FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior Cloud Infrastructure Engineer
Cole Engineering Services, Inc. (CESI), a By Light CompanySenior Cloud Infrastructure Engineer leading implementation and operations of mission-critical cloud environments for DoD cyber training capabilities. Collaborating across teams to ensure secure and resilient operations.
Tech Stack
Tools & technologiesAnsibleAWSChefCloudCyber SecurityDNSDynamoDBEC2JenkinsKubernetesSplunkTCP/IPTerraformVault
About the role
Key responsibilities & impact- Support the design and maintain landing zones using cloud applications such as AWS Organizations, Control Tower, SCP guardrails, Identity and Access Management (IAM) multi-account patterns, and VPC architectures (Transit Gateway, PrivateLink, NAT, IGW) for enclave isolation and cross-domain needs.
- Engineer high-availability, multi-Region solutions leveraging cloud tools such as EC2, EKS/ECS Fargate, RDS/Aurora, DynamoDB, S3/EFS/FSx, Load Balancers, Route 53, and API Gateway.
- Implement Zero Trust-aligned patterns (micro-segmentation, strong identity, continuous verification) consistent with DoD Zero Trust guidance.
- Implement security controls and evidence generation for RMF ATO packages (SSP, SAR, POA&M) in coordination with cybersecurity teams.
- Apply DISA STIGs (OS, DB, Kubernetes, Container) and SRG requirements for workloads at IL2–IL6.
- Tailor and automate STIG application using IaC and configuration management.
- Integrate encryption and key management with cloud tools such as AWS KMS/HSM; enforce IAM least privilege, SCPs, permission boundaries, ABAC, and robust secrets management.
- Implement cloud logging and metrics tools such as CloudTrail/CloudWatch/GuardDuty/Config for comprehensive audit and detection.
- Align architectures with FedRAMP Moderate/High baselines when required and ensure boundary compliance for controlled workloads.
- Develop secure connectivity (AWS Direct Connect/VPN), hybrid routing, and segmentation; implement TLS mutual auth, certificate management, and private service endpoints.
- Design logging and telemetry pipelines (CloudWatch, OpenTelemetry, Kinesis, S3, SIEM integration such as Splunk/ELK) with retention, metadata/tagging, and data lifecycle policies.
- Own SLOs/SLAs for platform services.
- Implement autoscaling, health checks, and proactive capacity management.
- Lead cost management and alerting practices of cloud environments in coordination with project leads.
- Provide Tier 3 support, on-call rotations during exercises, and incident response coordination with cybersecurity and training operations.
- Collaborate with agile teams and product owners to translate training requirements into platform capabilities.
- Provide mentorship for junior engineers.
- Establish standards, design reviews, and repeatable processes.
- Present cloud solutions to project leadership and accreditation authorities.
Requirements
What you’ll need- Bachelor’s degree in a related technical discipline such as computer science or information technology from an accredited college or university.
- 8–12+ years of experience in cloud/platform engineering with at least 5 years focused on Amazon Web Services (AWS) with a demonstrated leadership delivering secure, scalable, production-grade cloud-based systems.
- DoD 8570/8140 compliance: IAT II (Security+) required; IAT III/CISSP or CASP+ preferred
- AWS Certifications: Certified Solutions Architect – Professional, Security – Specialty, and/or DevOps Engineer – Professional.
- Kubernetes certifications: CKA/CKS.
- Experience with HashiCorp Vault, Service Mesh (Istio), policy-as-code (OPA), and zero trust implementations in government environments.
- Infrastructure-as-code mastery (Terraform and/or CloudFormation), pipelines (GitLab/Jenkins), and configuration management (Ansible/Chef).
- Deep AWS tool expertise: Organizations/Control Tower, IAM, Bedrock, KMS/HSM, VPC/Transit Gateway, Direct Connect/VPN, EC2/EKS/ECS, RDS/Aurora, DynamoDB, S3/EFS/FSx, ELB/API Gateway/Lambda, CloudTrail/CloudWatch/Config/GuardDuty, Route 53, EventBridge/SQS/SNS.
- Understanding of RMF accreditation (SSP, POA&M, Continuous Monitoring) and control implementation under NIST SP 800-53 Rev. 5.
- Hands-on application of DISA STIGs and DoD Cloud Computing SRG for IL2–IL6 workloads.
- Strong understanding of GovCloud (US) patterns and boundary controls.
- Strong knowledge of networking fundamentals: TCP/IP, DNS, TLS/PKI, routing, micro-segmentation, Zero Trust patterns.
- Logging/monitoring design and SIEM integration.
- Incident response and troubleshooting across app, infra, and network layers.
- Excellent communication, documentation, stakeholder engagement skills, and the ability to lead cross-functional initiatives.
Benefits
Comp & perks- Medical, Dental & Vision Coverage
- Wellness Program
- 401(k) Matching
- Disability (Short Term & Long Term)
- Employee Assistance Program
- Life Insurance
- Education & Training
- Generous Leave Policy (11 Federal Holidays, PTO, Military Leave, Bereavement and Jury Duty)
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
AWS OrganizationsIAMVPC ArchitecturesEC2EKS/ECSRDS/AuroraDynamoDBCloudTrailCloudWatchDISA STIGs
Soft Skills
Excellent CommunicationStakeholder EngagementMentorshipCross-Functional Leadership
Certifications
Bachelor's Degree in Computer Science or Information TechnologyAWS Certified Solutions Architect – ProfessionalAWS Security – SpecialtyAWS DevOps Engineer – ProfessionalKubernetes CKA/CKS