Cloud Security Engineer (Cloud & Hybrid Infrastructure)

Own your opportunity to serve as a critical component of our nation's safety and security. Make an impact by designing, implementing, and enforcing secure cloud architectures that protect mission systems and enterprise infrastructure.

At GDIT, people are our differentiator. As a Cloud Security Engineer, you will help ensure today is safe and tomorrow is smarter.

GDIT is seeking a technically strong and mission-focused Cloud Security Engineer to support USAREUR-AF. This role is responsible for implementing and enforcing a robust security posture across hybrid cloud and on-premise environments. The ideal candidate is a hands-on engineer with deep Linux expertise, strong cloud identity management experience, and a working knowledge of DoD security compliance frameworks., The Cloud Security Engineer will design, implement, and sustain security controls across cloud infrastructure, Kubernetes platforms, virtualized environments, and supporting systems. This role focuses on secure architecture implementation, identity and access management, vulnerability remediation, STIG enforcement, and continuous monitoring., * Design and implement secure cloud architectures across hybrid environments (public cloud and private infrastructure).

• Engineer and enforce identity and access management (IAM) solutions, including role-based access controls, least privilege enforcement, and federation models.
• Configure and maintain cloud-native monitoring and logging solutions (e.g., CloudWatch or equivalent), ensuring visibility into security events and system health.
• Support and remediate vulnerability findings identified through ACAS and related scanning tools.
• Implement and validate STIG compliance across Linux and Windows systems, virtual machines, and Kubernetes clusters.
• Harden Linux-based cloud and container hosts (primary focus) and Windows systems (secondary focus) in accordance with DoD security standards.
• Secure Kubernetes clusters, container runtimes, and supporting infrastructure through proper network segmentation, RBAC configuration, and workload isolation.
• Implement zero-trust principles across cloud networking and service-to-service communication.
• Develop and maintain Infrastructure as Code (IaC) security baselines to ensure consistent and repeatable secure deployments.
• Support security incident response activities within cloud environments, including log analysis and containment efforts.
• Map implemented technical controls to DoD compliance frameworks including NIST 800-53, STIGs, and CMMC requirements.
• Collaborate with platform engineers, system administrators, and cybersecurity teams to ensure secure system design and continuous compliance., This role is ideal for a Cloud Security Engineer who is a technical implementer first and policy-aware second. The successful candidate will actively engineer and enforce security controls across cloud and hybrid environments, ensuring infrastructure is hardened, compliant, and resilient against threats. This position balances deep hands-on platform engineering (approximately 66%) with security governance alignment and policy enforcement responsibilities (approximately 33%).

Do you have experience in Windows?, Do you have a Bachelor's degree?, Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, or related technical field (or equivalent practical experience).

Required Experience

3-5 years of experience securing cloud or hybrid infrastructure environments.

Required Technical Skills

Cloud Security Architecture

• Experience implementing secure configurations in GCP, AWS, Azure, or comparable cloud platforms.
• Strong understanding of cloud identity services, IAM policy design, multi-account security strategy, and role-based access control.
• Experience configuring logging, monitoring, and alerting services for cloud security visibility.

Vulnerability Management & Compliance

• Experience working with ACAS and vulnerability scanning tools.
• Hands-on experience applying and validating STIGs across Linux and Windows systems.
• Understanding of NIST, STIG, and CMMC compliance requirements in DoD environments.
• Experience supporting vulnerability remediation and security control validation.

Linux & Windows Systems

• Strong Linux administration background (approximately 70% of environment), including system hardening, auditing, patching, and secure configuration.
• Working knowledge of Windows Server administration and security configuration (approximately 30% of environment).
• Experience securing virtual machines in VMware or similar virtualization platforms.

Kubernetes & Container Security

• Experience securing Kubernetes clusters, including RBAC, network policies, secrets management, and pod security standards.
• Familiarity with container hardening and image security best practices.
• Understanding of secure service mesh or encrypted service communication models.

Networking & Zero Trust

• Strong understanding of TCP/IP networking, firewalls, VLANs, VPNs, routing, and segmentation.
• Experience implementing least privilege network access and micro-segmentation within cloud environments.

Automation & Scripting

• Proficiency in Bash and Python for security automation and remediation scripting.
• Experience using Infrastructure as Code tools (Terraform, Ansible, or similar) to enforce security baselines.
• Familiarity with CI/CD security integration and DevSecOps principles.

Preferred Qualifications

• Experience supporting Army or DoD enterprise environments.

• Experience contributing to ATO packages or security control documentation.

• Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer) preferred.

• Security+ or equivalent DoD 8570 IAT Level II certification required, higher level (CASP/CISSP/CISA) preferred., Years of Experience 5 + years of related experience

• may vary based on technical training, certification(s), or degree

At GDIT, the mission is our purpose, and our people are at the center of everything we do.

• Growth: AI-powered career tool that identifies career steps and learning opportunities
• Support: An internal mobility team focused on helping you achieve your career goals
• Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
• Community: Award-winning culture of innovation and a military-friendly workplace, Travel Required Less than 10% Citizenship U.S. Citizenship Required

Salary and Benefit Information The likely salary range for this position is $102,000 - $138,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. Total compensation for international positions varies by tax, social security, and immigration statuses, as well as location. Generally, an international assignment may include allowances, premium uplifts, and/or relocation or transportation benefits, above base salary range noted.

Own your opportunity to support our nation's defense. Make an impact by connecting and securing critical operations across the globe, keeping our country safe and secure., We are GDIT. A global technology and professional services company that delivers technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across over 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, cloud, cyber and application development. Together with our customers, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. Join our Talent Community to stay up to date on our career opportunities and events at gdit.com/tc.