United States onlyAWS Infrastructure and Cloud Security Support Subject-Matter Expert (SME)
Overview
cFocus Software is seeking an AWS Infrastructure and Cloud Security Support Subject-Matter Expert (SME) to architect, secure, and optimize cloud and hybrid infrastructures for a federal agency. The SME will be responsible for designing and implementing secure AWS environments, integrating on-premises systems with federal cloud services, and ensuring compliance with federal cybersecurity frameworks. This position requires advanced technical expertise in AWS architecture, security engineering, and DevSecOps practices, as well as strong leadership and communication skills for collaborating with cross-functional teams and federal stakeholders.This is a full-time position that may require on-site support at federal agency locations in the Washington, D.C. metro area. Some telework flexibility may be available depending on mission requirements. Must be able to obtain and maintain a Public Trust or higher-level security clearance as required by the agency.
Responsibilities
The AWS Infrastructure and Cloud Security Support SME shall perform duties that include, but are not limited to:- Design, architect, and manage secure AWS environments supporting hybrid (on-premises and cloud) federal infrastructures.
- Develop, deploy, and maintain AWS services such as EC2, S3, VPC, IAM, CloudTrail, GuardDuty, Security Hub, and related services.
- Integrate AWS GovCloud and FedRAMP-authorized environments with on-premises tools such as Splunk, Cribl, and Archer to enhance visibility and compliance.
- Implement Infrastructure-as-Code (IaC) solutions using Terraform, CloudFormation, or Ansible to standardize and automate deployments.
- Develop and enforce DevSecOps practices by integrating security scanning tools into CI/CD pipelines to ensure continuous compliance and security assurance.
- Lead cost optimization efforts for AWS services, including budgeting, billing analysis, reserved instance utilization, and rightsizing strategies.
- Support continuous monitoring, log ingestion pipelines, and compliance reporting in alignment with agency requirements.
- Coordinate with Infrastructure, Security, DevOps, and Application teams to ensure alignment and integration of security controls across systems.
- Implement and maintain cloud-native security controls, logging, and governance using AWS services and third-party tools.
- Provide risk analysis, system hardening recommendations, and secure configuration baselines for AWS environments.
- Ensure full compliance with federal frameworks such as FISMA, NIST SP 800-53, and OMB M-21-31 through documentation and reporting.
- Develop professional technical documentation, including architecture diagrams, SOPs, risk assessments, and compliance artifacts.
- Serve as a key technical advisor to federal stakeholders and the Contracting Officer’s Representative (COR), providing detailed briefings and updates.
- Mentor junior engineers and provide subject-matter guidance to ensure consistent and secure implementation of cloud security standards.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field (preferred).
- AWS Certified Solutions Architect (Professional preferred; other Cloud Service Provider certifications a plus).
- At least one security-related certification such as CISSP, CISM, or AWS Security Specialty.
- Minimum of 8+ years of experience in IT infrastructure and security operations.
- 5+ years of direct experience architecting, deploying, and managing AWS services (e.g., EC2, S3, VPC, IAM, CloudTrail, GuardDuty, Security Hub).
- Demonstrated expertise in hybrid cloud/on-premises architectures, including integration of AWS GovCloud or FedRAMP environments with on-premises security tools (Splunk, Cribl, Archer, etc.).
- Experience with CI/CD pipelines and Infrastructure-as-Code (IaC) tools such as Terraform, CloudFormation, or Ansible.
- Proven track record implementing DevSecOps practices and integrating security scanning into build and release pipelines.
- Experience optimizing AWS service costs, including budgeting, billing analysis, and resource rightsizing.
- Hands-on experience managing security operations in cloud environments, including continuous monitoring and compliance reporting.
- Strong understanding of federal cybersecurity compliance frameworks (FISMA, NIST SP 800-53, OMB M-21-31).
- Strong leadership and communication skills, with experience briefing Federal CORs and senior stakeholders.
- Ability to coordinate effectively across multiple technical and operational teams (Infrastructure, Security, DevOps, Application).
- Demonstrated expertise in developing professional technical and logical architecture designs, SOPs, and compliance documentation.
Preferred Qualifications
- Experience supporting DHS or other federal agencies in cloud architecture or cybersecurity roles.
- Experience with cloud-native SIEM tools and integrations for AWS environments.
- Advanced proficiency with AWS automation, orchestration, and monitoring tools such as Lambda, CloudWatch, and Config.
- Knowledge of Zero Trust principles and their application within federal cloud environments.
- Strong scripting and automation skills (Python, PowerShell, Bash) for operational efficiency and compliance automation.
- Ability to develop and present technical briefings and architecture proposals to executive-level audiences.
