Senior Cloud Engineer

Looking for an opportunity to make an impact?

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. The Leidos National Security Sector (NSS) combines technology-enabled services and mission software capabilities in the areas of cyber, logistics, security operations, and decision analytics to support our defense and intel customers’ mission to defend against evolving threats around the world.

Your greatest work is ahead!

The Multi-domain Solutions Division (MDS) within the Leidos National Security Sector is seeking a skilled Senior Cloud Engineer to join a new cyber security program and play a key role in supporting government-critical systems. You will be part of a program that oversees development, integration, delivery, and operations and maintenance of IT managed security services, which encompasses support to monitor the cybersecurity threat and security posture situational awareness for the enterprise. This opportunity is in anticipation of a future contract award!

What you’ll be doing:

• Lead the design, implementation, and management of secure cloud environments across multi-cloud platforms (AWS, Azure, and/or Google Cloud). 
• Take ownership of cloud security strategies, guide security operations, and collaborate with cross-functional teams to ensure cloud security best practices and regulatory compliance.
• As a trusted security expert, you will assess cloud security risks, architect secure solutions, and automate security processes to protect critical data, applications, and services.
• Apply deep understanding of cloud security principles, extensive hands-on experience with cloud platforms, and a strong background in DevSecOps practices.
• Responsible for technical planning, system hardware-software-network design, development and integration, verification and validation, and fielding. 
• Evaluate alternatives including cost and risk, supportability and analyses for total systems. 
• Perform systems requirements analysis, functional analysis, timeline analysis, trade studies, requirements allocation and interface definition, technical management, integration, system testing, and quality assurance.  
• Provide technical advice/input that impact strategic client outputs and Leidos business results. 
• Impact functional strategy by developing new solutions, processes, standards or operational plans that position Leidos competitively in the marketplace. 
• Serve as a technical lead on large, complex projects. Mentors and coaches other technical staff.
• Design, implement, and manage secure cloud architectures for Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) environments.
• Develop and enforce cloud security policies, governance frameworks, and standards aligned with industry best practices (NIST, CIS, ISO 27001).
• Lead threat modeling, security reviews, and architecture assessments to identify potential security gaps in cloud designs.
• Provide technical leadership in the adoption of Zero Trust and Defense-in-Depth principles in cloud environments.
• Develop security blueprints, reference architectures, and cloud security frameworks to guide application development and cloud operations.
• Integrate security controls into CI/CD pipelines, ensuring security is embedded throughout the software development lifecycle (SDLC).
• Develop Infrastructure as Code (IaC) templates using Terraform, CloudFormation, and ARM to automate security baselines and enforce compliance.
• Implement automated security scanning, vulnerability assessments, and policy enforcement to enhance cloud security postures.
• Guide DevOps and application teams on secure coding practices, container security, and API security to minimize attack surfaces.
• Design and configure cloud-native security monitoring and logging solutions to detect and respond to advanced threats in real time.
• Oversee the deployment of Security Information and Event Management (SIEM) platforms such as Splunk, Microsoft Sentinel, or Elastic Security for cloud monitoring.
• Develop and manage cloud incident response plans (IRP), including playbooks, escalation procedures, and post-incident reviews (PIRs).
• Analyze and investigate cloud security incidents, conduct root cause analysis (RCA), and lead remediation efforts.
• Architect and manage secure IAM solutions for cloud environments, enforcing least privilege, role-based access control (RBAC), and Just-in-Time (JIT) access.
• Implement and maintain Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Single Sign-On (SSO) solutions.
• Conduct periodic audits of access permissions, identifying and remediating over-privileged accounts and policy misconfigurations.
• Lead cloud vulnerability management efforts by conducting regular vulnerability scans, identifying misconfigurations, and applying appropriate remediation.
• Manage Cloud Security Posture Management (CSPM) solutions to ensure continuous monitoring and compliance with security policies.
• Collaborate with system administrators and DevOps teams to ensure timely remediation of vulnerabilities across cloud infrastructures.
• Ensure compliance with industry regulations and frameworks such as HIPAA, PCI-DSS, FedRAMP, GDPR, and SOC 2.
• Develop and maintain documentation of cloud security policies, processes, and procedures to support internal and external audits.
• Conduct cloud risk assessments, vulnerability analyses, and provide executive-level risk management recommendations.

What does Leidos need from me?

• Active Top Secret/SCI (TS/SCI) with Polygraph security clearance required. Must be U.S. Citizen.
• Master's with 15 to 20 years of prior relevant experience. Experience may be considered in lieu of a degree.
• Understanding of DoD IT security protocols and requirements
• Strong expertise in securing cloud platforms (AWS, Azure, and/or Google Cloud) with deep knowledge of cloud-native security services.
• Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, and ARM templates.
• Extensive knowledge of cloud security controls, threat modeling, and risk management frameworks.
• Expertise in IAM concepts, including RBAC, MFA, SSO, and PAM in cloud environments.
• Experience integrating security into CI/CD pipelines and automating security processes in a DevSecOps environment.
• Proficiency with security monitoring and SIEM platforms, including Splunk, Microsoft Sentinel, and Elastic Security.
• Strong understanding of encryption, key management, and secure data storage practices.

Favorable if you have:

• Advanced security certifications such as AWS Certified Security – Specialty. Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA) or GIAC Cloud Security Leadership (GCLD).
• Experience with Kubernetes security and container orchestration hardening.
• Strong knowledge of serverless security and securing APIs in cloud environments.
• Familiarity with secure application development practices and API security frameworks (OAuth, JWT).
• Knowledge of Zero Trust.

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.