Cloud Security Engineer

The Cloud Security Engineer is responsible for the technical implementation and day-to-day management of security controls within DoD cloud environments (Impact Levels 2, 4, 5, and 6). You will act as the primary technical lead for hardening cloud resources, remediating vulnerabilities discovered during automated scans, and ensuring that all deployments meet DISA and NIST requirements. This role is critical for maintaining a "Continuous ATO" (cATO) posture by integrating security directly into the software factory.
Core Responsibilities:
• Technical Hardening: Apply DISA STIGs and SRGs to cloud-native services, Linux/Windows virtual machines, and containerized workloads.
• Vulnerability Management: Operate ACAS (Nessus) and other scanning tools to identify risks; lead the technical remediation and patching efforts.
• Identity Engineering: Implement and maintain Trusted Cloud Credential Management (TCCM) and RBAC policies to enforce strict Least Privilege.
• DevSecOps Integration: Configure security "gates" in CI/CD pipelines (SAST, DAST, and container image scanning) using tools like Iron Bank hardened images.
• Continuous Monitoring: Build and manage centralized logging and alerting (Splunk, ELK, or native tools like AWS CloudWatch/Azure Monitor) to ensure visibility for the CSSP (Cyber Security Service Provider).
• Documentation Support: Generate technical evidence and artifacts for the System Security Plan (SSP) and eMASS entries.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

o Security+ CE (Minimum for entry/mid)
o CySA+, Cloud+, or CISSP (Preferred for senior-level engineering)
• Education: Bachelor’s degree in a technical field or 5+ years of equivalent hands-on experience in cybersecurity.
• Technical Experience: * 3+ years of experience in cloud security (AWS GovCloud, Azure Government, or OCI).
o Proven experience with Linux/Unix administration (approx. 70% of DoD cloud environments are Linux-based).
o Familiarity with NIST SP 800-53 security controls.

These "plus" factors are highly valued for modern DoD cloud initiatives like Platform One or JWCC.
• Clearance: Active Secret or Top Secret clearance
• Container Expertise: Experience securing Kubernetes (K8s) and using Big Bang or Platform One infrastructure-as-code baselines.
• Automation Mastery: Proficiency in Terraform, Ansible, and Python/Bash for "Compliance as Code."
• Advanced DoD Tools: Hands-on experience with eMASS, VRAM, or HBSS/ESS (Endpoint Security Suite).
• Specialized Knowledge: * Experience with Platform One, Cloud One, or JWCC (Joint Warfighting Cloud Capability).
o Familiarity with the CMMC 2.0 (Cybersecurity Maturity Model Certification) framework.
• Cloud Native: Experience using the DSOP (DevSecOps Platform) and deploying secure code to the Tactical Edge (disconnected or intermittent environments).
• Cloud Specialties: Certifications such as Azure Security Engineer Associate or AWS Certified Security – Specialty
• Zero Trust: Experience implementing Zero Trust principles at the network and application layers (e.g., Istio service mesh, micro-segmentation).

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.