Req ID: RQ219731
Type of Requisition: Regular
Clearance Level Must Be Able to Obtain: Secret
Public Trust/Other Required: None
Job Family: IT Infrastructure and Operations
Skills:
Amazon Web Services (AWS) Security,Cloud Security,Platform Security,Security Architecture Design,Vulnerability Management
Experience:
6 + years of related experience
US Citizenship Required:
Yes
Job Description:
Information System Security Manager (ISSM) - Cloud Security Architect
Mission & Impact
AETC recruits, trains, and educates Airmen to deliver 21st-century airpower. AWAKEN is AETC's enterprise-managed, accredited wireless/network service spanning flight lines, classrooms, dorms, and administrative facilities across the U.S. As ISSM - Senior Cloud Security Architect, you will lead cybersecurity for AWAKEN's cloud-native, software-defined, Zero-Trust transformation , ensuring secure, reliable connectivity that advances the training mission at scale.
Position Summary
This role is ideal for a hands-on cloud security engineer first, policy-aware second . You will actively engineer and enforce security controls across cloud and hybrid environments while maintaining RMF/ATO governance, continuous monitoring, and compliance. Expect roughly 66% platform engineering (secure design/implementation, automation, remediation) and 33% governance/policy enforcement (RMF artifacts, POA&Ms, attestations, board cadence).
Core Responsibilities
Governance, RMF & Compliance
Lead RMF/ATO/ATC activities : develop and maintain SSP, control implementations, evidence, POA&Ms, and continuous monitoring strategy ; coordinate with Government ISSO, SCV, AO; sustain ATO per USAF guidance.
Enforce DISA STIG/SRG configurations across enterprise hardware/software; ensure timely patching/bug-fix deployment and flaw remediation with documented procedures.
Enable and manage ACAS/Nessus vulnerability scanning (external and internal), deliver bi-weekly/30-day reports, and drive remediation to closure.
Support incident response : immediate notification (phone/email) within six hours of discovery; 30-day follow-up reporting; maintain secure audit logs and event evidence.
Participate in PMRs and CCBs ; maintain enterprise baseline and CM Plan; provide artifacts (topologies, inventories, rack elevations, ports/protocols) and read-only visibility to Government tools/portals.
Cloud Security Architecture
Implement secure configurations in AWS, Azure, GCP (or comparable platforms).
Engineer IAM : RBAC, least-privilege, multi-account strategy, federation (IdP integration).
Configure cloud-native logging/monitoring/alerting for security visibility (e.g., provider equivalents to CloudWatch).
Apply Zero-Trust principles across cloud networking and service-to-service comms (authN/authZ, encryption, segmentation).
Develop IaC security baselines ; codify guardrails/policies; enforce drift detection.
Vulnerability Management & Compliance
Operate ACAS and vulnerability scanners; analyze findings; prioritize remediation ; validate fixes; sustain POA&Ms and compliance dashboards (NIST SP 800-53, DISA STIGs, CMMC as applicable).
Produce traceability mapping of technical controls to required frameworks; prepare audit evidence and assessor packages.
Platform Security (Linux, Windows, Virtualization)
Linux ( 70%) : hardening, auditing, patching, secure configuration, STIG application/validation.
Windows ( 30%) : server security configuration, patch management, policy baselines.
Virtualization : secure VMs and management planes (e.g., VMware), including isolation, logging, and role segmentation.
Kubernetes & Container Security
Secure clusters: RBAC , network policies, secrets management, pod security standards; image signing and vulnerability scanning; protect service meshes and encrypted service communication.
Networking & Zero Trust
Apply TCP/IP, firewalls, VLANs, VPNs, routing, micro-segmentation to enforce least-privilege access across hybrid environments; integrate CoS/QoS and performance KPIs where applicable.
Automation & DevSecOps
Bash/Python automation for remediation and control validation.
Terraform/Ansible (or equivalent) for enforcing baselines, policy-as-code, and repeatable secure deployments.
CI/CD security integration, pre-deployment testing, and lab validation prior to production changes.
Collaboration & Leadership
Serve as trusted advisor to COR and Government Technical Leads; brief diverse stakeholders in clear, mission-focused terms.
Coordinate with PM, architects, network engineers, helpdesk/T3, and cybersecurity analysts; maintain cadence with PMRs and escalation SOPs.
Customer: Air Education and Training Command (AETC), United States Air Force
Location: San Antonio area; located within 25 miles of JBSA-Randolph, TX
Clearance: Ability to obtain and maintain Secret ; USAF CAC eligibility; U.S. citizen with required background screening
Required Qualifications
U.S. citizenship ; Security clearance level: Must have Secret clearance to start and ability to obtain and maintain a Top Secret and USAF CAC ; comply with base access requirements.
Meets DoDM 8140.03 cyberspace workforce qualifications for the role (documentation upon request).
5-8+ years in cybersecurity/CloudSec; significant experience in hybrid cloud architecture , IAM, Zero-Trust, Kubernetes/container security, and Linux hardening.
Demonstrated experience enforcing DISA STIGs/SRGs , executing ACAS/Nessus scans, and delivering RMF/ATO artifacts and continuous monitoring.
Proficiency with cloud logging/monitoring, IaC, automation (Bash/Python, Terraform/Ansible), and CI/CD security integration.
Excellent communication skills; ability to brief senior Government stakeholders and translate complex risks into actionable plans.
Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (Scan results/ATO/RMF information) to Government tools/portals
Preferred Qualifications
Experience supporting Air Force or DoW enterprise environments (e.g., USAREUR-AF).
DoDM 8140.03-aligned cyber workforce qualification or willingness to obtain
Contributions to ATO/RMF packages and control documentation.
Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
Security+ (IAT II) required; CASP/CISSP/CISA preferred.
Willingness to co-locate near JBSA-Randolph, TX for key personnel collaboration, and to engage with Government stakeholders regularly.
Availability to support after-hours incident response or critical events as needed; adherence to AWAKEN governance, reporting, and board cadence.
Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.
GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
? Growth: AI-powered career tool that identifies career steps and learning opportunities
? Support: An internal mobility team focused on helping you achieve your career goals
? Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
? Flexibility: Full-flex work week to own your priorities at work and at home
? Community: Award-winning culture of innovation and a military-friendly workplace
The likely salary range for this position is $128,039 - $173,229. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.
Join our Talent Community to stay up to date on our career opportunities and events at https://gdit.com/tc.
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
