Cloud Infrastructure and Security Engineer

* Design, deploy, and manage secure cloud environments (Air Force SharePoint, Cloud One, AWS)  while ensuring compliance with security frameworks (NIST, ISO 27001, FedRAMP).
* Administer systems connected to NIPR network and ensure secure standards are enforced
* Implement and monitor security controls, including intrusion detection/prevention systems* (IDS/IPS), Security Information and Event Management (SIEM), and endpoint protection solutions.
* Perform vulnerability assessments and penetration testing to identify and mitigate security risks.
* Manage networking infrastructure, including firewalls, VPNs, and load balancers, ensuring secure  connectivity between cloud and on-prem environments.
* Conduct regular security audits, risk assessments, and disaster recovery planning for IT systems.
* Develop and maintain security incident response plans, ensuring rapid detection and mitigation of  cyber threats.
* Stay up to date with emerging cloud security threats, vulnerabilities, and best practices.
* Provide technical guidance and training on cloud security best practices to internal teams.
* Monitors usage of system.
* Ensures Scheduled Backup Procedures, Non-Scheduled Backup Procedures, and Types of Backup
* Media (Initialization Procedures, Label Documentation, Storage Locations (onsite/offsite), testing  backups) are in place and functional.
* Conduct information security vulnerability scanning using the DoD’s Assured Compliance Assessment Solution (ACAS) (Tenable Security Center and Nessus Software)
* Produce information security vulnerability scanning reports and develop Plans of Action and Milestones (POA&Ms) to resolve information security vulnerabilities
* Install, test, configure, maintain and upgrade the computing and networking environment (CE/NE) operating systems, applications, software, hardware and network infrastructure components to comply with cybersecurity requirements (Security Technical Implementation Guides (STIG), Security Requirements Guides (SRG) and NIST best practices)
* Implement and continuously monitor established technical security controls for CE/NE in accordance with information security plans, procedures and work methods
* Develop compensating controls for information security deficiencies
* Assist with developing or updating of Information Security related plans, procedures, work methods and documentation (such as network topology, hardware/software lists)
* Other duties as assigned
- Configure and maintain Identity and Access Management (IAM), Multi-Factor Authentication (MFA),  and Role-Based Access Control (RBAC) policies for cloud and on-prem systems.
* Bachelor’s Degree in Management Information Systems, Computer Science, Information Technology or related field and 5+ years of experience in Information Technology or a combination of education and related experience.
* Information Assurance Technician (IAT) Level III certified or capable of obtaining the certification within six (6) months of the completion of the probationary period.
* Cloud Expertise:

Experience with AWS, Azure, or Google Cloud security and infrastructure management.
* Networking & Security:
In-depth knowledge of firewalls, VPNs, IDS/IPS, SIEM, and endpoint security solutions.
* Compliance & Frameworks:
Understanding of NIST, CIS, ISO 27001, FedRAMP, and other regulatory security frameworks.
* Incident Response & Monitoring:
Familiarity with tools like Splunk, Sentinel, or Crowd Strike for threat detection and mitigation.
* Operating Systems:
Proficiency in Linux and Windows server administration.
* Strong Analytical

Skills:

Ability to assess risks, troubleshoot security issues, and implement effective solutions.
* Experience in a host and client/server, telecommunications and network migration and development, desktop computing, information system integration, hardware/software evaluation, information engineering and process reengineering methodologies are required.
* Proven telecommunications and network analysis, design, implementation, tuning, and maintenance required.
* Thorough understanding of large scale storage technology (SAN, NAS, Fiber channel, Tiered storage, zoning, LUNs, security, replication,…