Principal Cloud Security Engineer

Location: Washington, DC (Primarily Onsite)
Clearance Required: Active Secret (Top Secret eligibility preferred)
Employment Type: Full-Time

Role Overview

We are seeking a Principal Cloud Security Engineer to serve as a technical leader for securing and scaling cloud platforms supporting a mission-critical federal program. This role focuses on cloud security architecture, DevSecOps automation, and secure platform enablement across commercial and government cloud environments.

You will define secure patterns, embed security into CI/CD pipelines, and partner closely with platform, application, and compliance teams to ensure security is built in — not bolted on.

This is a hands-on technical role for an experienced cloud security engineer who enjoys designing scalable solutions and influencing security outcomes across teams.

Key Responsibilities

Cloud Security Architecture

• Design and guide secure cloud architectures across AWS, Azure, and/or GCP, including GovCloud and restricted environments.
• Define and maintain cloud security standards aligned with NIST 800-53, FedRAMP, and CIS Benchmarks.
• Lead architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.

DevSecOps & Automation

• Build and maintain Infrastructure as Code (Terraform preferred) to enforce security controls at scale.
• Integrate automated security testing into CI/CD pipelines (SAST, DAST, IaC, container scanning).
• Develop automated guardrails, policies, and remediation workflows to reduce manual effort and risk.

Governance, Compliance & Visibility

• Support ATO and compliance efforts by embedding controls directly into cloud and pipeline designs.
• Partner with compliance teams and auditors to support evidence collection and continuous monitoring.
• Implement centralized logging, monitoring, and incident response across cloud environments.

Technical Leadership & Collaboration

• Serve as a cloud security subject matter expert for engineers, architects, and stakeholders.
• Guide and mentor engineers on secure cloud development and automation practices.
• Collaborate across platform, application, and security teams to align security objectives.

Required Qualifications

• Active Secret clearance
• 8 years of experience in cybersecurity or cloud engineering, with 5 years focused on cloud security
• Deep hands-on experience securing at least one major cloud platform (AWS, Azure, or GCP)
• Strong experience with Infrastructure as Code (Terraform, CloudFormation, ARM/Bicep)
• Experience integrating security into CI/CD pipelines (GitHub Actions, GitLab, or similar)
• Proficiency in at least one scripting or programming language (Python, Go, PowerShell, Bash)
• Solid understanding of IAM, networking, encryption, key management, and cloud-native security services
• Strong communication skills and ability to influence technical and non-technical stakeholders

Preferred Qualifications

• Experience securing GovCloud, DoD IL6, or other regulated cloud environments
• Familiarity with Kubernetes and container security
• Knowledge of zero trust architectures and enterprise identity platforms
• Experience with ServiceNow integrations for security workflows
• Relevant certifications (AWS Security Specialty, Azure Security Engineer, CISSP, etc.)

Why Join Us

• High-impact federal mission with long-term program stability
• Architect-level influence over cloud security strategy and implementation
• Opportunity to build security automation at scale
• Collaborative, engineering-driven environment with strong leadership support