DOJ Cloud Architect

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Cloud Architect to join our program supporting the Department of Justice (DOJ). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Active Public Trust clearance
M.S. degree in Computer Science Information Technology or a related field.
10 years of experience in cloud and cloud security solutions in federal government systems. Prior Department of Justice (DOJ) and/or Bureau of Prisons (BOP) experience and domain knowledge preferred.
Networking Expertise: Strong knowledge of networking with a focus on AWS native firewall AWS Direct Connect AWS Outposts network configuration reverse proxy configurations and related automation. This expertise will be valuable in assessing FedRAMP-specific responses against various controls.
Continuous Monitoring (ConMon): Proven ability to design and implement continuous monitoring solutions for cloud systems and applications.
AI-Enabled Compliance Automation: Capability to design AI-powered tools that can scan all cloud accounts and VPCs collect FedRAMP-specific responses store them in a centralized repository for ConMon and analyze them to identify unmet requirements.
Security Event Analysis: Strong experience in accessing reviewing and interpreting reports and alerts generated by SIEM tools such as Splunk.
AWS Security Services: Proficient in reviewing and analyzing reports from AWS GuardDuty Security Hub and Amazon Inspector including interpreting compliance and non-compliance metrics such as pie charts.
Data Encryption: In-depth understanding of end-to-end data encryption in transit and at rest including SSL/TLS implementation.
Vulnerability Identification: Ability to identify potential vulnerabilities particularly those related to data or configuration tampering.

Duties:

Serve as the cloud architecture subject matter expert supporting DOJ and BOP Rapid ATO activities.
Design evaluate and validate secure cloud architectures supporting SaaS PaaS and IaaS environments.
Ensure cloud architecture aligns with DOJ cybersecurity policies NIST standards FedRAMP requirements and RMF processes.
Provide technical guidance on cloud networking segmentation encryption and access control strategies.
Support integration of cloud environments into enterprise architectures and authorization boundaries.
Support system preparation activities by defining cloud system architectures hosting environments and shared responsibility models.
Identify and document cloud assets services and dependencies within authorization boundaries.
Assist in identifying information types processed stored or transmitted within cloud environments including PII.
Support system security categorization by providing architectural input for confidentiality integrity and availability determinations.
Assist with continuous cloud asset discovery using automated scanning tools to maintain accurate system boundaries.
Support selection of cloud-specific security and privacy controls using DOJ Cybersecurity Standard 0904 and NIST SP 800-53.
Map cloud services components and architectures to applicable NIST and FedRAMP control requirements.
Support control tailoring decisions based on cloud service models deployment patterns and risk tolerance.
Assist in defining control inheritance models from cloud service providers (CSPs) and shared responsibility matrices.
Provide architectural input to the System Security and Privacy Plan (SSPP) and Requirements Traceability Matrix (RTM).
Provide architectural guidance for implementation of security controls within cloud environments.
Ensure secure design and implementation of:
- Network segmentation and firewalls (e.g. AWS native firewall services)
- Connectivity solutions (AWS Direct Connect AWS Outposts)
- Reverse proxies and ingress/egress controls
Support implementation of encryption in transit and at rest including SSL/TLS and key management services.
Assist with integration of DevSecOps pipelines and infrastructure-as-code to enforce and verify cloud security controls.
Validate alignment between documented controls and as-implemented cloud configurations.
Support security and privacy control assessments by providing architectural explanations and technical evidence.
Assist in collection and analysis of cloud security evidence using:
- SIEM tools (e.g. Splunk)
- AWS GuardDuty Security Hub and Amazon Inspector
Interpret compliance dashboards alerts and metrics to identify security gaps or misconfigurations.
Support remediation planning for cloud-related findings and POA&M development.
Support development of authorization packages by providing cloud architecture documentation and risk inputs.
Assist in evaluating cloud-specific risks and residual risk impacts.
Support AO briefings by explaining cloud architectures inherited controls and shared responsibility considerations.
Provide technical input for risk response strategies related to cloud services and deployments.
Design and support continuous monitoring architecture for cloud systems.
Implement and maintain automated monitoring solutions to:
- Scan cloud accounts and VPCs
- Collect FedRAMP-specific control evidence
- Store artifacts in centralized repositories
Support AI-enabled compliance automation to identify unmet FedRAMP and RMF requirements.
Assist with ongoing assessments and security posture reporting for cloud systems.
Support assessment of cloud service providers to ensure valid FedRAMP authorization (JAB or Agency-authorized).
Review and validate FedRAMP security packages for SaaS PaaS and IaaS offerings.
Assist in documenting control inheritance and CSP responsibilities.
Support DOJ CIO approval processes for Agency-sponsored FedRAMP authorizations when required.
Ensure all cloud architecture documentation complies with DOJ NIST FedRAMP and FISMA requirements.
Maintain accurate cloud architecture artifacts within JCAM.
Collaborate with Lead and Senior ATO SMEs Cloud Security Engineers and system owners.
Support audits inspections and government reviews by providing technical cloud architecture expertise

Required Experience:

Senior IC

cFocus Software seeks a Cloud Architect to join our program supporting the Department of Justice (DOJ). This position is remote. This position requires a Public Trust clearance.Qualifications:Active Public Trust clearanceM.S. degree in Computer Science Information Technology or a related field.10 ye...

