Cloud Security Architect
At CGI Federal's Emerging Solutions Group, we are looking for Cloud Security Architect to help lead the delivery, design and securing of applications and deployments in the Cloud. As a security focused technical member of the cloud engineering group, you will work with AWS and Azure architects and engineers to create secure cloud solutions for our clients. We are looking for a highly technical person to help improve our security posture for cloud and microservice based solutions for our shared services supporting all CGI Federal BUs. This position will be the security SME for a delivery focused cloud engineering group and the person must want to be innovative and develop repeatable solutions for security.
Your future duties and responsibilities
• Advise on the implementation of cloud-native security tools and safeguards to achieve a secure trusted environment.
• Advocate and collaborate with engineers, developers, and non-technical members on cloud security related issues.
• Collaborate with clients to gather requirements and propose effective security solutions.
• Cloud Security Subject Matter Expert for AWS and Azure cloud engineering teams
• Create, update and maintain DevSecOps processes for cloud and container-based deployments
• Design and implement secure solutions and architectures for cloud, multiple cloud and hybrid cloud systems to support clients, delivery teams, and Managed Service Provider (MSP)/Managed Security Service Provider (MSSP) practices.
• Develop automation, runbooks, and scripts to automatically resolve security or configuration issues in AWS or Azure.
• Drive roadmap and implementation of security related items for cloud engineer, networking and system operations teams.
• Help build cloud strategies and reference architectures to meet compliance and security requirements.
• Lead technical security discussion with Cyber teams (Security Operation Center Analysts, Security Application Teams and ISSOs) about Cloud IaaS, PaaS and SaaS and Microservices architectures
• Mentor and coach others in cloud and security architecture
• Present on, drive adoptions, create proof of concepts and demo security concepts and solutions to technical and non-technical audiences
• Proactively improve the security posture of cloud-based environments with CSP services, code and automaton
• Promote and help enable other teams to adopt Security Orchestration, Automation and Reponses (SOAR).
• Work with compliance, security and application teams to maintain security compliance for federal (DoD, FedRAMP, CMMC), corporate and industry compliance programs.
Required qualifications to be successful in this role
• 4 - 10 years of relevant experience with cloud, security and development
• Detailed understanding of AWS and Azure core security and identity capabilities, features, and services
• Knowledge of security monitoring and response capabilities for on-premises, Cloud, hybrid and microservice environments.
• Experience implementing Infrastructure as Code (IaC) with CloudFormation, ARM or Terraform.
• Experience of supporting projects that required at least one Federal compliance program (CMMC, CIS Benchmarks, DoD SRG, DoD STIGs, FedRAMP and NIST 800-53) and the ability to help the projects achieve and maintain accreditation
• Proven ability to create solutions that align enterprise security architecture frameworks and defined security controls and standards.
• Security Certifications - A least one security certification (CISSP, CEH, GIAC, Security+, AWS Certified Security - Specialty, Microsoft Certified Azure Security Engineer) and a CSP (AWS or Azure) Assoicate level certification.
• Strong knowledge of security topologies, network security best practices and the application of suitable security safeguards.
• Strong experience with a variety of cybersecurity systems, architectural concepts, delivery environments and best-of-breed security solutions.
• Understanding of Agile and DevOps methods
• Understanding of AWS and Azure core Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Function as a Service (FaaS) capabilities, features, and services and/or detailed understanding of cloud-native reference architectures.
• Understanding of Continuous Integration and Continuous Delivery (CI/CD) pipelines to incorporate security, hardening and best practices for delivery of secure software
• AWS professional (AWS Certified Solutions Architect - Professional, AWS Certified DevOps Engineer - Professional) or Azure expert level role-based certifications.
• Bachelor level technical degree or equivalent experience; Computer Science or Engineering background preferred
• Developing Serverless applications leveraging AWS services (DynamoDB, EventBridge, Lambda, S3, SQS, SNS) or Azure Services
• Experience in supporting container-based applications, implementing security for microservices in the CI/CD progress, runtime and registry for AWS (Docker, AWS ECS, AWS ECR, AWS Fargate, AWS EKS), Azure AKS, Docker, and Kubernetes.
• Experience implementing Zero Trust architecture and design patterns
• Familiarity with Linux / Windows operating systems and methods to securely operate workloads
• Knowledge of CMMC, DoD SRG, DoD STIGs, FedRAMP and NIST compliance controls
• Knowledge with Configuration as Code tools/services (Puppet, Ansible or AWS SSM) for orchestration of OS (Operating System) level configuration and compliance
• Knowledge of Git for source code version control and Atlassian (Jira, Bitbucket, and Confluence), GitHub or GitLab and ServiceNow APIs for automation.
• Due to the nature of the government contracts we support, US Citizenship is required.
#CGIFederalJobBuild your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change-supporting our clients' digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com .
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com . You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned
We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held. CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI's legal duty to furnish information.Skills
- AWS Certified Cloud Practitioner
- AWS Technical Professional
- Azure Functions