Senior Infrastructure Engineer

Join to apply for the Senior Infrastructure Engineer role at ECS
.

ECS is seeking a Senior Infrastructure Engineer to work in our Fairfax, VA office.

ECS is hiring professionals to build the next‑generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program, funded by the Cybersecurity and Infrastructure Security Agency (CISA), strengthens the cybersecurity of federal networks by providing better awareness and visibility into security posture and cyber threats.

We are responsible for designing, building, deploying, operating, and maintaining a complete ‘Data Services’ solution that collects, normalizes, visualizes, and shares cyber data from more than 100 federal agencies. This solution integrates commercial off‑the‑shelf (COTS) products, software configuration packages, and custom code tailored to Department of Homeland Security (DHS) requirements.

The program operates within the Scaled Agile Framework (SAFe) and requires a passion for continuous learning, improvement, and cybersecurity.

The Senior Infrastructure Engineer (AWS / Terraform / EKS) will join the Infrastructure & Cloud Team supporting the CDM Data Service federal programs under DHS CISA.

Responsibilities include:

• Design, build, and maintain Infrastructure-as-Code using Terraform (modules, S3/Dynamo
  
  DB remote state, OPA/tfsec policy integration).
• Provision, upgrade, and manage EKS clusters, including name spaces, Helm‑based add‑ons (cert‑manager, ESO, Confluent Operator), and IAM roles for service accounts.
• Design, configure, and troubleshoot AWS VPC networking, including routing, TGWs, DNS, DHCP, endpoints, NACLs, and security groups.
• Implement and secure microservices on EKS with proper connectivity to AWS services (S3, ECR, Secrets Manager, IAM).
• Automate infrastructure deployments using Git Hub Actions (or self‑hosted runners), cross‑account IAM role assumptions, and CI/CD policy gates.
• Collaborate with security and applications teams to enforce least‑privilege IAM, automate compliance evidence collection, and support RMF/ATO documentation.
• Diagnose and resolve complex issues spanning containers, Kubernetes networking, and AWS layers (VPC – Zscaler – C‑TIPS – SaaS endpoints).
• Support observability, logging, and monitoring through integration with Elastic, Science Logic, or App Dynamics to meet SLA and audit requirements.
• Mentor and guide junior engineers through knowledge sharing, paired engineering, and process standardization.
• Evaluate and improve infrastructure design for policy compliance, resiliency, and performance tuning.
• Develop and maintain SOPs and playbooks that align with program governance.

• Must be a US citizen with the ability to obtain Public Trust Suitability.
• Bachelor’s degree or 8 years of relevant experience.
• 6+ years designing, implementing, securing, and maintaining AWS Cloud infrastructure (CAWS, Gov Cloud, or equivalent).
• 5+ years of experience with Terraform (advanced modules, state management, policy enforcement).
• 5+ years operating Kubernetes/EKS clusters, provisioning, scaling, networking, and Helm lifecycle management.
• 5+ years infrastructure experience related to network security.
• Strong networking foundation: TCP/IP, DNS, DHCP, TLS, routing, subnetting, NACLs, and endpoint connectivity.
• Proficient scripting/automation using Python or Bash, YAML/JSON templating, and Git‑based workflows.
• Experience in security compliance environments (FedRAMP, FISMA, NIST 800‑53) and supporting ATO documentation.
• Demonstrated ability to collaborate cross‑functionally with Security, Dev Sec Ops , and CI/CD teams to maintain compliant, auditable infrastructure.
• Strong communication skills with the ability to interface effectively with stakeholders from engineers to senior management.

• Prior DHS CISA mission experience or experience in federal secure cloud operations.
• Experience designing and documenting security controls for System Security Plans (SSPs) and FISMA accreditation.
• Experience operating in multi‑account AWS environments with strong IAM, SCP, and segmentation practices.
• Familiarity with observability tooling (Elastic, Science Logic, App Dynamics) and integrating metrics/log pipelines with EKS.
• Understanding Zero Trust architecture and Cloud‑Native ATO automation practices.
• Experience in TLS and certificate management (ACM, ACM‑PCA).
• AWS Associate or Professional‑level certification(s) (e.g., Solutions Architect, Dev Ops Engineer).

ECS is an equal‑opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other protected status as required by applicable federal, state, or local law.