CACI International Inc · 5 months ago
Cloud Security Engineer
US VA Sterling
Full-time
Onsite
Mid, Senior Level
$87K/yr - $182K/yr
5+ years expCACI International Inc is a leading provider of information technology solutions, and they are seeking a Cloud Security Engineer to support their Makalu contract. The role involves serving as an information security specialist, reviewing software and infrastructure changes, and maintaining security documentation while implementing security best practices in a cloud-based environment.
Information TechnologyService IndustrySoftware
No H1B
Security Clearance Required
Responsibilities
Reviewing Audit logs and creating mitigation and corrective action plans
Working with development teams to create, maintain, and monitor data connections, NPE security certificates, firewall connection requests
Applying cloud, network, and security best practices to ensure that all requests meet the application goals while minimizing security risk
Work with platforms teams to implement DevSecOps process maintained in Linux/Cloud based development environment
Applying best practices and processes to capture, refine, and assist in the prioritization of requirements based on risk, engineering principles, and mission requirements
Providing enhanced security architectures, development tools, and information systems to facilitate secure missions
Information System Owners (ISOs) guidance, requirements understanding, and options to support technical security engineering
Capability based security analysis of system security architectures, identifies vulnerabilities, and provides suggested mitigation alternatives
Participates in design, development, and implementation of information systems to ensure these systems are in compliance with required security features and safeguards
Security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations
Evaluates scan results and works with system developers and system administrators to eliminate or mitigate findings
Generates certification and accreditation (C&A) documentation and artifacts (ie. System Security Plans, Network Interface Planning Documents, etc.) for import / upload to the SNOW tool
Proposes categorization of information systems based on types of information processed, in conjunction with DAO Representatives and ISOs
Coordinates with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understating in development and application of security controls, and security tradeoffs and other decisions
Qualification
Required
An active TS/SCI clearance with Poly Clearance
Bachelor's degree in information systems, systems engineering, electrical engineering, information technology, or related field
5+ years of relevant experience (or 7+ years without related degree)
This role requires someone with the technical experience that can implement security policies
Understanding of engineering in development and operational environment
Understanding of IA principle and organizational requirements
Experience with DOD/IC System Security control requirements
Understanding of information security systems engineering principles and IT security technologies (e.g. firewalls, encryption, proxies)
Experience with security control testing and demonstration
Certification and/or experience with Amazon Web Services
Familiarity with implementing configuration management tools (e.g., Ansible, Puppet, Chef) to enforce security policies
Ability to integrate security requirements into the design and development of systems
Familiarity with implementing security controls in cloud based environment and development environments
Experience working with system administrators, developers, and systems engineers to continually monitor and ensure system compliance
Strong Communication skills
Familiarity with developing and maintaining system security documentation
Enthusiastic & energetic performer able to work in a dynamic, fast-paced, & high visibility environment
Self-motivated and capable of performing tasks with minimal oversight
Team player incorporating a team based success philosophy
Current Security+, CISSP, or equivalent DOD 8570 IAT 2/3 certification
Proficient with troubleshooting and implementation in a command-line Linux environment
Preferred
Hands-on experience with security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), encryption technologies, cross domain solutions, and vulnerability management tools
Experience with microservice architectures (Rancher, Kubernetes, etc.) and knowledgeable with setup, maintenance, and ongoing support for such environments
Strong understanding of IAM concepts and technologies, including role-based access control (RBAC), single sign-on (SSO), and multi-factor authentication (MFA)
Experience with configuration of IAM solutions such as Active Directory, LDAP, and cloud-based IAM services
Experience with configuration of security information and event management (SIEM) systems, such as Splunk, ArcSight, or ELK stack
Proficiency in network protocols and secure network design in AWS or similar cloud environments
Familiarity with SNOW tool
Proficient in implementing/using security tools for penetration testing, vulnerability assessments, and security audits
Knowledge or desire to learn Container Security, orchestration, continuous monitoring, auditing, etc
Benefits
Healthcare
Wellness
Financial
Retirement
Family support
Continuing education
Time off benefits
Company
CACI International Inc
At CACI International Inc (NYSE: CACI), our 25,000 talented and dynamic employees are ever vigilant in delivering distinctive expertise and technology to meet our customers’ greatest challenges in national security.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$1B2025-05-21Post Ipo Debt· $1B
2003-01-10IPO
Leadership Team
John Mengucci
President & CEO
Darryl W Burke
Senior Vice President / Air Force Client Executive
Recent News
Washington Technology
2026-01-11
2026-01-09
2026-01-03
Company data provided by crunchbase