Senior Cloud Architect

Senior Cloud Architect

Overview / Your Impact

AETC recruits, trains, and educates Airmen to deliver 21st‑century airpower. AWAKEN is AETC’s enterprise‑managed, accredited wireless and network service spanning flight lines, classrooms, dorms, and administrative facilities across the U.S. As Senior Cloud Architect, you are the technical lead driving AWAKEN’s transformation to a cloud‑native, software‑defined, Zero‑Trust enterprise—enhancing performance and cybersecurity for mission training at scale.

You will design, implement, and enforce secure cloud and hybrid architectures, integrating identity, visibility, and continuous monitoring to protect mission systems and enterprise infrastructure. You’ll partner with government stakeholders to align solutions with DoD/USAF requirements and ensure reliable, end‑to‑end connectivity for mission users.

Responsibilities

Architecture & Design

• Architect end‑to‑end cloud‑native, software‑defined solutions that meet AETC’s performance, scalability, and user‑experience objectives; lead the enterprise evolution to Zero‑Trust architectures.
• Design and implement secure hybrid environments (public cloud + on‑prem), including cloud networking, segmentation, service‑to‑service security, and federation models.
• Engineer Identity and Access Management (IAM) with role‑based access controls (RBAC), least privilege, and single‑/multi‑domain federation.
• Secure Kubernetes platforms and container runtimes (network segmentation, RBAC, workload isolation) and guide standards for virtualized environments.
• Develop Infrastructure‑as‑Code (IaC) security baselines to enable repeatable, compliant deployments.
• Lead technical options, costed alternatives, and future‑state roadmaps aligned to mission priorities and budget.

Security & Compliance

• Implement RMF‑aligned controls; produce/maintain ATO artifacts; support continuous monitoring strategy and control assessments with ISSM/ISSO/SCV.
• Enforce DISA STIG/SRG configurations across Linux/Windows systems, cloud services, VMs, and Kubernetes clusters; maintain timely patching and flaw remediation.
• Enable ACAS/Nessus vulnerability scanning, report results, remediate findings, and sustain POA&Ms in coordination with Government cybersecurity leads.
• Implement web content filtering and traffic prioritization consistent with DoD/USAF policy and AWAKEN rules of behavior.
• Map technical controls to NIST SP 800‑53, DISA STIGs, and (as applicable) CMMC requirements; maintain secure logging, audit trails, and evidence packages.
• Support incident response in cloud environments (log analysis, containment, recovery) and contribute to the Government’s cyber incident reporting processes.

Engineering, Testing & Delivery

• Operate in a pre‑deployment test/lab environment, perform MBSE‑driven validation, and deliver successful test results prior to production rollout.
• Troubleshoot complex enterprise connectivity issues impacting performance or user experience; provide Tier‑3 engineering guidance to operations teams.
• Optimize network and cloud configurations for resilience, availability, latency, jitter, and QoS in line with AWAKEN KPIs/SLAs.

Collaboration & Governance

• Engage the COR and AWAKEN Government Technical Leads as a trusted advisor; communicate clearly across diverse technical backgrounds.
• Partner with the Program Manager, providing status, recommendations, and technical insight; contribute to PMRs and enterprise planning.
• Support Configuration Control Boards (CCBs) by proposing changes, documenting artifacts, and sustaining the enterprise baseline.

Location: : San Antonio area; located within 25 miles of JBSA‑Randolph, TX
Clearance: Ability to obtain and maintain a Secret clearance
Customer: Air Education and Training Command (AETC), United States Air Force

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Information Systems, or related field (or equivalent practical experience).
• 10+ years of experience in enterprise IT/cloud architecture, systems engineering, or network modernization; 5+ years leading technical efforts on large programs.
• Hands‑on expertise with cloud‑integrated network designs, hybrid cloud architectures, and Zero‑Trust patterns.
• Strong experience with IAM/RBAC, Kubernetes/container security, and Linux hardening; working knowledge of Windows hardening.
• Architect secure, scalable Cloud infrastructures and network connectivity.
• Design cloud-native data platforms, pipelines, and analytics architectures.
• Automate cloud provisioning with Terraform/ARM/Bicep; ensure consistent, FedRAMP‑compliant environments.
• Implement RBAC, least‑privilege, encryption, and NIST‑aligned security controls.
• Drive FinOps optimization and guide engineering teams on cloud best practices.
• Enhance the security and administration of Spectrum IT systems operations.​
• Migrate and modernize with config-level changes.​
• Push toward Platform as a Service (PaaS) and cloud-native where possible.​
• Replatform if the application can leverage PaaS.​
• Rehost using AWS/Azure Infrastructure-as-a-Service (IaaS) if the application can’t leverage PaaS.​
• Use Microsoft Cloud Adoption Framework (CAF) and the Azure Well-Architected Framework.​
• Leverage the NTIA FSDS IL5 tenant based on the single tenant architect
• Demonstrated ability to enforce STIGs/SRGs, remediate ACAS/Nessus findings, and produce RMF/ATO documentation.
• Proficiency with cloud‑native monitoring/logging (e.g., CloudWatch or platform equivalents), securing service meshes, and IaC security baselines.
• Experience with Agile/Lean delivery; effective communicator able to brief senior business and government stakeholders.
• U.S. citizen; able to obtain Secret clearance and USAF CAC; pass government background checks and fingerprinting.
• AWS Certified Cloud Architect

Desired Qualifications

• Experience with 5G integration and enterprise Wi‑Fi architectures.
• DoDM 8140.03‑aligned cyber workforce qualification or willingness to obtain
• Familiarity with AETC/USAF operational environments; prior support to USAREUR‑AF or other DoD organizations is a plus.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Flexibility: Full-flex work week to own your priorities at work and at home
● Community: Award-winning culture of innovation and a military-friendly workplace