Senior Infrastructure Engineer Security Clearance

Position: Senior Infrastructure Engineer with Security Clearance
Job Description ECS is seeking a Senior Infrastructure Engineer to work in our Fairfax, VA office. ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats.

ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.

We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must! Role & Responsibilities: ECS is seeking a Senior Infrastructure Engineer (AWS / Terraform / EKS) to join the Infrastructure & Cloud Team supporting the CDM Data Service federal programs under DHS CISA.

This role focuses on designing, building, and operating secure, repeatable AWS environments within a FedRAMP and ATO-governed context. The engineer will work in an environment where all deployments are infrastructure-as-code, peer-reviewed, and fully auditable. The successful candidate will combine hands-on AWS engineering depth with a strong sense of operational discipline, automation, and compliance awareness. We are seeking dynamic, energetic, and engaging team members who love challenges!

The ideal candidate will be able to align to the following duties:
* Design, build, and maintain Infrastructure-as-Code using Terraform (modules, S3/Dynamo

DB remote state, OPA/tfsec policy integration).
* Provision, upgrade, and manage EKS clusters, including name spaces, Helm-based add-ons (cert-manager, ESO, Confluent Operator), and IAM roles for service accounts.
* Design, configure, and troubleshoot AWS VPC networking, including routing, TGWs, DNS, DHCP, endpoints, NACLs, and security groups.
* Implement and secure microservices on EKS with proper connectivity to AWS services (S3, ECR, Secrets Manager, IAM).
* Automate infrastructure deployments using Git Hub Actions (or self-hosted runners), cross-account IAM role assumptions, and CI/CD policy gates.
* Collaborate with security and applications teams to enforce least-privilege IAM, automate compliance evidence collection, and support RMF/ATO documentation.
* Diagnose and resolve complex issues spanning containers, Kubernetes networking, and AWS layers (VPC - Zscaler - C-TIPS - SaaS endpoints).
* Support observability, logging, and monitoring through integration with Elastic, Science Logic, or App Dynamics to meet SLA and audit requirements.
* Mentor and guide junior engineers through knowledge sharing, paired engineering, and process standardization.
* Evaluate and improve infrastructure design for policy compliance, resiliency, and performance tuning.
* Develop and maintain SOPs and playbooks that align with program governance. Required Skills
* Must be a US citizen with the ability to obtain Public Trust Suitability.
* Bachelor's degree or 8 years of relevant experience.
* 6+ years designing, implementing, securing, and maintaining AWS Cloud infrastructure (CAWS, Gov Cloud, or equivalent).
* 5+ years of experience with Terraform (advanced modules, state management, policy enforcement).
* 5+ years' operating Kubernetes/EKS clusters, provisioning, scaling, networking, and Helm lifecycle management.
* 5+ years of infrastructure experience related to network security
* Strong networking foundation: TCP/IP, DNS, DHCP, TLS, routing, subnetting, NACLs, and endpoint connectivity.
* Proficient scripting/automation using Python or Bash, YAML/JSON templating, and Git-based workflows.
* Experience in security compliance environments (FedRAMP, FISMA, NIST 800-53) and supporting ATO documentation.
* Demonstrated ability to collaborate cross-functionally with Security, Dev Sec Ops , and CI/CD teams to maintain compliant, auditable infrastructure.
* Strong communication skills with the ability to interface effectively with stakeholders from engineers to senior management. Desired Skills
* Prior DHS CISA mission experience or experience in federal secure cloud operations.
* Experience designing and documenting security controls for System Security Plans (SSPs) and FISMA accreditation.
* Experience…