×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer AWS

Senior Cloud Infrastructure Consultant; TS​/SCI

Job in Chantilly, Fairfax County, Virginia, 22021, USA
Listing for: CG Infinity
Full Time position
Listed on 2026-05-15
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, AWS
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Position: Senior Cloud Infrastructure Consultant (Active TS/SCI)

SENIOR CLOUD INFRASTRUCTURE CONSULTANT

Location:

100% on site in Chantilly, VA

Please note this position requires an Active TS/SCI clearance verifiable in DISS. The Senior Cloud Infrastructure Consultant will work in a Secured Compartmentalized Information Facility (SCIF).

POSITION SUMMARY

CG Infinity is expanding our AWS Professional Services delivery team to support a high-priority national-security program. As a Senior Cloud Infrastructure Consultant, you will design and stand up secure, multi-account AWS Landing Zones in air-gapped and classified regions that serve as the foundational platform for downstream mission applications. You will partner directly with AWS Professional Services architects and government technical leads, owning architecture decisions across networking, identity, security, and automation.

This is a hands‑on engineering role: you will write Terraform, configure VPCs and Transit Gateways, harden IAM, and deploy logging and audit pipelines that satisfy DoD/IC accreditation requirements. The work directly enables Authority to Operate (ATO) and accelerates the customer's adoption of cloud‑native capabilities.

KEY RESPONSIBILITIES
  • Design and deploy AWS Landing Zones in air‑gapped, classified regions, including AWS Control Tower equivalents and account‑vending automation.
  • Architect multi‑account AWS organizations with appropriate Organizational Unit (OU) structure, Service Control Policies (SCPs), and tag governance.
  • Build and maintain Infrastructure‑as‑Code modules in Terraform (and AWS Cloud Formation where required) for repeatable, auditable deployments.
  • Configure VPCs, subnets, route tables, Transit Gateways, VPC endpoints, DNS (Route 53 / hybrid resolvers), and private connectivity to on‑premises enclaves.
  • Implement IAM policies, permission boundaries, role federation, and break‑glass procedures aligned to least‑privilege principles.
  • Stand up centralized logging, audit, and monitoring (Cloud Trail, Config, Guard Duty, Security Hub, Cloud Watch) and integrate with the customer's SIEM.
  • Integrate the cloud platform with enterprise identity (e.g., Identity, Credential, and Access Management (ICAM);
    Personal Identity Verification (PIV);
    Common Access Card (CAC)) and compliance tooling.
  • Collaborate with AWS Professional Services, mission application teams, and the customer's Risk Management Framework (RMF) / Authority to Operate (ATO) authorizing officials.
  • Produce architecture diagrams, runbooks, and design decision records suitable for ATO body‑of‑evidence packages.
REQUIRED QUALIFICATIONS
  • U.S. Citizenship and active Top Secret / SCI clearance.
  • Five (5) or more years of hands‑on AWS engineering experience, including building environments from inception (greenfield).
  • Demonstrated experience designing multi‑account AWS architectures and AWS Landing Zone patterns.
  • Advanced AWS networking knowledge: VPC design, Transit Gateway, Private Link, hybrid DNS, and on‑premises connectivity patterns.
  • Proficiency with Infrastructure‑as‑Code, specifically Terraform and/or AWS Cloud Formation, including module design and state management.
  • Experience implementing AWS security controls, IAM at scale, KMS, audit logging, and resource‑based policies.
  • Familiarity working in classified or highly regulated environments and producing artifacts suitable for compliance review.
  • Bachelor's degree in Computer Science, Engineering, or a related discipline - or equivalent professional experience.
  • Clear written and verbal communication skills for technical documentation, stakeholder coordination, and customer‑facing delivery.
PREFERRED QUALIFICATIONS
  • Prior delivery experience in AWS Gov Cloud (US), AWS Secret Region / AWS Secret‑West, or AWS Top Secret‑East/West.
  • Working knowledge of DISA STIGs, NIST SP 800‑53 / 800‑171, and the DoD Cloud Computing Security Requirements Guide (SRG).
  • Direct experience supporting Risk Management Framework (RMF) / Authority to Operate (ATO) packages (SSP, control implementation, POA&M).
  • Experience with CI/CD for infrastructure (Git Lab CI, Jenkins, AWS Code Pipeline).
  • Scripting in Python or Power Shell for automation and integration tasks.
PREFERRED CERTIFICATIONS
  • AWS Certified Solutions Architect - Professional
  • AWS Certified Advanced Networking - Specialty
  • AWS Certified Security - Specialty
  • Hashi Corp Certified:
    Terraform Associate
  • Hashi Corp Certified:
    Terraform Authoring & Operations Professional
WORK ENVIRONMENT &

PHYSICAL REQUIREMENTS

Onsite work within a Sensitive Compartmented Information Facility (SCIF). Mobile devices are not permitted in the work area.

#J-18808-Ljbffr
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search