CACI International Inc

Cloud Infrastructure & Network Security Engineer, AWS

CACI International Inc

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $90,300 - $189,600 per year

Job Level

SeniorLead

Tech Stack

AnsibleAWSAzureCloudCyber SecurityFirewallsLinuxTerraform

About the role

  • The Opportunity: Cloud Infrastructure & Network Security Engineer (AWS)
  • Lead the design, deployment, and troubleshooting of Azure VPN Gateways, ExpressRoute, and AWS Site-to-Site VPN, Transit Gateway, Web Application Firewalls and Direct Connect with BGP to support secure inter-account and external connectivity, including mission-critical links to DISA.
  • Oversee PPSM edits and IAP whitelisting requests, ensuring alignment with DoD cybersecurity requirements and verifying post-change connectivity.
  • Serve as a technical lead in the re-architecture and deployment of the Coast Guard’s Azure Enterprise Cloud, including documentation and knowledge sharing.
  • Proactively troubleshoot complex hybrid-cloud infrastructure issues across Azure and AWS, including routing conflicts, firewall/NACL/NSG/SG blocks, and CAP/IAP restrictions.
  • Design and implement VPC peering, AWS PrivateLink endpoints, and Route 53 resolver rules to enable secure cross-VPC and hybrid network communication.
  • Lead the redeployment of Cisco FMC/FTDv boundary protection appliances, aligning with Cisco and AWS best practices, including policy design, SSO integration, and testing.
  • Develop and maintain Terraform modules to automate deployment of Versa VOS SD-WAN appliances, promoting infrastructure as code and repeatability.
  • Build serverless automation using AWS Lambda to enhance operational resilience through remote Cisco firewall backups.
  • Architect and implement Ansible automation, including server buildout and playbooks to manage Cisco FMC configurations via configuration as code.
  • Configure IAM roles, users, and policies to enable secure integration with third-party tools such as the Versa CMS connector in AWS.
  • Lead the provisioning of new AWS and Azure environments, applying security controls, routing, and firewall rules as part of the onboarding process for new accounts and workloads.
  • Conduct packet-level analysis using VPC Traffic Mirroring, Flow Logs, and custom CloudWatch metrics to diagnose and remediate performance and security issues in AWS.
  • Define and enforce segmentation and zoning strategies in AWS via Network ACLs, security groups, Transit Gateway route tables, and Control Tower guardrails.
  • Administer Azure Entra ID, managing admin access and permissions to align with least privilege principles.
  • Develop and maintain detailed network documentation, diagrams, and operational runbooks for new deployments and architectural changes.
  • Drive Agile delivery by managing JIRA tasks, leading SCRUM contributions, and mentoring junior team members on technical tasks and ticket ownership.

Requirements

  • Cleared for Secret work
  • DoD Approved 8570 Baseline Certification: IAT Level II
  • US Citizenship required
  • University Degree (BS), or equivalent years of related experience, and additionally 10+ years of related IT engineering experience required
  • 7+ years’ cumulative experience with customer interactions, including presenting, answering questions, proactively resolving issues
  • 7+ years’ cumulative experience with in-depth systems administration in Linux environments (RHCE equivalence) and Windows Server environ