Sr. Cloud Engineer I (5685)

AsSr. Cloud Engineer I, you'll integrate robust security practices into cloud-based, mobile, and on-premises systems, ensuring the security and compliance of AWS and/or GCP environments. This role involves designing, implementing, and managing security controls across various environments and aligning cloud infrastructure with the Department of State's compliance and risk management objectives.

We know that you can't have great technology services without amazing people. At MetroStar, we are obsessed with our people and have led a two-decade legacy of building the best and brightest teams. Because we know our future relies on our deep understanding and relentless focus on our people, we live by our mission: A passion for our people. Value for our customers.

If you think you can see yourself delivering our mission and pursuing our goals with us, then check out the job description below!

What you'll do:

• Implement security defense, protection, detection, and response capabilities across cloud and hybrid environments, including AWS and mobile systems.
• Lead the integration of static and dynamic security testing into CI/CD pipelines (GitLab) to enable faster iteration and secure deployments. Ensure that security vulnerabilities are detected and resolved early in the development lifecycle.
• Manage Kubernetes and Docker container security, ensuring scalable and secure operations across multiple environments. Implement container isolation strategies to minimize risks and improve security across CI/CD stages.
• Lead the shift to IaC using Terraform and AWS CloudFormation, with automated scanning and remediation of security vulnerabilities in cloud resource configurations prior to deployment.
• Implement secure secrets management protocols to protect sensitive data across different environments and services. Ensure that the organization adheres to the highest standards of security for data protection.
• Develop and enforce AWS and/or GCP Service Control Policies (SCPs) to govern security risks across different operational environments (Development, Testing, Staging, Production) and ensure compliance with organizational and federal regulatory requirements.
• Work closely with the ISSO and System Owner to represent security interests during audits and assessments, securing multiple Authorizations to Operate (ATO) and maintaining compliance with FedRAMP, ITAR, and NIST standards.
• Conduct comprehensive risk evaluations in collaboration with CISA, assessing cloud environments across numerous AWS accounts. Identify vulnerabilities and enforce risk-based policies to align cloud infrastructure with compliance standards.

What you'll need to succeed:

• Active Top-Secret clearance or higher required.
• 5+ years of experience in cloud security, with a strong focus on AWS and/or Google Cloud environments, security automation, and compliance.
• Strong hands-on experience with AWS security tools, including GuardDuty, Security Hub, IAM, and KMS.
• Extensive knowledge of CI/CD pipeline integration (GitLab), with security testing tools for continuous delivery.
• Proficiency in container orchestration and security with Docker and Kubernetes.
• Expertise in Infrastructure as Code using Terraform and CloudFormation, with a focus on security automation.
• Proven track record in implementing security policies, IAM configurations, and environment isolation in AWS GovCloud and/or GCP equivalent
• Advanced understanding of U.S. government compliance frameworks, including FedRAMP, NIST 800-53, and ITAR.
• AWS Certified Security - Specialty, AWS Certified Solutions Architect, or equivalent (or GCP equivalent)