Improvix Technologies
Principal Cloud Security Engineer (Secret Clearance Required)
Improvix Technologies, Washington, District of Columbia, us, 20022
Principal Cloud Security Engineer (Secret Clearance Required)
Join to apply for the
Principal Cloud Security Engineer (Secret Clearance Required)
role at
Improvix Technologies
Job Title:
Principal Cloud Security Engineer
Location:
Washington, DC (Onsite)
Clearance Required:
Secret
Overview We are seeking a Principal Cloud Security Engineer with security engineering experience building and securing cloud infrastructure at scale across AWS/Azure/GCP and an understanding of development lifecycle phases as part of the DevSecOps methodology. A successful Principal Cloud Security Engineer knows one or more modern programming languages, has a cyber security background in the cloud, understands cloud architecture, development fundamentals, and has worked as part of an Agile team to deliver solutions across an organization. The Principal Cloud Security Engineer will utilize the DevSecOps methodology to successfully secure platform features and capabilities deployed onto Commercial and GovCloud AWS/Azure/GCP environments.
Key Responsibilities Cloud Security Architecture & Engineering
Design and implement secure architecture across AWS, Azure, and GCP, including Commercial, GovCloud, and IL6 enclaves.
Define and enforce security baselines (CIS, NIST 800-53, FedRAMP, etc) and align security controls with compliance frameworks.
Lead architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.
Automation & DevSecOps
Build and maintain Infrastructure as Code modules (Terraform) to enforce security at scale across hundreds of accounts, subscriptions, and projects.
Integrate CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and drive secure coding practices across the organization.
Develop and enhance automated guardrails, policies, and remediation pipelines.
Security Governance and Compliance
Support ATO compliance efforts by embedding controls into the cloud buildout process and lead assessments.
Partner with compliance officers, auditors, and platform engineers to ensure evidence and reporting readiness.
Implement centralized logging, monitoring, and incident response across multi-cloud environments.
Guide a team of security and platform engineers on secure cloud development and automation practices.
Partner with architects, developers, and compliance teams to align security objectives between projects, stakeholders, and platform teams.
Act as a cloud security subject matter expert for stakeholders, architects, and engineering leads.
Required Qualifications
Bachelor Degree in computer science or relevant technical degree; or equivalent industry experience.
8+ years of cybersecurity or cloud engineering experience, with at least 5+ in cloud security.
Hands‑on advanced experience securing and automating two or more cloud environments (AWS/GCP/Azure/Oracle).
Experience with native cloud security tools (AWS Security Hub, GuardDuty, Defender for Cloud, Google SCC, etc)
Strong background in infrastructure as code (Terraform, CloudFormation, ARM/Bicep) and CI/CD (GitLab, GitHub Actions, etc).
Proficient in at least one programming/scripting language (Python, Go, PowerShell, Bash).
Deep knowledge of cloud identity and access management (IAM/RBAC), key management (KMS/Key Vault/Cloud KMS), networking, and encryption.
Experience with application security standards such as OWASP ASVS/Top 10 and CWE 25.
Experience aligning security controls with NIST 800‑53, FedRAMP, CIS Benchmarks, or equivalent frameworks.
Proven track record embedding security into Agile/DevSecOps teams and pipelines.
Strong communication and leadership skills, with demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.
Preferred Qualifications
Experience securing GovCloud, DoD IL6, or other restricted cloud environments.
Knowledge of ServiceNow for CMDB integrations, discovery, and security workflows.
Familiarity with supply chain security (SBOM, SLSA, dependency scanning, artifact signing).
Strong background in zero trust architectures and enterprise identity platforms (Okta, Entra ID, AWS SSO).
Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, or CISSP.
Experience with Kubernetes security (OPA/Gatekeeper, PodSecurityStandards, Prisma, Twistlock, etc.).
