Cloud Security Lead SME Security Clearance

Position: Cloud Security Lead SME with Security Clearance
Job Description Everforth ECS is seeking a Product Manager SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax .

Please Note:

This position is contingent upon contract award. The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational war fighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

• The Cloud Security Lead SME is a senior subject matter expert responsible for the enterprise cloud security posture of the WDP across NIPRNet, SIPRNet, and JWICS environments, serving as the authoritative voice on Zero Trust compliance, Risk Management Framework execution, and cloud security architecture across all WDP-supported Cloud Service Provider environments. This role works in close coordination with cybersecurity leadership, platform engineers, and Authorizing Officials to sustain and continuously improve the authorization posture of mission-critical cloud infrastructure supporting the DoW's AI-First mission.

• Provides enterprise cloud security oversight supporting Department of War mission systems operating within AWS Gov Cloud, Azure Government, and approved DoW cloud environments.

• Monitors cloud-native security posture using Cloud Security Posture Management platforms integrated with native provider tooling to identify misconfigurations, policy drift, and compliance gaps.

• Configures and enforces cloud security controls aligned to the DoW Cloud Computing Security Requirements Guide, Zero Trust Architecture, and Risk Management Framework objectives.

• Reviews Infrastructure-as-Code artifacts to validate secure baseline configurations prior to deployment, integrating security checks into Dev Sec Ops  pipelines and automated compliance workflows.

• Analyzes cloud audit logs, configuration events, and security alerts to support continuous monitoring, threat detection, and incident response coordination.

• Collaborates with cloud engineers, platform teams, and cybersecurity leadership to remediate findings impacting authorization posture and mission availability.

• Maintains traceable evidence supporting security assessments, authorization packages, and ongoing compliance reporting through eMASS, SharePoint, and centralized dashboards.

• Produces cloud security posture reports, risk summaries, and remediation plans for Authorizing Officials and senior cybersecurity leadership.

• Supports cloud migration initiatives by embedding security requirements into design reviews, architecture decisions, and operational handoff processes.

• Delivers measurable improvements in cloud compliance posture, configuration consistency, risk visibility, and operational resilience while reinforcing program values of security-by-design, accountability, mission assurance, and disciplined cloud operations.

• Performs other duties as assigned. Required Skills
• Current Secret security clearance.

• 12 or more years of progressively responsible experience in cybersecurity, cloud security, or a closely related field, with demonstrated expert-level proficiency securing mission-critical cloud environments in support of DoW or federal government programs.

• DoW 8140/8570 IAM Level I baseline certification, satisfied by one of the following active credentials:
CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.

• Demonstrated experience implementing and assessing Zero Trust security capabilities in alignment with the DoW Zero Trust Reference Architecture and NIST SP 800-207, including Attribute-Based Access Control, Privileged Access Management, Identity and Access Management federation, and continuous monitoring across multi-enclave cloud environments.

• Hands-on experience executing Risk Management Framework activities, including preparation and management of cybersecurity Body-of-Evidence artifacts, eMASS administration, and support…