Cloud Security Architect

Cloud Security Architect **WORK STATUS - USC Only due to SECRET CLEARANCE eligibility**

Secure cloud architecture, FedRAMP assessment, RMF/ATO evidence, and hybrid cloud mission assurance

Role Summary

The Cloud Architect will serve as Turbo Federal's senior cloud security architecture lead for our federal customer, responsible for designing, assessing, documenting, and continuously improving secure cloud and hybrid cloud environments that support mission systems, ATO maintenance, rapid ATO execution, FedRAMP cloud service assessments, and continuous monitoring.

This role will directly support requirement to secure General Support Systems and Major Applications across on-premises, cloud, hybrid, and air-gapped environments while aligning security architecture decisions with NIST, FedRAMP, FISMA, and JCAM requirements.

The Cloud Architect will provide senior technical leadership for cloud boundary definition, AWS and Azure security control implementation, cloud service provider assessment, network segmentation, encryption, logging, cloud-native detection, and risk-based authorization decision support. This role is especially important because cloud-hosted applications, hybrid interconnections, shared services, and inherited FedRAMP controls must be translated into clear, auditable authorization evidence that Authorizing Officials, ISSOs, SCAs, system owners, and privacy stakeholders can use to make defensible risk decisions.

Education, Certifications, and Clearance

· Master's degree in cybersecurity, information systems, computer science, or a related discipline.

· Public Trust / Suitability (eligible for Secret).

· Two (2) or more Cloud certifications strongly preferred, such as AWS Certified Solutions Architect - Professional, AWS Certified Security - Specialty, Microsoft Azure Solutions Architect Expert, or Microsoft Cybersecurity Architect Expert.

· One (1) or more Security certifications strongly preferred, such as CISSP, CISM, CISA, CRISC, CAP/CGRC, or CCSP.

Required Knowledge, Skills, and Abilities

· 10+ years of experience in cloud and cloud security solutions in federal government systems.

· Networking Expertise: Strong knowledge of networking, with a focus on AWS native firewall, AWS Direct Connect, AWS Outposts network configuration, reverse proxy configurations, and related automation. This expertise will be valuable in assessing FedRAMP-specific responses against various controls.

· Continuous Monitoring (ConMon): Proven ability to design and implement continuous monitoring solutions for cloud systems and applications.

· AI-Enabled Compliance Automation: Capability to design AI-powered tools that can scan all cloud accounts and VPCs, collect FedRAMP-specific responses, store them in a centralized repository for ConMon, and analyze them to identify unmet requirements.

· Security Event Analysis: Strong experience in accessing, reviewing, and interpreting reports and alerts generated by SIEM tools such as Splunk.

· AWS Security Services: Proficient in reviewing and analyzing reports from AWS GuardDuty, Security Hub, and Amazon Inspector, including interpreting compliance and non-compliance metrics such as pie charts.

· Data Encryption: In-depth understanding of end-to-end data encryption in transit and at rest, including SSL/TLS implementation.

· Vulnerability Identification: Ability to identify potential vulnerabilities, particularly those related to data or configuration tampering.

Primary Responsibilities

· Lead the design and validation of cloud architectures, ensuring that cloud environments are secure by design and properly documented within the RMF/ATO body of evidence.

· Assess system boundaries, data flows, cloud service models, inherited controls, interconnections, encryption mechanisms, identity and access models, logging requirements, and shared responsibility considerations for SaaS, PaaS, and IaaS environments.

· Support ATO Maintenance and Rapid ATOs by helping define cloud system boundaries; documenting cloud assets, services, VPCs, subnets, endpoints, security groups, and data types; mapping cloud components to applicable NIST SP 800-53 controls; supporting SSPP and RTM development; and ensuring cloud security architecture artifacts are complete, accurate, and review-ready in JCAM.

· Support categorization, control selection, control tailoring, control allocation, ISCM planning, SSPP review, control implementation, assessment planning, POA&M development, authorization package assembly, and ongoing authorization reporting.

· Design and implement cloud continuous monitoring patterns that integrate SIEM, vulnerability management, CSP-native tools, and compliance automation.

· Work with Splunk, AWS GuardDuty, AWS Security Hub, Amazon Inspector, Azure security tooling, vulnerability scan outputs, and cloud configuration evidence to help capture real-time security posture information and convert it into audit-ready ATO evidence.

· Support cloud security operations by defining cloud security controls; advising on cloud incident response, penetration testing support, reverse engineering support, cloud network and endpoint analytics, cloud-native security monitoring, vulnerability remediation, cloud security governance, regulatory compliance, audit support, privacy and data protection practices, and post-incident recovery.

· Assess AWS and Azure cloud services for FedRAMP inheritance, boundary placement, shared responsibility gaps, and authorization evidence completeness.

· Design cloud logging, monitoring, and alerting architectures that feed Splunk, SOC workflows, vulnerability management, incident response, and JCAM evidence repositories.

· Support cloud data protection through encryption at rest, encryption in transit, TLS/SSL implementation, KMS design, key rotation, certificate management, and least-privilege IAM.

· Build or advise on AI-enabled or automation-enabled compliance workflows that scan cloud accounts, VPCs, services, and configurations; gather FedRAMP-specific responses; identify unmet requirements; and produce continuous monitoring evidence.

· Translate complex cloud risks into mission-impact language for PMs, ISSOs, SCAs, system owners, COR, AO, and executive stakeholders.

Pay: $150,000.00 - $180,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Vision insurance

Education:

• Master's (Required)

Security clearance:

• Secret (Preferred)

Ability to Commute:

• Washington, DC 20534 (Required)

Work Location: In person