cFocus Software seeks a Cloud Architect to join our program supporting the Department of Justice (DOJ). This position is remote. This position requires a Public Trust clearance.
Qualifications:

Active Public Trust clearance
M.S. degree in Computer Science Information Technology or a related field.
10 years of experience in cloud and cloud security solutions in federal government systems. Prior Department of Justice (DOJ) and/or Bureau of Prisons (BOP) experience and domain knowledge preferred.
Networking Expertise: Strong knowledge of networking with a focus on AWS native firewall AWS Direct Connect AWS Outposts network configuration reverse proxy configurations and related automation. This expertise will be valuable in assessing FedRAMP-specific responses against various controls.
Continuous Monitoring (ConMon): Proven ability to design and implement continuous monitoring solutions for cloud systems and applications.
AI-Enabled Compliance Automation: Capability to design AI-powered tools that can scan all cloud accounts and VPCs collect FedRAMP-specific responses store them in a centralized repository for ConMon and analyze them to identify unmet requirements.
Security Event Analysis: Strong experience in accessing reviewing and interpreting reports and alerts generated by SIEM tools such as Splunk.
AWS Security Services: Proficient in reviewing and analyzing reports from AWS GuardDuty Security Hub and Amazon Inspector including interpreting compliance and non-compliance metrics such as pie charts.
Data Encryption: In-depth understanding of end-to-end data encryption in transit and at rest including SSL/TLS implementation.
Vulnerability Identification: Ability to identify potential vulnerabilities particularly those related to data or configuration tampering.

Duties:

Serve as the cloud architecture subject matter expert supporting DOJ and BOP Rapid ATO activities.
Design evaluate and validate secure cloud architectures supporting SaaS PaaS and IaaS environments.
Ensure cloud architecture aligns with DOJ cybersecurity policies NIST standards FedRAMP requirements and RMF processes.
Provide technical guidance on cloud networking segmentation encryption and access control strategies.
Support integration of cloud environments into enterprise architectures and authorization boundaries.
Support system preparation activities by defining cloud system architectures hosting environments and shared responsibility models.
Identify and document cloud assets services and dependencies within authorization boundaries.
Assist in identifying information types processed stored or transmitted within cloud environments including PII.
Support system security categorization by providing architectural input for confidentiality integrity and availability determinations.
Assist with continuous cloud asset discovery using automated scanning tools to maintain accurate system boundaries.
Support selection of cloud-specific security and privacy controls using DOJ Cybersecurity Standard 0904 and NIST SP 800-53.
Map cloud services components and architectures to applicable NIST and FedRAMP control requirements.
Support control tailoring decisions based on cloud service models deployment patterns and risk tolerance.
Assist in defining control inheritance models from cloud service providers (CSPs) and shared responsibility matrices.
Provide architectural input to the System Security and Privacy Plan (SSPP) and Requirements Traceability Matrix (RTM).
Provide architectural guidance for implementation of security controls within cloud environments.
Ensure secure design and implementation of:
- Network segmentation and firewalls (e.g. AWS native firewall services)
- Connectivity solutions (AWS Direct Connect AWS Outposts)
- Reverse proxies and ingress/egress controls
Support implementation of encryption in transit and at rest including SSL/TLS and key management services.
Assist with integration of DevSecOps pipelines and infrastructure-as-code to enforce and verify cloud security controls.
Validate alignment between documented controls and as-implemented cloud configurations.
Support security and privacy control assessments by providing architectural explanations and technical evidence.
Assist in collection and analysis of cloud security evidence using:
- SIEM tools (e.g. Splunk)
- AWS GuardDuty Security Hub and Amazon Inspector
Interpret compliance dashboards alerts and metrics to identify security gaps or misconfigurations.
Support remediation planning for cloud-related findings and POA&M development.
Support development of authorization packages by providing cloud architecture documentation and risk inputs.
Assist in evaluating cloud-specific risks and residual risk impacts.
Support AO briefings by explaining cloud architectures inherited controls and shared responsibility considerations.
Provide technical input for risk response strategies related to cloud services and deployments.
Design and support continuous monitoring architecture for cloud systems.
Implement and maintain automated monitoring solutions to:
- Scan cloud accounts and VPCs
- Collect FedRAMP-specific control evidence
- Store artifacts in centralized repositories
Support AI-enabled compliance automation to identify unmet FedRAMP and RMF requirements.
Assist with ongoing assessments and security posture reporting for cloud systems.
Support assessment of cloud service providers to ensure valid FedRAMP authorization (JAB or Agency-authorized).
Review and validate FedRAMP security packages for SaaS PaaS and IaaS offerings.
Assist in documenting control inheritance and CSP responsibilities.
Support DOJ CIO approval processes for Agency-sponsored FedRAMP authorizations when required.
Ensure all cloud architecture documentation complies with DOJ NIST FedRAMP and FISMA requirements.
Maintain accurate cloud architecture artifacts within JCAM.
Collaborate with Lead and Senior ATO SMEs Cloud Security Engineers and system owners.
Support audits inspections and government reviews by providing technical cloud architecture expertise