Senior Cloud Architect

Senior Cloud Architect

Location: San Antonio area; located within 25 miles of JBSA-Randolph, TX Clearance: Ability to obtain and maintain a Secret clearance Customer: Air Education and Training Command (AETC), United States Air Force

Responsibilities

Architecture & Design

• Architect end-to-end cloud-native, software-defined solutions that meet AETC's performance, scalability, and user-experience objectives; lead the enterprise evolution to Zero-Trust architectures.
• Design and implement secure hybrid environments (public cloud + on-prem), including cloud networking, segmentation, service-to-service security, and federation models.
• Engineer Identity and Access Management (IAM) with role-based access controls (RBAC), least privilege, and single-/multi-domain federation.
• Secure Kubernetes platforms and container runtimes (network segmentation, RBAC, workload isolation) and guide standards for virtualized environments.
• Develop Infrastructure-as-Code (IaC) security baselines to enable repeatable, compliant deployments.
• Lead technical options, costed alternatives, and future-state roadmaps aligned to mission priorities and budget.

Security & Compliance

• Implement RMF-aligned controls; produce/maintain ATO artifacts; support continuous monitoring strategy and control assessments with ISSM/ISSO/SCV.
• Enforce DISA STIG/SRG configurations across Linux/Windows systems, cloud services, VMs, and Kubernetes clusters; maintain timely patching and flaw remediation.
• Enable ACAS/Nessus vulnerability scanning, report results, remediate findings, and sustain POA&Ms in coordination with Government cybersecurity leads.
• Implement web content filtering and traffic prioritization consistent with DoD/USAF policy and AWAKEN rules of behavior.
• Map technical controls to NIST SP 800-53, DISA STIGs, and (as applicable) CMMC requirements; maintain secure logging, audit trails, and evidence packages.
• Support incident response in cloud environments (log analysis, containment, recovery) and contribute to the Government's cyber incident reporting processes.

Engineering, Testing & Delivery

• Operate in a pre-deployment test/lab environment, perform MBSE-driven validation, and deliver successful test results prior to production rollout.
• Troubleshoot complex enterprise connectivity issues impacting performance or user experience; provide Tier-3 engineering guidance to operations teams.
• Optimize network and cloud configurations for resilience, availability, latency, jitter, and QoS in line with AWAKEN KPIs/SLAs.

Collaboration & Governance

• Engage the COR and AWAKEN Government Technical Leads as a trusted advisor; communicate clearly across diverse technical backgrounds.
• Partner with the Program Manager, providing status, recommendations, and technical insight; contribute to PMRs and enterprise planning.
• Support Configuration Control Boards (CCBs) by proposing changes, documenting artifacts, and sustaining the enterprise baseline.

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, or related field (or equivalent practical experience).
• 10+ years of experience in enterprise IT/cloud architecture, systems engineering, or network modernization; 5+ years leading technical efforts on large programs.
• Hands-on expertise with cloud-integrated network designs, hybrid cloud architectures, and Zero-Trust patterns.
• Strong experience with IAM/RBAC, Kubernetes/container security, and Linux hardening; working knowledge of Windows hardening.
• Architect secure, scalable Cloud infrastructures and network connectivity.
• Design cloud-native data platforms, pipelines, and analytics architectures.
• Automate cloud provisioning with Terraform/ARM/Bicep; ensure consistent, FedRAMP-compliant environments.
• Implement RBAC, least-privilege, encryption, and NIST-aligned security controls.
• Drive FinOps optimization and guide engineering teams on cloud best practices.
• Enhance the security and administration of Spectrum IT systems operations.
• Migrate and modernize with config-level changes.
• Push toward Platform as a Service (PaaS) and cloud-native where possible.
• Replatform if the application can leverage PaaS.
• Rehost using AWS/Azure Infrastructure-as-a-Service (IaaS) if the application can't leverage PaaS.
• Use Microsoft Cloud Adoption Framework (CAF) and the Azure Well-Architected Framework.
• Leverage the NTIA FSDS IL5 tenant based on the single tenant architect
• Demonstrated ability to enforce STIGs/SRGs, remediate ACAS/Nessus findings, and produce RMF/ATO documentation.
• Proficiency with cloud-native monitoring/logging (e.g., CloudWatch or platform equivalents), securing service meshes, and IaC security baselines.
• Experience with Agile/Lean delivery; effective communicator able to brief senior business and government stakeholders.
• U.S. citizen; able to obtain Secret clearance and USAF CAC; pass government background checks and fingerprinting.
• AWS Certified Cloud Architect

Desired Qualifications

• Experience with 5G integration and enterprise Wi-Fi architectures.
• DoDM 8140.03-aligned cyber workforce qualification or willingness to obtain
• Familiarity with AETC/USAF operational environments; prior support to USAREUR-AF or other DoD organizations is a plus.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.