Job Description

Principal Cloud Security Engineer

Location: Washington, DC (Onsite)

Clearance: Active Secret

Employment Type: Full-Time

Role Summary:

We are seeking a Principal Cloud Security Engineer to lead the design, automation, and enforcement of security across large-scale federal cloud environments. This role focuses on cloud security architecture, DevSecOps automation, and secure platform enablement in a multi-cloud ecosystem.

The ideal candidate is highly technical, self-directed, and comfortable operating as the senior security authority for cloud platforms. You will define secure patterns, implement guardrails at scale, and embed security directly into infrastructure and CI/CD pipelines.

Key Responsibilities:

Cloud Security Architecture:

• Design and guide secure architectures across AWS, Azure, and GCP, including GovCloud and restricted environments
• Define and enforce security baselines aligned with NIST 800-53, FedRAMP, and CIS Benchmarks
• Lead threat modeling, architecture reviews, and secure design guidance for cloud workloads

DevSecOps & Automation:

• Build and maintain Infrastructure as Code using Terraform (preferred) and cloud-native tooling
• Integrate automated security controls into CI/CD pipelines (SAST, DAST, IaC scanning, container scanning)
• Implement policy-as-code guardrails using tools such as AWS SCPs, Azure Policy, and cloud-native governance services
• Develop automated remediation and enforcement workflows to reduce manual security effort

Governance, Compliance & Visibility:

• Embed compliance controls directly into cloud infrastructure and pipelines to support ATO efforts
• Partner with compliance teams and auditors on evidence collection and continuous monitoring
• Implement centralized logging, monitoring, and incident response across cloud environments

Technical Leadership:

• Serve as the senior cloud security SME for engineers, architects, and stakeholders
• Mentor engineers on secure cloud development and DevSecOps practices
• Translate complex security concepts to both technical and non-technical audiences

Required Qualifications:

• Active Secret clearance
• 8+ years in cybersecurity or cloud engineering, including 5+ years focused on cloud security
• Deep hands-on experience securing AWS, Azure, or GCP (experience in at least two preferred)
• Strong Infrastructure as Code experience (Terraform strongly preferred)
• Experience integrating security into CI/CD pipelines (GitHub Actions, GitLab, or similar)
• Proficiency in Python, Go, PowerShell, or Bash
• Strong understanding of IAM, networking, encryption, key management, and cloud-native security services
• Ability to operate independently and define security priorities without daily direction

Preferred Qualifications:

• Experience securing GovCloud, DoD IL5/IL6, or other regulated cloud environments
• Kubernetes and container security experience
• Zero Trust architecture implementation experience
• ServiceNow integrations for security workflows
• Cloud security certifications (AWS Security Specialty, Azure Security Engineer, etc.)

What Makes This a True Principal Role:

• Highly hands-on and deeply technical
• Owns security outcomes rather than executing predefined tasks
• Heavy DevSecOps and IaC focus
• Large-scale, multi-cloud environment
• Architecture and influence matter as much as implementation

Job Tags

Similar Jobs