cFocus Software Incorporated · 19 hours ago
DOJ - Cloud Security Architect
United States
Full-time
Remote
Senior Level
5+ years expcFocus Software seeks a Cloud Security Architect to join our program supporting the Department of Justice (DOJ). The role involves implementing and securing cloud-native architectures while ensuring compliance with cybersecurity policies and standards.
ChatbotGovernmentInformation TechnologySoftware
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Serve as the technical cloud security engineering resource supporting DOJ and BOP Rapid ATO activities
Implement, configure, and secure cloud-native architectures supporting IaaS, PaaS, and SaaS environments
Integrate security controls into cloud infrastructure using DevSecOps and Infrastructure-as-Code (IaC) practices
Ensure cloud security implementations align with DOJ cybersecurity policies, NIST standards, FedRAMP requirements, and RMF processes
Support secure configuration and hardening of cloud services, workloads, and applications
Support system preparation activities by identifying cloud assets, services, and dependencies
Assist in defining authorization boundaries for cloud-hosted systems and environments
Support automated discovery and inventory of cloud resources using continuous scanning tools
Assist with identifying information types processed, stored, or transmitted in cloud environments, including PII
Provide technical input to system security categorization (confidentiality, integrity, availability) based on cloud architecture and data flows
Support mapping of cloud components and services to NIST SP 800-53 and DOJ Cybersecurity Standard 0904 controls
Assist with selection and tailoring of cloud-specific security and privacy controls
Support documentation of shared responsibility models and inherited controls from Cloud Service Providers (CSPs)
Provide technical input for control allocation and Requirements Traceability Matrix (RTM) development
Assist in documenting control implementations within the System Security and Privacy Plan (SSPP)
Implement security controls in cloud environments using AWS-native services and security tooling
Configure and manage:
Virtual Private Clouds (VPCs), subnets, routing, and security groups
Identity and Access Management (IAM) roles, policies, and least-privilege access
Encryption at rest and in transit using KMS, SSL/TLS, and certificate services
Secure storage and database encryption (S3, RDS, data lakes)
Implement application and network security controls including WAFs, API Gateway protections, egress proxies, and domain segmentation
Integrate security automation into CI/CD pipelines using CloudFormation or other IaC tools
Document implemented and compensating controls and support updates to SSPP and related artifacts
Support security and privacy control assessments by generating and validating technical evidence from cloud environments
Use SIEM, vulnerability management, and compliance tools to collect real-time assessment data
Analyze findings from tools such as Splunk, Nessus, Tenable Security Center, and cloud security services
Assist in identifying control weaknesses, misconfigurations, and vulnerabilities
Support development and updates of Security and Privacy Assessment Reports (SARs) and POA&Ms
Support preparation of authorization packages by providing cloud security configurations and evidence
Assist in evaluating cloud-specific risks and residual risk impacts
Support risk analysis, threat modeling, and remediation planning
Provide technical input for risk response actions and recommendations
Implement and maintain continuous monitoring capabilities for cloud environments
Configure automated alerts for control failures, misconfigurations, and critical vulnerabilities
Support orchestration and automated remediation actions for cloud security findings
Assist with ongoing assessment of a subset of security controls in support of Re-ATO activities
Maintain up-to-date cloud security artifacts supporting near real-time risk visibility
Support validation that all cloud services used by BOP systems maintain valid FedRAMP authorization
Assist with review and validation of FedRAMP security packages for SaaS, PaaS, and IaaS offerings
Support documentation of control inheritance and CSP responsibilities
Assist in identifying gaps between CSP controls and system-specific security requirements
Qualification
Required
Active Public Trust clearance
B.S. degree in Computer Science, Information Technology, or a related field
Minimum of 5 years of IT experience, demonstrating experience in the following areas: Cloud-native architectures, AWS, VPC, Security Groups, IAM, Docker, KMS, S3 Encryption, RDS Encryption, HTTPS, SSL Certificates, Data Lake security, CloudFormation, CloudFlare, CloudFront, API Gateway, Lambda, Egress proxies, application security, domain segmentation, authentication, data protection, and automation of processes
Experience using AWS Infrastructure-as-Code (IaC), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)
Research, Design, Development, Testing and Deployment experience using AWS IaaS, PaaS services, tools and technologies to support continuous integration and delivery on Linux Environment
Demonstrated ability to build and execute complex security plans in AWS
Experience working with compliance and regulatory requirements in AWS
Experience working in a risk-based environment including mitigation, planning, and implementation in AWS
Hands on experience with experience in Splunk, Nessus, Tenable Security Center, and firewall tools such as Palo Alto, Imperva, Fortinet, etc
Minimum of one of the following certifications: CISA, CRISC, CISSP, CAP
Company
cFocus Software Incorporated
cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint.
11-50 employees
Funding
Current Stage
Early StageLeadership Team
Manisha Griesinger, MPH, MSc
Program Manager | U.S. EPA Office of the Chief Financial Officer
Company data provided by crunchbase