Sr. Cybersecurity Automation Architect

The candidate will serve as the lead technical authority for a federal cybersecurity modernization program, responsible for designing and implementing modernized, automated, and standards-based cybersecurity support services across cloud and legacy environments. They will architect and deliver a multi-cloud General Support System (GSS) spanning AWS Gov Cloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration, ensuring secure, scalable, and continuously monitored IT operations in support of the agency's global mission.

The ideal candidate will champion the transition from manual, document-driven compliance to engineering-driven Governance, Risk, and Compliance (GRC). They will translate security requirements into machine-readable code, build automation frameworks that streamline cybersecurity and IT operations, and operationalize Policy-as-Code (PaC) pipelines that enforce DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIG controls in a continuous, version-controlled manner.

They will guide stakeholders and engineering teams in adopting continuous monitoring, automated control evidence, integrated risk scoring, and scalable control inheritance across AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved cloud-native services. Through this leadership, they will strengthen system resiliency, accelerate secure mission delivery, and advance the agency toward a modern, engineering-driven security model.

• Establish and lead the General Support System (GSS) architecture spanning AWS Gov Cloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration.
• Architect and deploy enterprise automation frameworks using Infrastructure-as-Code (Terraform, Ansible, AWS Cloud Formation), Python, JSON, and AWS boto3 to streamline cybersecurity and IT operations.
• Translate agency security requirements into machine-readable code; design and implement automated, version-controlled compliance checks aligned with DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIGs.
• Integrate automation and Policy-as-Code (PaC) solutions into the continuous monitoring environment, activating AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved cloud-native services.
• Design modular, reusable, and scalable solutions adaptable to evolving DoD policies and emerging threats, ensuring enterprise-wide deployment without performance degradation.
• Own technical execution of contract deliverables:
  Automation Frameworks (initial deployment within 180 days), Policy-as-Code Framework (within 270 days), Continuous Monitoring Dashboards (within 270 days), and ongoing quarterly updates.
• Drive measurable outcomes against program KPIs: at least 15% reduction in manual security enforcement within 12 months; at least 25% of manual controls under automated configuration management within 12 months; real-time dashboard visibility into at least 90% of cloud-native systems where PaC is implemented.
• Lead recurring governance meetings and stakeholder workshops; partner with agency leadership to refine priorities, surface dependencies, and sustain enterprise adoption of automated controls.
• Direct workforce enablement: design training and documentation packages that achieve cross-training of at least 90% of the agency GRC team within 12 months, ensuring agency personnel can manage, maintain, and expand solutions post-implementation.
• Promote engineering-driven security practices including Dev Sec Ops , supply chain risk management, Zero Trust principles, and AI/ML-enabled analysis across IT and OT environments.

• Master's degree from an accredited institution in a highly relevant technical field such as Computer Science, Software Engineering, Cybersecurity, or Cloud Computing.
• Twelve (12) years of demonstrated experience in systems engineering and cybersecurity, with at least seven (7) of those years focused on security automation, cloud engineering, and architecture.
• Five (5) years of demonstrated experience serving as a lead technical authority on enterprise-level projects, responsible for designing and implementing security solutions, not just assessing them.
• Five (5) years of demonstrated experience translating complex regulatory requirements (RMF, NIST, DISA STIGs) and architectural diagrams into functional, automated, and operational code.
• Must possess one of the following certifications: AWS Certified Dev Ops Engineer – Professional, AWS Certified Solutions Architect – Professional, AWS Certified Security – Specialty, or (ISC)² Certified Information Systems Security Professional (CISSP), preferably with an engineering or architecture concentration (ISSEP/ISSAP).
• Strong foundational and operational knowledge of Dev Sec Ops  and CI/CD pipelines, Zero Trust implementations, Supply Chain Risk Management (SCRM), and Infrastructure-as-Code…