Cybersecurity and Cloud Automation Engineer
Job Description
This role centers on securing and automating multi‑cloud AWS environments to support USAF missions, leveraging infrastructure as code, configuration as code, and security as code across AWS, Azure, Google, and Oracle clouds.
Responsibilities
- Dual‑focused engineer concentrating on securing and automating AWS environments via infrastructure as code, configuration as code, and security as code.
- Collaborate within DevSecOps teams to design secure cloud architectures and automate provisioning, configuration, and monitoring pipelines.
- Establish and enforce security controls for AWS services in alignment with NIST, FISMA, and DISA STIG requirements.
- Set up secure logging, monitoring, and telemetry pipelines using CloudTrail, CloudWatch, and SIEM integrations for cloud workloads.
- Conduct vulnerability assessments and coordinate remediation across cloud hosts, containers, and services.
- Participate in security architecture reviews and change/configuration boards to validate secure designs and deployments.
- Develop, maintain, and version‑control IaC modules (Terraform, CloudFormation) for networking, compute, storage, IAM, and security resources in AWS.
- Leverage configuration as code tools (Ansible, Puppet) to automate OS, middleware, and application hardening.
- Design and operate CI/CD pipelines that integrate IaC/CaC with security checks for automated build, test, and deployment.
- Create hardened golden images aligned with STIG/CIS benchmarks and reusable templates for repeatable secure deployments.
- Embed security baselines, IAM policies, network segmentation, and encryption standards into IaC, CaC, and pipeline code as Security‑as‑Code.
- Incorporate automated security and compliance testing (SAST/DAST, dependency scanning, policy‑as‑code) into pipelines to enforce controls before release.
- Support continuous monitoring and authorization by maintaining evidence, automated checks, and documentation for audits.
- Assist day‑to‑day operations of multi‑environment AWS landscapes (dev, test, stage, prod, DR), including health and performance monitoring.
- Troubleshoot networking, access, and application deployment issues; contribute to incident and problem management and root‑cause analysis.
- Implement identity and context‑aware access controls, MFA, and policy‑based access in support of Zero Trust principles.
- Collaborate with developers, cloud engineers, security analysts, and operations staff to design secure, automated solutions.
- Contribute to technical documentation, including architecture diagrams, IaC/CaC module references, SOPs, and runbooks.
- Share best practices in secure cloud engineering and automation with teammates and provide informal knowledge transfer and peer support.
Requirements
- Bachelor’s degree in a technical field with 8 years of applicable cloud and cybersecurity engineering experience; additional years of hands‑on work may substitute for the degree.
- Hands‑on experience with AWS services and DevSecOps practices in production environments.
- Practical experience with IaC/CaC tooling (Terraform, CloudFormation) and configuration management tools (Ansible, Puppet) plus CI/CD pipelines.
- Experience applying NIST, FISMA, and STIG/CIS controls in cloud settings and supporting ATO or accreditation activities.
- Strong written and verbal communication skills and ability to work effectively in cross‑functional teams.
Technologies
- AWS
- Terraform
- CloudFormation
- Ansible
- Puppet
- CloudTrail
- CloudWatch
Benefits
- Health and wellness programs
- Income protection
- Paid leave
- Retirement plans