Senior Infrastructure Engineer

Job Description

ECS is seeking a Senior Infrastructure Engineer to work in our Fairfax, VA office.

ECS is seeking talented professionals to join our successful and growing team in building the next-generation Continuous Diagnostics and Mitigation (CDM) Cyber data solution. The CDM Program is the Cybersecurity and Infrastructure Security Agency's (CISA) dynamic approach to strengthening the cybersecurity of Federal networks and systems through better awareness and visibility into their security posture and cyber threats. ECS is responsible for designing, building, deploying, operating, and maintaining a complete 'Data Services' solution which includes the collection, normalization, visualization, and sharing of cyber data from more than 100 Federal agencies. The CDM Data Services product is an integrated suite of multiple Commercial Off the Shelf (COTS) products, software configuration packages, and custom code which work together to operate as an integrated solution tailored to meet Department of Homeland Security (DHS) requirements.

We are seeking professionals who thrive in a dynamic, fast-paced, and highly collaborative environment where problem-solving, critical thinking, and a holistic approach to serving the mission are key. Our program operates within the Scaled Agile Framework (SAFe). An aptitude and enthusiasm for continuous learning, improvement, and cyber security is a must!

Role & Responsibilities:

ECS is seeking a Senior Infrastructure Engineer (AWS / Terraform / EKS) to join the Infrastructure & Cloud Team supporting the CDM Data Service federal programs under DHS CISA. This role focuses on designing, building, and operating secure, repeatable AWS environments within a FedRAMP and ATO-governed context. The engineer will work in an environment where all deployments are infrastructure-as-code, peer-reviewed, and fully auditable. The successful candidate will combine hands-on AWS engineering depth with a strong sense of operational discipline, automation, and compliance awareness.

We are seeking dynamic, energetic, and engaging team members who love challenges! The ideal candidate will be able to align to the following duties:

• Design, build, and maintain Infrastructure-as-Code using Terraform (modules, S3/DynamoDB remote state, OPA/tfsec policy integration).
• Provision, upgrade, and manage EKS clusters, including namespaces, Helm-based add-ons (cert-manager, ESO, Confluent Operator), and IAM roles for service accounts.
• Design, configure, and troubleshoot AWS VPC networking, including routing, TGWs, DNS, DHCP, endpoints, NACLs, and security groups.
• Implement and secure microservices on EKS with proper connectivity to AWS services (S3, ECR, Secrets Manager, IAM).
• Automate infrastructure deployments using GitHub Actions (or self-hosted runners), cross-account IAM role assumptions, and CI/CD policy gates.
• Collaborate with security and applications teams to enforce least-privilege IAM, automate compliance evidence collection, and support RMF/ATO documentation.
• Diagnose and resolve complex issues spanning containers, Kubernetes networking, and AWS layers (VPC - Zscaler - C-TIPS - SaaS endpoints).
• Support observability, logging, and monitoring through integration with Elastic, ScienceLogic, or AppDynamics to meet SLA and audit requirements.
• Mentor and guide junior engineers through knowledge sharing, paired engineering, and process standardization.
• Evaluate and improve infrastructure design for policy compliance, resiliency, and performance tuning.
• Develop and maintain SOPs and playbooks that align with program governance.

Required Skills

• Bachelor's degree or 8 years of relevant experience.
• 6+ years designing, implementing, securing, and maintaining AWS Cloud infrastructure (CAWS, GovCloud, or equivalent).
• 5+ years of experience with Terraform (advanced modules, state management, policy enforcement).
• 5+ years' operating Kubernetes/EKS clusters, provisioning, scaling, networking, and Helm lifecycle management.
• 5+ years of infrastructure experience related to network security
• Strong networking foundation: TCP/IP, DNS, DHCP, TLS, routing, subnetting, NACLs, and endpoint connectivity.
• Proficient scripting/automation using Python or Bash, YAML/JSON templating, and Git-based workflows.
• Experience in security compliance environments (FedRAMP, FISMA, NIST 800-53) and supporting ATO documentation.
• Demonstrated ability to collaborate cross-functionally with Security, DevSecOps, and CI/CD teams to maintain compliant, auditable infrastructure.
• Strong communication skills with the ability to interface effectively with stakeholders from engineers to senior management.

Desired Skills

• Prior DHS CISA mission experience or experience in federal secure cloud operations.
• Experience designing and documenting security controls for System Security Plans (SSPs) and FISMA accreditation.
• Experience operating in multi-account AWS environments with strong IAM, SCP, and segmentation practices.
• Familiarity with observability tooling (Elastic, ScienceLogic, AppDynamics) and integrating metrics/log pipelines with EKS.
• Understanding Zero Trust architecture and Cloud-Native ATO automation practices.
• Experience in TLS and certificate management (ACM, ACM-PCA).
• AWS Associate or Professional-level certification(s) (e.g., Solutions Architect, DevOps Engineer).

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.