Senior Cloud Security Engineer

Dragonfli Group is seeking a Sr Cloud Security Engineer (Hybrid/Multi-Cloud) to directly implement technical security strategy for a large federal agency operating a massive hybrid ecosystem comprising 30,000+ physical sites and diverse multi-cloud tenants. In this role, you will design and build the automated guardrails protecting assets, data, and identity infrastructure across private data centers and public cloud environments, ensuring a high-quality security posture through continuous compliance automation, fraud mitigation, and proactive threat detection. The role requires managing environments with 10,000+ workloads and serves as a senior technical resource embedded in a large-scale federal program, with escalation support provided by Dragonfli's senior engineering team. Candidates with 8 or more years of cybersecurity engineering experience, including at least 4 years focused on large-scale cloud or hybrid environments, are encouraged to apply., * Design and implement automated compliance assessments to enforce hardening standards such as CIS and NIST across cloud accounts and on-premises virtualized environments

• Architect and maintain data-at-rest and data-in-transit encryption strategies spanning physical data center servers and cloud-native storage
• Develop and secure an enterprise Identity Fabric supporting 600,000+ employees and millions of commercial customers, integrating fraud detection signals from SIEM and big data analytics platforms
• Build and manage secure hybrid connectivity solutions including Transit Gateways and Service Mesh between on-premises hypervisors and multi-cloud environments, enforcing consistent policy across all tenants
• Partner with the SOC to develop high-fidelity detection logic and build SOAR playbooks that automate the isolation of compromised cloud workloads and on-premises virtual machines
• Support ongoing Purple Team exercises and control testing to validate the performance of security tools including EDR, WAF, and DLP across all environments
• Establish security guardrails for enterprise and customer-facing AI models, including protections for Databricks training pipelines against data poisoning and mitigations for LLM-specific threats such as prompt injection and sensitive data leakage
• Drive the transition from manual security operations to autonomous, ML-triggered auto-remediation across hybrid environments using advanced SOAR playbook development
• Discover and catalog Shadow AI usage across the enterprise, ensuring all third-party AI tools meet privacy and security standards
• Partner with business units to integrate security controls invisibly into logistics and retail workflows, enabling continuous and programmatic compliance with PCI, SOC 2, and related frameworks
• Build API-driven automation to connect disparate security and business applications, reducing manual friction and enabling self-healing security operations
• Communicate AI-driven security decisions and false positive handling clearly to non-technical stakeholders and program leadership

Do you have experience in Infrastructure as Code (IaC)?, Do you have a Bachelor's degree?, This is a multi-year contract position involving a large US federal agency. Candidates with previous federal contracting experience are preferred. U.S. Citizenship or Permanent Residency required. If hired, all work related to this role must be performed within the continental U.S., * 8 or more years of experience in a technical cybersecurity engineering role

• Minimum 4 years of hands-on experience focused on large-scale cloud or hybrid multi-cloud environments
• Demonstrated experience managing environments with 10,000 or more workloads and high-availability requirements
• Expert-level proficiency in security architecture across AWS, Azure, and Google Cloud
• Hands-on experience with Infrastructure as Code tools such as Terraform, Ansible, or CloudFormation
• Demonstrated portfolio of projects in which AI or machine learning was directly applied to solve security or operational scaling problems
• Experience with CI/CD and GitOps workflows treating security configurations as deployable, testable code
• B.S. or M.S. in Computer Science, Information Security, or a closely related technical field
• U.S. Citizenship or Permanent Residency required
• All work must be performed within the continental United States

Desired / Preferred Qualifications

• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• AWS Certified Security - Specialty certification
• Google Professional Cloud Security Engineer certification
• Prior experience supporting federal agency programs or working in a federal contracting environment
• Familiarity with OWASP Top 10 for LLMs and hands-on experience implementing AI gateway or AI firewall solutions
• Experience integrating fraud detection signals across identity platforms and SIEM or big data analytics environments
• Familiarity with PCI DSS, SOC 2, and continuous programmatic compliance monitoring in large-scale commercial or retail environments

Skill(s):

Technical Skills

• Multi-cloud security architecture - design and enforcement of security controls across AWS, Azure, and GCP at enterprise scale
• Infrastructure as Code - deploying and managing security configurations using Terraform, Ansible, or CloudFormation within CI/CD pipelines
• Security data science - building custom anomaly detection models using Python (PySpark and Pandas) within Databricks for threat hunting and efficacy reporting
• Container and orchestration security - runtime protection, image integrity management, and policy enforcement across Kubernetes (EKS, AKS, GKE) and Docker environments
• Identity and access management - implementation of OAuth 2.0, SAML, and CIAM solutions supporting large-scale employee and customer authentication
• SOAR playbook development - building ML-triggered automated response workflows for hybrid cloud incident isolation and remediation
• AI and LLM security - implementing guardrails against data poisoning, prompt injection, and sensitive data leakage in enterprise AI environments

Pulled from the full job description

• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• Dental insurance, Dragonfli Group offers a comprehensive benefits package to support the health, financial well-being, and work-life balance of our team members:
• Insurance - Comprehensive health, dental, and vision coverage for employees and eligible dependents
• Paid Time Off (PTO) and 11 Federal Holidays - Generous PTO accrual plus all 11 federally recognized holidays
• 401(k) with Employer Match - Competitive employer match to support your long-term financial goals

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal, state, and municipal government agencies as well as Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.