Benefits
Medical insurance
Vision insurance
401(k)
Paid maternity leave
Paid paternity leave
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries IT Services and IT Consulting, Government Administration, and Software Development
#J-18808-Ljbffr
Principal Cloud Security Engineer (Secret Clearance Required)
role at
Improvix Technologies
Job Title:
Principal Cloud Security Engineer
Location:
Washington, DC (Onsite)
Clearance Required:
Secret
Overview We are seeking a Principal Cloud Security Engineer with security engineering experience building and securing cloud infrastructure at scale across AWS/Azure/GCP and an understanding of development lifecycle phases as part of the DevSecOps methodology. A successful Principal Cloud Security Engineer knows one or more modern programming languages, has a cyber security background in the cloud, understands cloud architecture, development fundamentals, and has worked as part of an Agile team to deliver solutions across an organization. The Principal Cloud Security Engineer will utilize the DevSecOps methodology to successfully secure platform features and capabilities deployed onto Commercial and GovCloud AWS/Azure/GCP environments.
Key Responsibilities Cloud Security Architecture & Engineering
Design and implement secure architecture across AWS, Azure, and GCP, including Commercial, GovCloud, and IL6 enclaves.
Define and enforce security baselines (CIS, NIST 800-53, FedRAMP, etc) and align security controls with compliance frameworks.
Lead architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.
Automation & DevSecOps
Build and maintain Infrastructure as Code modules (Terraform) to enforce security at scale across hundreds of accounts, subscriptions, and projects.
Integrate CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and drive secure coding practices across the organization.
Develop and enhance automated guardrails, policies, and remediation pipelines.
Security Governance and Compliance
Support ATO compliance efforts by embedding controls into the cloud buildout process and lead assessments.
Partner with compliance officers, auditors, and platform engineers to ensure evidence and reporting readiness.
Implement centralized logging, monitoring, and incident response across multi-cloud environments.
Guide a team of security and platform engineers on secure cloud development and automation practices.
Partner with architects, developers, and compliance teams to align security objectives between projects, stakeholders, and platform teams.
Act as a cloud security subject matter expert for stakeholders, architects, and engineering leads.
Required Qualifications
Bachelor Degree in computer science or relevant technical degree; or equivalent industry experience.
8+ years of cybersecurity or cloud engineering experience, with at least 5+ in cloud security.
Hands‑on advanced experience securing and automating two or more cloud environments (AWS/GCP/Azure/Oracle).
Experience with native cloud security tools (AWS Security Hub, GuardDuty, Defender for Cloud, Google SCC, etc)
Strong background in infrastructure as code (Terraform, CloudFormation, ARM/Bicep) and CI/CD (GitLab, GitHub Actions, etc).
Proficient in at least one programming/scripting language (Python, Go, PowerShell, Bash).
Deep knowledge of cloud identity and access management (IAM/RBAC), key management (KMS/Key Vault/Cloud KMS), networking, and encryption.
Experience with application security standards such as OWASP ASVS/Top 10 and CWE 25.
Experience aligning security controls with NIST 800‑53, FedRAMP, CIS Benchmarks, or equivalent frameworks.
Proven track record embedding security into Agile/DevSecOps teams and pipelines.
Strong communication and leadership skills, with demonstrated experience in successfully designing, delivering, and iterating on complex projects with a diverse set of stakeholders.
Preferred Qualifications
Experience securing GovCloud, DoD IL6, or other restricted cloud environments.
Knowledge of ServiceNow for CMDB integrations, discovery, and security workflows.
Familiarity with supply chain security (SBOM, SLSA, dependency scanning, artifact signing).
Strong background in zero trust architectures and enterprise identity platforms (Okta, Entra ID, AWS SSO).
Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, or CISSP.
Experience with Kubernetes security (OPA/Gatekeeper, PodSecurityStandards, Prisma, Twistlock, etc.).
Benefits
Medical insurance
Vision insurance
401(k)
Paid maternity leave
Paid paternity leave
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries IT Services and IT Consulting, Government Administration, and Software Development
#J-18808-Ljbffr