Senior Cloud Engineer I

Summary

Join MetroStar as a Sr. Cloud Engineer I and integrate robust security practices into cloud-based, mobile, and on-premises systems. You will design, implement, and manage security controls across various environments, ensuring compliance with Department of State objectives. This role involves leading security testing integration into CI/CD pipelines, managing Kubernetes and Docker container security, and implementing IaC using Terraform and AWS CloudFormation. You will also develop and enforce security policies, work with the ISSO and System Owner during audits, and conduct risk evaluations. A Top-Secret clearance or higher is required, along with 5+ years of experience in cloud security and expertise in various security tools and technologies. MetroStar offers a generous benefits package, professional growth opportunities, and a commitment to diversity and inclusion.

Requirements

• Active Top-Secret clearance or higher required
• 5+ years of experience in cloud security, with a strong focus on AWS and/or Google Cloud environments, security automation, and compliance
• Strong hands-on experience with AWS security tools, including GuardDuty, Security Hub, IAM, and KMS
• Extensive knowledge of CI/CD pipeline integration (GitLab), with security testing tools for continuous delivery
• Proficiency in container orchestration and security with Docker and Kubernetes
• Expertise in Infrastructure as Code using Terraform and CloudFormation, with a focus on security automation
• Proven track record in implementing security policies, IAM configurations, and environment isolation in AWS GovCloud and/or GCP equivalent
• Advanced understanding of U.S. government compliance frameworks, including FedRAMP, NIST 800-53, and ITAR
• AWS Certified Security – Specialty, AWS Certified Solutions Architect, or equivalent (or GCP equivalent)

Responsibilities

• Implement security defense, protection, detection, and response capabilities across cloud and hybrid environments, including AWS and mobile systems
• Lead the integration of static and dynamic security testing into CI/CD pipelines (GitLab) to enable faster iteration and secure deployments. Ensure that security vulnerabilities are detected and resolved early in the development lifecycle
• Manage Kubernetes and Docker container security, ensuring scalable and secure operations across multiple environments. Implement container isolation strategies to minimize risks and improve security across CI/CD stages
• Lead the shift to IaC using Terraform and AWS CloudFormation, with automated scanning and remediation of security vulnerabilities in cloud resource configurations prior to deployment
• Implement secure secrets management protocols to protect sensitive data across different environments and services. Ensure that the organization adheres to the highest standards of security for data protection
• Develop and enforce AWS and/or GCP Service Control Policies (SCPs) to govern security risks across different operational environments (Development, Testing, Staging, Production) and ensure compliance with organizational and federal regulatory requirements
• Work closely with the ISSO and System Owner to represent security interests during audits and assessments, securing multiple Authorizations to Operate (ATO) and maintaining compliance with FedRAMP, ITAR, and NIST standards
• Conduct comprehensive risk evaluations in collaboration with CISA, assessing cloud environments across numerous AWS accounts. Identify vulnerabilities and enforce risk-based policies to align cloud infrastructure with compliance standards

Benefits

• Generous benefits package
• Professional growth
• Valuable time to recharge