JOBSEARCHER

Cloud Security Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

About EastBay Systems (Formerly DANASTAR Professional Services)EastBay Systems is a cybersecurity and information technology consulting firm supporting Federal civilian agencies in delivering secure, resilient, and compliant enterprise systems. We specialize in Cybersecurity Program Management, Security Engineering, Governance, Risk & Compliance (GRC), Security Operations Center (SOC) operations, Cloud Security, and Continuous Monitoring.We are seeking a Senior Cloud Security Engineer to serve as the organization's technical lead for cloud security architecture, engineering, infrastructure protection, and cloud compliance across Azure, AWS, and hybrid environments.Position SummaryThe Senior Cloud Security Engineer is responsible for designing, implementing, securing, and continuously improving enterprise cloud infrastructure supporting Federal information systems. This position serves as the technical authority for cloud security architecture, cloud identity, cloud networking, infrastructure hardening, security monitoring, vulnerability management, and cloud governance.The engineer works closely with Cloud Engineers, Security Engineers, DevSecOps, SOC analysts, GRC specialists, and Federal stakeholders to ensure cloud platforms are secure, resilient, continuously monitored, and compliant with FISMA, NIST RMF, FedRAMP, Zero Trust Architecture, and OMB cybersecurity requirements.This position focuses on securing the cloud platforms and infrastructure that host enterprise applications. Application security, secure software development, and CI/CD pipeline security are performed by the DevSecOps Engineer.Key ResponsibilitiesCloud Security ArchitectureDesign and implement secure Azure, AWS, and hybrid cloud architectures.Develop cloud security reference architectures, engineering standards, and implementation guidance.Support enterprise cloud adoption initiatives and secure cloud migrations.Design secure Landing Zones, subscription/account architectures, and cloud governance models.Review cloud solution architectures for compliance with Federal cybersecurity requirements.Implement Zero Trust principles within cloud environments.Cloud Infrastructure SecuritySecure cloud infrastructure, including virtual networks, compute, storage, databases, platform services, and cloud-native resources.Implement and maintain security controls for Azure and AWS services.Configure and maintain Network Security Groups (NSGs), AWS Security Groups, firewalls, Web Application Firewalls (WAFs), Application Gateways, load balancers, VPNs, ExpressRoute, Direct Connect, Private Endpoints, and cloud networking components.Develop and maintain secure cloud configuration baselines and hardening standards.Perform cloud security architecture reviews and recommend improvements to reduce attack surface.Identity & Access ManagementDesign and implement secure cloud identity architectures.Administer Microsoft Entra ID, cloud IAM services, Privileged Identity Management (PIM), Conditional Access, managed identities, and role-based access control (RBAC).Develop least-privilege access models and identity governance standards.Support identity federation, authentication, authorization, and privileged access management.Cloud Security Monitoring & LoggingDesign and implement cloud security monitoring architectures.Identify and enable cloud platform logs required to support Continuous Monitoring (ISCM), threat detection, incident response, and forensic investigations.Ensure Azure, AWS, and hybrid infrastructure generates and forwards required security logs to enterprise monitoring platforms.Manage infrastructure logging, including cloud activity logs, identity logs, network flow logs, firewall logs, storage logs, platform diagnostics, and cloud service audit logs.Collaborate with the SOC to integrate cloud telemetry into enterprise SIEM and detection engineering processes.Define cloud log retention, protection, integrity, and archival requirements in accordance with Federal policies.Cloud Security BaselinesEstablish and maintain secure infrastructure configuration baselines.Develop and maintain Ports, Protocols, and Services (PPS) baselines for cloud infrastructure components, virtual networks, platform services, and cloud-hosted resources.Validate approved network communications, segmentation, trust relationships, ingress and egress rules, and service exposure.Review firewall rules, routing, DNS configurations, and network security controls to minimize attack surface.Ensure infrastructure configurations comply with Zero Trust Architecture and least functionality principles.Cloud Security EngineeringImplement and manage Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) capabilities.Secure containers, Kubernetes clusters, serverless services, storage platforms, databases, and cloud-native services from an infrastructure perspective.Implement cloud vulnerability management, configuration compliance monitoring, and security policy enforcement.Support cloud encryption, key management, certificate management, and secrets management solutions.Federal ComplianceSupport FISMA, RMF, FedRAMP, and Continuous Monitoring (ISCM) activities related to cloud infrastructure.Develop technical documentation supporting NIST SP 800-53 security controls.Support Security Assessment and Authorization (A&A) activities.Assist with remediation of cloud-related POA&M findings.Participate in audits, assessments, and compliance reviews.Implement cloud security controls consistent with OMB directives, Federal Zero Trust guidance, and agency cybersecurity policies.CollaborationPartner with DevSecOps Engineers to ensure secure deployment of applications into cloud environments.Collaborate with Cybersecurity Engineering on enterprise security standards and cloud architecture.Work closely with SOC analysts to improve cloud detection, monitoring, and incident response capabilities.Support GRC teams during assessments, audits, and continuous monitoring activities.Provide technical leadership on cloud security technologies, architectures, and best practices.Required QualificationsBachelor's degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or a related technical discipline.8+ years of experience in cloud security engineering or cybersecurity engineering.5+ years securing Azure and/or AWS environments.Strong knowledge of cloud networking, identity management, virtualization, storage, and infrastructure security.Experience implementing Microsoft Entra ID, Conditional Access, PIM, IAM, and RBAC.Experience with Azure Policy, AWS Config, cloud governance, and secure cloud architectures.Experience designing cloud logging, monitoring, and security telemetry solutions.Experience establishing infrastructure security baselines and Ports, Protocols, and Services (PPS) standards.Experience with Microsoft Defender for Cloud or comparable CSPM/CWPP platforms.Strong understanding of Zero Trust Architecture, cloud hardening, and cloud security best practices.Experience supporting FISMA, NIST RMF, NIST SP 800-53 Rev. 5, FedRAMP, and Continuous Monitoring (ISCM).Experience with PowerShell, Azure CLI, AWS CLI, or Python.Excellent communication and technical leadership skills.Preferred QualificationsCISSPCCSPMicrosoft Certified: Azure Security Engineer Associate (AZ-500)AWS Certified Security – SpecialtyAWS Solutions Architect – ProfessionalMicrosoft Cybersecurity Architect (SC-100)GIAC Cloud Security certificationsExperience with Microsoft Defender for Cloud, Microsoft Sentinel, Azure Monitor, AWS CloudWatch, CloudTrail, Azure Firewall, AWS Network Firewall, Terraform, Kubernetes, OpenShift, or enterprise cloud governance platforms.Experience supporting FedRAMP High or Moderate cloud environments.