Cloud Solutions Architect - TS/SCI w/Poly

Cloud Solutions Architect

Chantilly, VA.

Position Summary:

The Sponsor requires cloud engineering support to help design and build the new cloud enclave, perform Operations and Maintenance (O&M) tasks, evolve and enhance the cloud architecture.

Job Description:

The Sponsor plans to build a new secure cloud-based enclave and migrate off of legacy on-premises infrastructure. The Sponsor requires cloud engineering support to help design and build the new cloud enclave, perform Operations and Maintenance (O&M) tasks, evolve and enhance the cloud architecture once the build out and migration is complete, help continuously identify and mitigate system and data risks and achieve and maintain Assessment & Authorization (A&A) compliance.

The Cloud Solutions Architect will set up, configure, update and maintain the Sponsor’s AWS cloud-based enclave, in all environments including PRODUCTION and work in close coordination with the cloud vendor’s Professional Services as the cloud-based enclave is initially designed and stood up. They will take the lead, in coordination with the Sponsor, in implementing the new cloud-based enclave architecture as well as moving mission data into the cloud for the migration from the legacy (Windows-based) on-premises enclave. They will reach out to partners for technical details and solutions related to system implementation and security and execute cloud engineering tasks to support the Sponsor’s information technology enterprise, as well as related tasks such as documentation, knowledge transfer, configuration management, systems security-related tasks and planning activities. The Cloud Solutions Architect will provide technical support and assist in the timely resolution of technical issues related to the Sponsor’s cloud environment and systems; support system requirements gathering and refinement as directed by the Sponsor, and provide technical expertise on cloud computing techniques and technologies; and coordinate with and participate in meetings with internal and external teams and partners. They will monitor current, and estimate future cloud-related costs and provide recommendations to the Sponsor for cost-optimization strategies and provide input and recommendations to Sponsor staff and coordinate with the Information System Security Manager (ISSM) staff as necessary to help achieve and maintain ATO for the Sponsor’s cloud enclave. They will provide support for application deployments, fixes and configuration changes in the cloud environment; plan and implement backup and Disaster Recovery (DR) solutions in accordance with Sponsor’s requirements; evaluate cloud strategy and architecture and provide recommendations and roadmaps for changes to improve security, reduce cost, and streamline operations to the Sponsor; and select appropriate cloud services to design and deploy applications based on given requirements. The Cloud Solutions Architect will create functional design specifications, architectures, and render support to other cloud project deliverables; design, build and maintain high availability cloud-based IT systems; and use Infrastructure-as-Code principles and automation within cloud environments to reduce the risk of errors, streamline operations and facilitate repeatability. They will keep the Sponsor informed of security, data integrity or technical risks, work off-hours on occasion to support deployments, fixes or operations (happens rarely); identify, analyze, and resolve infrastructure vulnerabilities and application deployment issues; and perform O&M tasks related to Sponsors enclave. They will also perform cloud activities including but not limited to; Create and configure virtual private clouds (VPCs), Create EC2 instances, Create RDS instances, Create and secure AMIs that meet security requirements, Create, manage, and test Lifecycle policies for backup and DR purposes, Create public and private subnets, Create auto scaling groups, Configure load balancers, Configure security groups, Create users and groups in cloud environments, Integration with external services.

Requirements

(Mandatory) Demonstrated experience including knowledge of Best Practices for implementing the security services provided by Amazon AWS (such as Identity Management, Secure Tokens, Cloud Watch and Cloud Monitoring).

(Mandatory) Demonstrated experience with knowledge of security constraints and required protections for enclave accreditation in an AWS cloud.

(Mandatory) Demonstrated experience making virtual machine configuration changes necessary to resolve trouble tickets or to comply with security requirements and IT best practices.

(Mandatory) Demonstrated experience, within the last two (2) years, setting up and maintaining an AWS-cloud based VPC.

(Mandatory) Demonstrated experience deploying and maintaining Windows environments in AWS.

(Mandatory) Demonstrated experience, within the last six (6) months, managing MS Product Suite.

(Mandatory) Demonstrated experience, within the last six (6) months, managing MS SQL.

(Mandatory) Demonstrated experience, within the last six (6) months, managing MS Server 2012/2016/2019/2022.

(Mandatory) Demonstrated experience, within the last six (6) months, deploying and managing log aggregation systems, such as Splunk.

(Mandatory) Demonstrated experience, within the last six (6) months, maintaining system accreditation.

(Desired) Demonstrated experience with knowledge of security constraints and required protections for enclave accreditation in an AWS cloud in the Sponsor’s environment.

(Desired) Demonstrated experience transitioning an on-premises enclave solution to a virtual private cloud (VPC).

(Desired) Demonstrated experience making application software and operating system configuration changes necessary to resolve trouble tickets or to comply with Sponsor requirements and IT best practices.

(Desired) Demonstrated experience evaluating and mitigating software security vulnerabilities.

(Desired) Demonstrated experience with continuous monitoring from a security perspective.

(Desired) Demonstrated experience obtaining Certification and Accreditation within the Sponsor’s environment.

(Desired) Demonstrated experience with the Sponsor’s unique IT infrastructure and ongoing projects.

(Desired) Demonstrated experience executing O&M tasks as necessary to support the Sponsor’s software and hardware infrastructure.

Demonstrated experience understanding and implementing Multi Factor Authentication (MFA) with AWS.

(Desired) Demonstrated experiencing managing Windows services and devices. This experience should be related to managing a Windows based enterprise, such as maintaining Server ISOs and related AMIs, COTS updates, managing domain forests and group policy objects, user role-based authentication in active directory.

(Desired) Demonstrated experience managing LDAP authentication with COTS applications, load balancing and gateway services related to remote desktop service deployments.

(Desired) Demonstrated experience with troubleshooting errors utilizing Event Viewer and Splunk logging.

Benefits

• Vacation – 5 weeks of accrued paid vacation per year (i.e., 8.33 hours accrued per pay period worked)

• Holidays - Paid holidays published annually by the Office of Personnel Management, excluding Inauguration Day

• 100% paid for Health Benefits* (United Healthcare, Guardian Dental, VSP Vision, MetLife, Life and Disability Insurance and annual $1500 employer HSA contribution on qualified plans) *health benefits kick in the 1st of the month following your start date

• 6% 401k Contribution (3% paid out during each pay period, the additional 3% will be paid out as a lump sum in Q1 each year)

• Training Reimbursement – Approved training and education expenses will be reimbursed