Senior Cloud Technical Manager

Senior Cloud Technical Manager

The Senior Cloud Technical Manager leads cloud-focused security operations for the National Science Foundation (NSF). You own technical execution across cloud security monitoring, incident response, vulnerability management, and secure cloud operations. You drive maturity in detection engineering, automation, governance, and compliance. You lead a team that protects NSF cloud environments and enables mission delivery through secure, reliable, and scalable operations.

• Lead cloud security operations for NSF AWS environments. Direct triage, investigation, containment, and recovery.
• Own Splunk ES content and operations. Manage data onboarding, CIM alignment, correlation searches, notable event tuning, risk-based alerting (RBA), dashboards, and reporting.
• Own Prisma Cloud CSPM outcomes. Set posture baselines, manage policy standards and exceptions, drive remediation workflows, and track risk reduction.
• Engineer and mature AWS logging and detection coverage. Integrate and operationalize Cloud Trail, VPC Flow Logs, Route 53 Resolver logs, ALB/ELB logs, AWS Config, Cloud Watch, Guard Duty, and Security Hub into Splunk ES and Prisma Cloud.
• Lead detection engineering mapped to MITRE ATT&CK. Improve fidelity, reduce false positives, and drive use‑case lifecycle management.
• Define and run AWS incident response playbooks and escalation paths. Ensure evidence capture, timeline reconstruction, and post‑incident corrective actions.
• Drive continuous monitoring and compliance alignment to federal requirements (e.g., FISMA and NIST 800‑53). Support audits with repeatable evidence packages.
• Partner with cloud platform, network, and application teams to implement guardrails: IAM least privilege, MFA, encryption with KMS, segmentation, centralized logging, and secure configurations.
• Prioritize and track remediation for misconfigurations and security findings from Prisma Cloud, AWS services, and Splunk ES investigations.
• Automate key workflows where possible (enrichment, ticketing, evidence capture, and containment actions) using scripting and integration patterns.
• Establish operational metrics and cadence. Report on MTTD, MTTR, detection coverage, backlog, and posture trends.
• Manage team performance, technical quality, and delivery commitments. Mentor analysts and engineers.

• 7+ years of experience in cybersecurity, cloud security, or security operations, including 3+ years leading technical teams.
• Hands‑on experience securing and operating production cloud environments (AWS and/or Azure; GCP acceptable).
• Strong experience with SIEM operations, log onboarding, correlation rules, alert tuning, and investigative workflows.
• Experience with incident response in cloud environments, including evidence handling and root‑cause analysis.
• Working knowledge of cloud IAM, networking, encryption, key management, and secure service configurations.
• Experience with vulnerability management tools and remediation coordination across engineering teams.
• Ability to write clear operational documentation and deliver crisp, executive‑ready status reporting.
• Security‑first technical leadership and decisive incident command.
• Strong prioritization and risk‑based decision‑making.
• Ability to drive cross‑team execution without friction.
• Clear communication with technical teams and senior stakeholders.
• Continuous improvement mindset focused on measurable outcomes.
• Location:
  
  [On‑site/Hybrid/Remote] as allowed by NSF contract requirements.
• On‑call:
  Participation in after‑hours escalation as needed.
• Clearance/Public Trust: [Specify requirement if applicable].

#LI‑SM2 #AppC