AWS Cloud Security Architect

Clearance Level
Systems Engineering
Rockville, Maryland

REQ#: RQ88644

Travel Required: None
Public Trust: NACI (T1)
Requisition Type: Regular

We are GDIT, one of the largest IT and mission services providers to the government. We offer our customers the power of choice through a vast cloud ecosystem.

GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter. Our work depends on a hands-on AWS Cloud Security Architect joining our team to support the mission of the National Institute of Allergy and Infectious Diseases (NIAID) in Rockville, MD. 

At GDIT, people are our differentiator. As an AWS Cloud Security Architect, you will work closely with fifteen other innovative and savvy people to design and build secure infrastructure solutions and business process automation for our PaaS and IaaS in AWS.  A focus on shifting left with security and automating security best practices is essential.  To be successful in this role, you will like being a part of a team, capable of leading deep technical architecture discussions, and approach securing infrastructure by automating processes and building tools, with a focus on streamlining the deployment of secure infrastructure. 

 In this role, a typical day will include the following: 

  • Writing code for custom compliance rules with AWS Config or AWS Service Control Policies to ensure compliance with NIH baselines, NIST cybersecurity frameworks, and FISMA guidelines. 
  • Monitoring and responding to alerts for compliance violations, threats, and known vulnerabilities identified in logs such as VPC Flow Logs, DNS logs, and S3 bucket logs using AWS services such as Config, CloudTrail, CloudWatch, Security Hub and vendor solutions such as Palo Alto Prisma Cloud.  
  • Collaborating with product and infrastructure owners to ensure systems are configured according to cybersecurity frameworks such as NIST in a cybersecurity user-friendly culture.  Recommend and implement solutions to meet security standards for our enterprise platform services and strategic custom products.
  • Using your knowledge of AWS, Terraform, and security best practices to build the infrastructure and tooling which underlies our custom AWS platform offerings. 
  • Participating in a daily stand-up meeting to report your accomplishments, plans for the day, and any roadblocks you encountered.  Your team will do the same, giving you an opportunity to understand and contribute to other ongoing initiatives.
  • Occasionally presenting to your team or our software developer colleagues, on DevSecOps best practices, new and interesting cloud technologies, and ways you approached and solved challenging technical issues during our Tech Talks webinar series.


  • BA/BS or equivalent and 20 years related experience or a MS and 18 years experience.
  • Minimum of five years experience with AWS to include working knowledge of commonly used AWS services, such as Lambda, IAM, VPC, S3, EC2, CloudWatch and CloudTrail, Route 53, and RDS.
  • Minimum of five years of hands-on experience deploying, configuring, and securing infrastructure in a large enterprise environment using AWS services, such as ACL’s, WAF, security groups, AWS Config, AWS Security Hub, AWS Firewall and AWS GuardDuty.
  • Experience with network and system security tools in the Cloud, including network firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), anti-malware, vulnerability scanning, encryption, and Identity and Access Management (IAM)
  • Knowledge of cybersecurity processes and concepts, such as configuration management, threats, vulnerabilities, encryption, boundary defense, zero trust, auditing, authentication, and risk management.
  • Experience designing solutions and implementing technologies following NIST standards, such as SP 800-53, SP 800-190, and SP 500-291.  
  • Hands-on experience with infrastructure-as-code tools, such as Terraform or CloudFormation to include writing templates and modules from scratch.
  • Hands-on experience with scripting languages, such as Python or Bash.
  • Experience analyzing solutions components, understanding systems integration challenges, and identifying security risks in current components that must be resolved to reach future performance targets and functionality requirements in cloud infrastructure.
  • Ability to obtain and maintain a Public Trust security clearance level

Preferred Qualifications:

  • Experience using and managing Linux distributions,including RedHat or CentOS, and recent versions of Windows Server.  
  • Knowledge of Trusted Internet Connection (TIC) 3.0 policy and recommended frameworks. 
  • Experience with DevSecOps tools to automate the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and product delivery.


  • Full-flex work week
  • 401K with company match
  • Internal mobility team dedicated to helping you own your career
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Ability to make a real impact on the world around you

Not sure this job’s the one for you? Check out our other openings at 


We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.