Cloud Security Architect -SME

About the position LS Technologies, a Tetra Tech Company is seeking a highly skilled Cloud Security Architect. This role will provide advanced technical leadership in the design, implementation, and oversight of secure cloud-based systems and architectures supporting FAA mission-critical applications. The candidate will apply deep expertise in cloud security engineering, system integration, and cybersecurity frameworks to ensure compliance with federal regulations and alignment with FAA enterprise architecture standards. The Systems Engineer will work closely with cross-functional teams to ensure the stability, scalability, and security of systems deployed on AWS, while adhering to FAA regulations and best practices.

Responsibilities

• Apply senior-level engineering knowledge to analyze and solve engineering, scientific, or management problems.
• Serve as the lead Cloud Security Architect, designing and implementing secure architectures for multi-cloud and hybrid environments supporting FAA systems.
• Define and document cloud security reference architectures, patterns, and standards consistent with NIST, FedRAMP, DHS CDM, and FAA-specific security requirements.
• Develop, track, and manage Plans of Action and Milestones (POA&Ms) to ensure timely remediation of security findings.
• Perform and support of IRAT (Information Risk Assessment Tool) testing, validation, and reporting for FAA systems.
• Prepare, review, and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and continuous monitoring deliverables.
• Conduct system engineering analyses to identify risks, vulnerabilities, and mitigation strategies for cloud-based solutions.
• Support the development of security controls, continuous monitoring strategies, and compliance documentation for FAA cloud systems.
• Collaborate with cross-functional engineering, cybersecurity, and operations teams to ensure seamless integration of security into all phases of the system lifecycle.
• Lead technical reviews, risk assessments, and trade-off analyses to inform FAA cloud adoption and modernization initiatives.
• Provide subject matter expertise on Identity and Access Management (IAM), Zero Trust Architecture, data encryption, container security, and secure DevSecOps practices.
• Mentor and guide junior engineers, ensuring knowledge transfer and capability development within FAA technical teams.
• Interface with FAA leadership and external stakeholders to present cloud security strategies, risks, and mitigation plans.

Requirements

• 10+ years of progressive systems engineering experience, including at least 5 years focused on cloud security architecture and engineering.
• Strong knowledge of NIST risk management framework, FedRAMP, FISMA, Zero Trust, and federal cybersecurity standards.
• Demonstrated experience with AWS, Azure, or GCP cloud environments, including security design and compliance.
• Hands-on experience with POA&M management, IRAT Testing, and development of security documentation.
• Expertise with IAM, PKI, data protection, logging/monitoring, and cloud-native security services.
• Hands-on experience with DevSecOps, CI/CD pipelines, and container/orchestration security (Docker, Kubernetes, OpenShift).
• Familiarity with vulnerability management tools (e.g., Tenable, Qualys), SIEM solutions (e.g., Splunk, ELK), and endpoint/cloud security platforms.
• Strong analytical, communication, and documentation skills, with proven ability to interact with senior government stakeholders.
• Bachelor's degree in Computer Science, Information Systems, Engineering, or related field (Master's degree preferred).
• AWS Cloud Services - Expertise in AWS infrastructure, security, and automation services.
• Scripting & Automation - Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation tasks.
• Operating Systems - Experience with Linux and Windows operating systems.
• Virtualization & Containerization - Knowledge of container platforms like Docker and Kubernetes.
• Networking - Understanding of cloud networking concepts such as VPC, subnets, load balancing, and VPN configurations.
• CI/CD & DevOps - Familiarity with CI/CD pipelines and DevOps tools such as Jenkins, Git, or AWS CodePipeline.
• Zero Trust and Cybersecurity - Knowledge of Zscaler platform
• Must have ability to obtain and maintain a Public Trust.

Nice-to-haves

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CCSP (Certified Cloud Security Professional)
• AWS Certified Security - Specialty
• Microsoft Certified: Azure Security Engineer Associate
• Google Professional Cloud Security Engineer

Benefits

• Medical, Dental, Vision, Life Insurance, Short-Term Disability, Long-Term Disability, 401(k) match, Flexible Spending Accounts, EAP, Education Assistance, Parental Leave, Annual Leave, and Holidays.
• Comprehensive and market-competitive benefits.
• Merit-based financial rewards.
• Flexibility and company-wide commitment to work/life balance.
• Collaborative team atmosphere that values the contributions of all employees.
• Learning and development opportunities for ongoing professional growth.

Apply tot his job Apply To this Job