Cloud Infrastructure & Network Security Engineer (AWS)
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: Secret
Employee Type: Regular
Percentage of Travel Required: None
Type of Travel: None
The Opportunity:
Cloud Infrastructure & Network Security Engineer (AWS)
The DHS CDM Program mission is to safeguard and secure cyberspace in an environment where the threat of cyber-attack is continuously growing and evolving. The CDM Program defends the United States (U.S.) Federal Information Technology (IT) networks from cybersecurity threats by providing continuous monitoring sensors (tools), diagnosis, mitigation tools, and associated services to strengthen the security posture of Government networks.
As a Cloud Infrastructure & Network Security Engineer (AWS), you are responsible for managing an enterprise that consists of multiple flavors of Linux & Windows within the AWS infrastructure-with cybersecurity at the core. Although this is a high-paced environment, be assured you'd be joining a high-tech, people-oriented team and overall community that's just as flexible as we're hoping you to be.
Responsibilities:
Lead the design, deployment, and troubleshooting of Azure VPN Gateways, ExpressRoute, and AWS Site-to-Site VPN, Transit Gateway, Web Application Firewalls and Direct Connect with BGP to support secure inter-account and external connectivity, including mission-critical links to DISA.
Oversee PPSM edits and IAP whitelisting requests, ensuring alignment with DoD cybersecurity requirements and verifying post-change connectivity.
Serve as a technical lead in the re-architecture and deployment of the Coast Guard's Azure Enterprise Cloud, including documentation and knowledge sharing.
Proactively troubleshoot complex hybrid-cloud infrastructure issues across Azure and AWS, including routing conflicts, firewall/NACL/NSG/SG blocks, and CAP/IAP restrictions.
Design and implement VPC peering, AWS PrivateLink endpoints, and Route 53 resolver rules to enable secure cross-VPC and hybrid network communication.
Lead the redeployment of Cisco FMC/FTDv boundary protection appliances, aligning with Cisco and AWS best practices, including policy design, SSO integration, and testing.
Develop and maintain Terraform modules to automate deployment of Versa VOS SD-WAN appliances, promoting infrastructure as code and repeatability.
Build serverless automation using AWS Lambda to enhance operational resilience through remote Cisco firewall backups.
Architect and implement Ansible automation, including server buildout and playbooks to manage Cisco FMC configurations via configuration as code.
Configure IAM roles, users, and policies to enable secure integration with third-party tools such as the Versa CMS connector in AWS.
Lead the provisioning of new AWS and Azure environments, applying security controls, routing, and firewall rules as part of the onboarding process for new accounts and workloads.
Conduct packet-level analysis using VPC Traffic Mirroring, Flow Logs, and custom CloudWatch metrics to diagnose and remediate performance and security issues in AWS.
Define and enforce segmentation and zoning strategies in AWS via Network ACLs, security groups, Transit Gateway route tables, and Control Tower guardrails.
Administer Azure Entra ID, managing admin access and permissions to align with least privilege principles.
Develop and maintain detailed network documentation, diagrams, and operational runbooks for new deployments and architectural changes.
Drive Agile delivery by managing JIRA tasks, leading SCRUM contributions, and mentoring junior team members on technical tasks and ticket ownership.
Qualifications:
Cleared for Secret work
DoD Approved 8570 Baseline Certification: IAT Level II
US Citizenship required
University Degree (BS), or equivalent years of related experience, and additionally 10+ years of related IT engineering experience required
7+ years' cumulative experience with customer interactions, including presenting, answering questions, proactively resolving issues
7+ years' cumulative experience with in-depth systems administration in Linux environments (RHCE equivalence) and Windows Server environ
-
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
Your potential is limitless. So is ours.
Learn more about CACI here. (https://careers.caci.com/global/en/life-at-caci)
Pay Range : There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here (https://careers.caci.com/global/en/employee-benefits) .
Since this position can be worked in more than one location, the range shown is the national average for the position.
The proposed salary range for this position is:
$90,300-$189,600
CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
