Cloud Infrastructure Engineer – AWS (Active TSSCI Clearance)

Cloud Infrastructure Engineer AWS (Classified Environments / Landing Zone)

Location: Chantilly VA
Work Type: Onsite / Hybrid
Citizenship: U.S. Citizenship required
Clearance: Active Top Secret/SCI clearance required

About SBS
Strategic Business Systems Inc. (SBS) delivers AWS-aligned mission-critical cloud cybersecurity software engineering and data modernization solutions to the U.S. Department of Defense the Intelligence Community and federal civilian agencies.

We hire engineers architects and consultants who want to do hands-on work on high-impact national-security programs while collaborating directly with AWS Professional Services. Our culture is technical lean and clearance-friendly: we invest in certificationsretaintalent through long-duration prime engagements and provide a comprehensive benefits package.

POSITION SUMMARY

SBS is expanding its AWS Professional Services delivery team to support a high-prioritynational-securityprogram. As a Senior Cloud Infrastructure Engineer you will design and stand up secure multi-account AWS Landing Zones in air-gapped and classified regions that serve as the foundational platform for downstream mission applications. You will partner directly with AWS Professional Services architects and government technical leads owning architecture decisions across networking identity security and automation.

This is a hands-on engineering role: you will write Terraform configure VPCs and Transit Gateways harden IAM and deploy logging and audit pipelines that satisfy DoD/IC accreditation requirements. The work directly enables Authority to Operate (ATO) and accelerates the customers adoption of cloud-native capabilities.

KEY RESPONSIBILITIES

• Design and deploy AWS Landing Zones in air-gapped classified regions including AWS Control Tower equivalents and account-vending automation.

• Architect multi-account AWS organizations withappropriate OrganizationalUnit (OU) structure Service Control Policies (SCPs) and tag governance.

• Build andmaintainInfrastructure-as-Code modules in Terraform (and AWS CloudFormation whererequired) for repeatable auditable deployments.

• Configure VPCs subnets route tables Transit Gateways VPC endpoints DNS (Route 53 / hybrid resolvers) and private connectivity to on-premises enclaves.

• Implement IAM policies permission boundaries role federation and break-glass procedures aligned to least-privilege principles.

• Stand up centralized logging audit and monitoring (CloudTrail ConfigGuardDuty Security Hub CloudWatch) and integrate with the customers SIEM.

• Integrate the cloud platform with enterprise identity (e.g. Identity Credential and Access Management (ICAM); Personal Identity Verification (PIV); Common Access Card (CAC)) and compliance tooling.

• Collaborate with AWS Professional Services mission application teams and the customers Risk Management Framework (RMF) / Authority to Operate (ATO) authorizing officials.

• Produce architecture diagrams runbooks and design decision records suitable for ATO body-of-evidence packages.

REQUIRED QUALIFICATIONS

• U.S. Citizenship and active Top Secret / SCI clearance.

• Five (5) or more years of hands-on AWS engineering experience including building environments frominception(greenfield).

• Demonstrated experience designing multi-account AWS architectures and AWS Landing Zone patterns.

• Advanced AWS networking knowledge: VPC design Transit GatewayPrivateLink hybrid DNS and on-premises connectivity patterns.

• Proficiencywith Infrastructure-as-Code specifically Terraform and/or AWS CloudFormation including module design and state management.

• Experience implementing AWS security controls IAM at scale KMS audit logging and resource-based policies.

• Familiarity working in classified or highly regulated environments and producing artifacts suitable for compliance review.

• Bachelors degree in Computer Science Engineering or a related discipline or equivalent professional experience.

• Clear written and verbal communication skills for technical documentation stakeholder coordination and customer-facing delivery.

PREFERRED QUALIFICATIONS

• Prior delivery experience in AWS GovCloud (US) AWS Secret Region / AWS Secret-West or AWS Top Secret-East/West.

• Working knowledge of DISA STIGs NIST SP 800-53 / 800-171 and the DoD Cloud Computing Security Requirements Guide (SRG).

• Direct experience supporting Risk Management Framework (RMF) / Authority to Operate (ATO) packages (SSP control implementation POA&M).

• Experience with CI/CD for infrastructure (GitLab CI Jenkins AWSCodePipeline).

• Scripting in Python or PowerShell for automation and integration tasks.

CERTIFICATIONS

Required:

• None mandatory.

Preferred:

• AWS Certified Solutions Architect Professional

• AWS Certified Advanced Networking Specialty

• AWS Certified Security Specialty

• HashiCorpCertified: Terraform Associate

• HashiCorpCertified: Terraform Authoring & Operations Professional

WORK ENVIRONMENT & PHYSICAL REQUIREMENTS

Onsite work within a Sensitive Compartmented Information Facility (SCIF). Sustained focusataworkstation;standard officeenvironment;no special lifting requirements. Mobile devices are notpermittedin the work area.

COMPENSATION & BENEFITS

SBS offers competitive compensation and a comprehensive total-rewards package including:

• Comprehensive medical dental and vision coverage; HSA-eligible plan options available

• 401(k) retirement plan with company match (vesting schedule per Plan Document)

• Paid Time Off federal holidays and floating holiday for personal observance

• Annual professional development support for AWS certifications training and conferences

• Employee referral program where applicable and documented by program policy

• Life AD&D and short- / long-term disability insurance

• Telework and flexible-schedule support where mission and contract permit

• Mission-focused federal contractor supporting national-security customers

EEODisclaimer
SBS is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to age gender gender identification sex sexual orientation color race creed national origin religion marital status parental status citizenship status ancestry physical or mental disability genetic information veteran status military status or any other classification protected by federal state or local laws.

Accommodations
If you need an accommodation seeking employment with SBS please email. Accommodations are made on a case-by-case basis.

Apply

Send resumes to