Key Facts

Remote From:

District of Columbia (USA) , Washington (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Cloud Security Architecture Identity And Access Management Infrastructure as Code (IaC) Trusted Computing Key Management OAuth Policy Enforcement NIST 800 SASS Cloud Computing +19 more

Other Skills

•
Teamwork
•
Strategic Planning
•
Problem Solving

Roles & Responsibilities

12+ years of cybersecurity experience with at least 6 years architecting secure cloud environments at scale across AWS, Azure, and/or GCP.
Expertise designing and implementing Zero Trust architectures across multi-cloud environments (AWS, Azure, GCP).
Policy as Code and IaC tooling experience (Terraform or equivalent) for automated compliance enforcement.
Hands-on scripting (Python, Go, Bash) and experience embedding SAST/DAST/SCA in CI/CD pipelines within a DevSecOps framework.

Requirements:

Lead the design of a global Zero Trust architecture with robust IAM, network micro-segmentation, and data encryption across cloud platforms (AWS, Azure, and/or GCP).
Architect security frameworks for AI/ML pipelines, focusing on data privacy, model integrity, and securing LLM-integrated applications against emerging threats.
Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions; automate remediation where possible.
Embed automated security testing (SAST/DAST/SCA) into CI/CD pipelines and drive DevSecOps practices, with automated policy enforcement via IaC.

Job description

Description

ABOUT DRAGONFLI GROUP

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal, state, and municipal government agencies as well as Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

ROLE SUMMARY

Dragonfli Group is seeking an experienced Senior Cloud Security Architect to support a federal government client. In this role, you will lead the strategic vision for protecting a large-scale multi-cloud ecosystem, designing security blueprints that govern the entire digital footprint—from identity perimeters to AI-driven threat detection. This position requires a "Security as Code" mindset, where automated guardrails empower development teams to move at speed without compromising data or infrastructure safety.

The ideal candidate brings 12+ years of cybersecurity experience, with at least 6 years architecting secure cloud environments at scale across AWS, Azure, or GCP. You will serve as a trusted security advisor, bridging the gap between DevOps agility and rigorous regulatory compliance in a high-visibility federal environment.

KEY RESPONSIBILITIES

Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP
Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors
Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment
Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions
Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience
Drive the organization's transition to a Zero Standing Privilege model for all production environments
Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks
Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity
Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP)
Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders
Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice

Requirements

Must-Have Qualifications

12+ years of experience in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scale
Demonstrated expertise designing and implementing Zero Trust architectures across multi-cloud environments (AWS, Azure, or GCP)
Expert knowledge of Identity-First Security, including Cloud Infrastructure Entitlement Management (CIEM), Just-In-Time (JIT) access provisioning, and complex OIDC/SAML federation flows
Hands-on proficiency with cloud-native security suites: AWS Security Hub, Azure Defender, and/or GCP Security Command Center
Experience developing Policy as Code frameworks using Terraform or equivalent IaC tooling for automated compliance enforcement
Proficiency in scripting and automation languages (Python, Go, or Bash) for custom security automations and SOAR platform integration
Deep experience embedding security testing (SAST/DAST/SCA) into CI/CD pipelines within a DevSecOps framework
Advanced understanding of secure cloud networking, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA)
Working knowledge of CNAPP and CSPM tooling for cloud posture management and misconfiguration remediation
Familiarity with regulatory and compliance frameworks including NIST, CIS Benchmarks, and SOC 2

Preferred / Desired Qualifications

Advanced degree in Computer Science, Cybersecurity, or a related engineering discipline
Active top-tier security certifications (e.g., CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate, or equivalent)
Prior experience in a federal government or public-sector consulting environment; familiarity with FedRAMP and FISMA compliance
Experience architecting security frameworks for AI/ML pipelines and LLM-integrated applications
Proven track record implementing Zero Standing Privilege models in large enterprise or government environments
Experience operating at the executive advisory level, presenting security risk posture and roadmap to C-suite leadership
Familiarity with SOAR platforms and AI-driven threat detection tooling for cloud environments

Skill(s)

TECHNICAL SKILLS

Cloud Security Platforms

AWS Security Hub, Amazon GuardDuty, AWS IAM, AWS Organizations SCPs
Microsoft Azure Defender for Cloud, Azure Sentinel, Azure Active Directory / Entra ID
Google Cloud Security Command Center, Chronicle SIEM

Identity & Access Management

Cloud Infrastructure Entitlement Management (CIEM)
Just-In-Time (JIT) access provisioning frameworks
OIDC, SAML 2.0, OAuth 2.0 federation and SSO architectures

Automation & DevSecOps

Infrastructure as Code: Terraform, AWS CloudFormation, Pulumi
Scripting: Python, Go, Bash
CI/CD security integration: SAST, DAST, SCA tooling (e.g., Snyk, Checkov, Semgrep)
SOAR platforms: Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOAR

Cloud Networking & Perimeter

Zero Trust Network Access (ZTNA) architecture and implementation
Cloud WAF, SD-WAN, and secure connectivity design
Network micro-segmentation and east-west traffic controls

Compliance & Governance

NIST SP 800-53, CIS Benchmarks, SOC 2, FedRAMP, FISMA
CNAPP and CSPM tools: Prisma Cloud, Wiz, Orca Security, or equivalent
Threat modeling methodologies: STRIDE, MITRE ATT&CK for Cloud

Benefits

Dragonfli Group offers a comprehensive benefits package to support the health, financial well-being, and work-life balance of our team members:

Insurance – Comprehensive health, dental, and vision coverage for employees and eligible dependents
Paid Time Off (PTO) and 11 Federal Holidays – Generous PTO accrual plus all 11 federally recognized holidays
401(k) with Employer Match – Competitive employer match to support your long-term financial goals