

Security Platforms Requirements:

Mastery of cloud-native security suites (e.g., AWS Security Hub, Azure Defender, Google Cloud Platform Security Command Center).

Category:

Identity & Access Requirements:

Expert knowledge of Identity-First Security, including CIEM, Just-In-Time (JIT) access, and complex

OIDC/SAML

flows.

Category:

Automation Requirements:

Proficiency in Python, Go, or Bash to build custom security automations and integrate with SOAR platforms.

Category:

DevSecOps Requirements:

Deep experience embedding automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines.

Category:

Cloud Networking Requirements:

Advanced understanding of secure connectivity, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA).

Preferred Experience:

Experience:

12+ years in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scale.

Certifications:

Top-tier credentials.

Education:

Advanced degree in Computer Science, Cybersecurity, or a related engineering field preferred. BS degree from an accredited College/University in the applicable field of services is required, or four additional years of relevant experience in lieu of a college degree. If the individual's degree is not in the applicable field then four additional years of related experience is required.

Soft Skills:

Strong ability to bridge the gap between "Speed of DevOps" and "Rigors of Security" while communicating clearly with executive leadership.

Leadership:

Proven ability to influence technical roadmaps and present security risks clearly to C-suite stakeholders.

Core Objectives:

Zero Standing Privilege:

Help transition the organization to a "Zero Standing Privilege" model for all production environments.

Automated Compliance:

Help achieve automated auditing for core compliance frameworks (e.g., NIST, CIS Benchmarks). Mean Time to Detect (MTTD): Utilize AI-driven monitoring to reduce the detection time of anomalous cloud activity to a minimum.

Additional Provisions:

Pass a client-mandated clearance process to include drug screening, criminal history check, and credit check. Once the candidate s resume is approved and interview passed, the agency is responsible for providing drug screening. Failure to submit the drug screening results will delay the security clearance process. If a candidate is given an interim clearance, continuation of employment is then based on the candidate receiving a sensitive clearance. This position requires the ability to obtain and maintain a U.S. Government Public Trust clearance. Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.) All overtime must be pre-approved in writing by the client manager or his/her designated representative. Agency will not be reimbursed for overtime charges without previous written authorization. Authorized overtime will be reimbursed at straight time.