Senior Cloud Security Architect

Description

ABOUT DRAGONFLI GROUP

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal, state, and municipal government agencies as well as Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

ROLE SUMMARY

Dragonfli Group is seeking an experienced Senior Cloud Security Architect to support a federal government client. In this role, you will lead the strategic vision for protecting a large-scale multi-cloud ecosystem, designing security blueprints that govern the entire digital footprint—from identity perimeters to AI-driven threat detection. This position requires a "Security as Code" mindset, where automated guardrails empower development teams to move at speed without compromising data or infrastructure safety.

The ideal candidate brings 12+ years of cybersecurity experience, with at least 6 years architecting secure cloud environments at scale across AWS, Azure, or GCP. You will serve as a trusted security advisor, bridging the gap between DevOps agility and rigorous regulatory compliance in a high-visibility federal environment.

KEY RESPONSIBILITIES

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP
• Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors
• Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment
• Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions
• Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience
• Drive the organization's transition to a Zero Standing Privilege model for all production environments
• Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks
• Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity
• Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP)
• Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders
• Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice

Requirements

Must-Have Qualifications

• 12+ years of experience in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scale
• Demonstrated expertise designing and implementing Zero Trust architectures across multi-cloud environments (AWS, Azure, or GCP)
• Expert knowledge of Identity-First Security, including Cloud Infrastructure Entitlement Management (CIEM), Just-In-Time (JIT) access provisioning, and complex OIDC/SAML federation flows
• Hands-on proficiency with cloud-native security suites: AWS Security Hub, Azure Defender, and/or GCP Security Command Center
• Experience developing Policy as Code frameworks using Terraform or equivalent IaC tooling for automated compliance enforcement
• Proficiency in scripting and automation languages (Python, Go, or Bash) for custom security automations and SOAR platform integration
• Deep experience embedding security testing (SAST/DAST/SCA) into CI/CD pipelines within a DevSecOps framework
• Advanced understanding of secure cloud networking, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA)
• Working knowledge of CNAPP and CSPM tooling for cloud posture management and misconfiguration remediation
• Familiarity with regulatory and compliance frameworks including NIST, CIS Benchmarks, and SOC 2

Preferred / Desired Qualifications

• Advanced degree in Computer Science, Cybersecurity, or a related engineering discipline
• Active top-tier security certifications (e.g., CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate, or equivalent)
• Prior experience in a federal government or public-sector consulting environment; familiarity with FedRAMP and FISMA compliance
• Experience architecting security frameworks for AI/ML pipelines and LLM-integrated applications
• Proven track record implementing Zero Standing Privilege models in large enterprise or government environments
• Experience operating at the executive advisory level, presenting security risk posture and roadmap to C-suite leadership
• Familiarity with SOAR platforms and AI-driven threat detection tooling for cloud environments

Skill(s)

TECHNICAL SKILLS

Cloud Security Platforms

• AWS Security Hub, Amazon GuardDuty, AWS IAM, AWS Organizations SCPs
• Microsoft Azure Defender for Cloud, Azure Sentinel, Azure Active Directory / Entra ID
• Google Cloud Security Command Center, Chronicle SIEM

Identity & Access Management

• Cloud Infrastructure Entitlement Management (CIEM)
• Just-In-Time (JIT) access provisioning frameworks
• OIDC, SAML 2.0, OAuth 2.0 federation and SSO architectures

Automation & DevSecOps

• Infrastructure as Code: Terraform, AWS CloudFormation, Pulumi
• Scripting: Python, Go, Bash
• CI/CD security integration: SAST, DAST, SCA tooling (e.g., Snyk, Checkov, Semgrep)
• SOAR platforms: Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOAR

Cloud Networking & Perimeter

• Zero Trust Network Access (ZTNA) architecture and implementation
• Cloud WAF, SD-WAN, and secure connectivity design
• Network micro-segmentation and east-west traffic controls

Compliance & Governance

• NIST SP 800-53, CIS Benchmarks, SOC 2, FedRAMP, FISMA
• CNAPP and CSPM tools: Prisma Cloud, Wiz, Orca Security, or equivalent
• Threat modeling methodologies: STRIDE, MITRE ATT&CK for Cloud

Benefits

Dragonfli Group offers a comprehensive benefits package to support the health, financial well-being, and work-life balance of our team members:

• Insurance – Comprehensive health, dental, and vision coverage for employees and eligible dependents
• Paid Time Off (PTO) and 11 Federal Holidays – Generous PTO accrual plus all 11 federally recognized holidays
• 401(k) with Employer Match – Competitive employer match to support your long-term financial goals