Subject Matter Expert - Cloud Security Architect

Job Location: 

This role is 100% remote.

Clearance:

Must be currently authorized to work in the United States on a full-time basis and have the ability to obtain a Public Trust Security Clearance. 

Job Description:

In this position as a Cloud Security Architect, you will lead the design of secure, scalable AWS cloud architectures that support federal mission systems and comply with DOJ/BOP security requirements and FedRAMP control baselines. You will integrate cloud architecture, security engineering, and ATO requirements to accelerate authorization timelines while maintaining a strong security posture. In this position, you will also:

• Design secure, scalable AWS cloud architectures aligned with DOJ/BOP security policies and FedRAMP baselines.
• Architect multi-account and multi-VPC environments with appropriate segmentation, centralized inspection, and secure connectivity to on-premise BOP networks.
• Translate NIST and FedRAMP security control requirements into repeatable, reusable cloud architecture patterns.
• Ensure system designs support Rapid ATO timelines through pre-approved architectures and secure design standards.
• Develop and maintain system boundary diagrams, data flow diagrams, trust zone documentation, and other architectural artifacts required for ATO packages.
• Support development of System Security Plans (SSPs) by providing architecture narratives and diagrams.
• Collaborate with ISSOs, security assessors, engineers, and program stakeholders to ensure architectural decisions meet control implementation expectations.
• Serve as a subject matter expert during security assessments, ATO reviews, and leadership briefings.

Required Skills:

• Master's degree in Computer Science, Information Technology, Cybersecurity, Information Security, Computer Engineering, Business, or a related field.
• 10 years of experience designing and securing cloud and cloud security solutions within federal government systems.
• 5 years of networking experience, including AWS native firewall services, AWS Direct Connect, AWS Outposts networking, reverse proxy architectures, and related automation.
• 5 years of experience designing and implementing Continuous Monitoring (ConMon) solutions for cloud-based systems and applications.
• 3 years of experience designing AI-enabled compliance automation tools capable of scanning cloud environments, collecting FedRAMP-specific evidence, storing artifacts centrally, and identifying unmet requirements.

Desired Skills:

• Prior Department of Justice (DOJ) and/or Bureau of Prisons (BOP) experience and domain knowledge.
• Strong experience analyzing security events, alerts, and reports generated by SIEM platforms such as Splunk.
• Proficiency reviewing and interpreting outputs from AWS security services, including GuardDuty, Security Hub, and Amazon Inspector.
• In-depth understanding of end-to-end data encryption in transit and at rest, including SSL/TLS implementation.
• Demonstrated ability to identify vulnerabilities, particularly those related to data exposure, configuration drift, and tampering.

At Blake Willson Group, we believe in transparency and fairness in compensation practices. For this position, we offer a competitive salary range of $150,000 to $185,000 in the United States. Your individual salary within this range will be determined by various factors, including but not limited to your education, experience, skills, and geographic location. We also provide a comprehensive Total Rewards package, which includes major medical benefits such as dental and vision coverage, a 401(k)-contribution plan, holiday and personal time off, professional development training & certification benefits, health & wellness subsidies, paid time off for community service, and more. We value your contributions and are committed to recognizing and rewarding your performance and the value you bring to our business.