Senior Cloud Infrastructure Consultant (Active TS/SCI)

SENIOR CLOUD INFRASTRUCTURE CONSULTANTLocation: 100% on site in Chantilly, VAPlease note this position requires an Active TS/SCI clearance verifiable in DISS. The Senior Cloud Infrastructure Consultant will work in a Secured Compartmentalized Information Facility (SCIF).Position SummaryCG Infinity is expanding our AWS Professional Services delivery team to support a high-priority national-security program. As a Senior Cloud Infrastructure Consultant, you will design and stand up secure, multi-account AWS Landing Zones in air-gapped and classified regions that serve as the foundational platform for downstream mission applications. You will partner directly with AWS Professional Services architects and government technical leads, owning architecture decisions across networking, identity, security, and automation.This is a hands-on engineering role: you will write Terraform, configure VPCs and Transit Gateways, harden IAM, and deploy logging and audit pipelines that satisfy DoD/IC accreditation requirements. The work directly enables Authority to Operate (ATO) and accelerates the customer's adoption of cloud-native capabilities.Key ResponsibilitiesDesign and deploy AWS Landing Zones in air-gapped, classified regions, including AWS Control Tower equivalents and account-vending automationArchitect multi-account AWS organizations with appropriate Organizational Unit (OU) structure, Service Control Policies (SCPs), and tag governanceBuild and maintain Infrastructure-as-Code modules in Terraform (and AWS CloudFormation where required) for repeatable, auditable deploymentsConfigure VPCs, subnets, route tables, Transit Gateways, VPC endpoints, DNS (Route 53 / hybrid resolvers), and private connectivity to on-premises enclavesImplement IAM policies, permission boundaries, role federation, and break-glass procedures aligned to least-privilege principlesStand up centralized logging, audit, and monitoring (CloudTrail, Config, GuardDuty, Security Hub, CloudWatch) and integrate with the customer's SIEMIntegrate the cloud platform with enterprise identity (e.g., Identity, Credential, and Access Management (ICAM); Personal Identity Verification (PIV); Common Access Card (CAC)) and compliance toolingCollaborate with AWS Professional Services, mission application teams, and the customer's Risk Management Framework (RMF) / Authority to Operate (ATO) authorizing officialsProduce architecture diagrams, runbooks, and design decision records suitable for ATO body-of-evidence packagesRequired QualificationsU.S. Citizenship and active Top Secret / SCI clearanceFive (5) or more years of hands-on AWS engineering experience, including building environments from inception (greenfield)Demonstrated experience designing multi-account AWS architectures and AWS Landing Zone patternsAdvanced AWS networking knowledge: VPC design, Transit Gateway, PrivateLink, hybrid DNS, and on-premises connectivity patternsProficiency with Infrastructure-as-Code, specifically Terraform and/or AWS CloudFormation, including module design and state managementExperience implementing AWS security controls, IAM at scale, KMS, audit logging, and resource-based policiesFamiliarity working in classified or highly regulated environments and producing artifacts suitable for compliance reviewBachelor's degree in Computer Science, Engineering, or a related discipline - or equivalent professional experienceClear written and verbal communication skills for technical documentation, stakeholder coordination, and customer-facing deliveryPreferred QualificationsPrior delivery experience in AWS GovCloud (US), AWS Secret Region / AWS Secret-West, or AWS Top Secret-East/WestWorking knowledge of DISA STIGs, NIST SP 800-53 / 800-171, and the DoD Cloud Computing Security Requirements Guide (SRG)Direct experience supporting Risk Management Framework (RMF) / Authority to Operate (ATO) packages (SSP, control implementation, POA&M)Experience with CI/CD for infrastructure (GitLab CI, Jenkins, AWS CodePipeline)Scripting in Python or PowerShell for automation and integration tasksPreferred CertificationsAWS Certified Solutions Architect - Professional AWS Certified Advanced Networking - SpecialtyAWS Certified Security - SpecialtyHashiCorp Certified: Terraform AssociateHashiCorp Certified: Terraform Authoring & Operations ProfessionalWork Environment & Physical RequirementsOnsite work within a Sensitive Compartmented Information Facility (SCIF). Mobile devices are not permitted in the work area.GET TO KNOW US:CG Infinity, Inc. is a software consulting firm that was founded in 1998. We offer solutions that are tailored to the needs of each individual client that we work with instead of offering standard, run-of-the-mill solutions to everyone. We work closely with our clients throughout the entire process and offer solutions for a myriad of challenges. CG Infinity has offices in Plano, TX, Houston, TX, Little Rock, AR, and Albuquerque, NM.OUR CULTURE:Our people-first approach to technology offers best-in-class service and success rates. Here are some of the main services that we offer at CG Infinity: Salesforce Implementations, Customer Experience & CRM, Application Development & Integration, Production Support & QA, and Data Analytics & AI.Powered by JazzHRj0IcTOwNQr