
Senior Cloud Infrastructure Engineer
Posted Jul 1

Posted Jul 1
This is a fully remote position, open to applicants in Florida.
• Assist in the design and maintenance of landing zones utilizing cloud applications such as AWS Organizations, Control Tower, SCP guardrails, Identity and Access Management (IAM) multi-account patterns, and VPC architectures (Transit Gateway, PrivateLink, NAT, IGW) for enclave isolation and cross-domain requirements.
• Develop high-availability, multi-Region solutions by leveraging cloud tools including EC2, EKS/ECS Fargate, RDS/Aurora, DynamoDB, S3/EFS/FSx, Load Balancers, Route 53, and API Gateway.
• Apply Zero Trust-aligned patterns (micro-segmentation, strong identity, continuous verification) in accordance with DoD Zero Trust guidelines.
• Enforce security controls and facilitate evidence generation for RMF ATO packages (SSP, SAR, POA&M) in collaboration with cybersecurity teams.
• Implement DISA STIGs (OS, DB, Kubernetes, Container) and SRG requirements for workloads classified as IL2–IL6.
• Customize and automate the application of STIGs using Infrastructure as Code (IaC) and configuration management techniques.
• Integrate encryption and key management utilizing cloud tools such as AWS KMS/HSM; enforce IAM least privilege, SCPs, permission boundaries, ABAC, and robust secrets management practices.
• Deploy cloud logging and metrics tools such as CloudTrail/CloudWatch/GuardDuty/Config to ensure comprehensive auditing and detection.
• Align architectures with FedRAMP Moderate/High baselines as necessary and verify compliance for controlled workloads.
• Create secure connectivity (AWS Direct Connect/VPN), hybrid routing, and segmentation; implement TLS mutual authentication, certificate management, and private service endpoints.
• Design logging and telemetry pipelines (CloudWatch, OpenTelemetry, Kinesis, S3, SIEM integration such as Splunk/ELK) incorporating retention, metadata/tagging, and data lifecycle policies.
• Manage SLOs/SLAs for platform services.
• Implement autoscaling, health checks, and proactive capacity management strategies.
• Lead cost management and alerting practices for cloud environments in collaboration with project leads.
• Provide Tier 3 support, participate in on-call rotations during exercises, and coordinate incident response with cybersecurity and training operations.
• Work together with agile teams and product owners to convert training requirements into platform capabilities.
• Mentor junior engineers.
• Establish standards, conduct design reviews, and create repeatable processes.
• Present cloud solutions to project leadership and accreditation authorities.
• Bachelor's degree in a relevant technical field such as computer science or information technology from an accredited institution.
• 8–12+ years of experience in cloud/platform engineering with a minimum of 5 years dedicated to Amazon Web Services (AWS), demonstrating leadership in delivering secure, scalable, production-grade cloud systems.
• Compliance with DoD 8570/8140: IAT II (Security+) required; IAT III/CISSP or CASP+ preferred.
• AWS Certifications: Certified Solutions Architect – Professional, Security – Specialty, and/or DevOps Engineer – Professional.
• Kubernetes certifications: CKA/CKS.
• Experience with HashiCorp Vault, Service Mesh (Istio), policy-as-code (OPA), and zero trust implementations within government environments.
• Mastery of Infrastructure-as-Code (Terraform and/or CloudFormation), pipelines (GitLab/Jenkins), and configuration management (Ansible/Chef).
• Extensive expertise in AWS tools: Organizations/Control Tower, IAM, Bedrock, KMS/HSM, VPC/Transit Gateway, Direct Connect/VPN, EC2/EKS/ECS, RDS/Aurora, DynamoDB, S3/EFS/FSx, ELB/API Gateway/Lambda, CloudTrail/CloudWatch/Config/GuardDuty, Route 53, EventBridge/SQS/SNS.
• Understanding of RMF accreditation (SSP, POA&M, Continuous Monitoring) and control implementation according to NIST SP 800-53 Rev. 5.
• Practical application of DISA STIGs and DoD Cloud Computing SRG for IL2–IL6 workloads.
• Strong comprehension of GovCloud (US) patterns and boundary controls.
• In-depth knowledge of networking fundamentals: TCP/IP, DNS, TLS/PKI, routing, micro-segmentation, Zero Trust patterns.
• Logging/monitoring design and SIEM integration experience.
• Skills in incident response and troubleshooting across application, infrastructure, and network layers.
• Excellent communication, documentation, and stakeholder engagement skills, along with the ability to lead cross-functional initiatives.
• Medical, Dental & Vision Coverage
• Wellness Program
• 401(k) Matching
• Disability (Short Term & Long Term)
• Employee Assistance Program
• Life Insurance
• Education & Training
• Generous Leave Policy (11 Federal Holidays, PTO, Military Leave, Bereavement and Jury Duty)
EDB
NIR-YU
Mirantis
Mirantis
Get handpicked remote jobs straight to your inbox weekly.