Logo for NES Associates, LLC

AWS Cloud Security Engineer with CNAPP

Role overview

Qualifications

  • 10+ years of related experience
  • Strong experience with CSPM, CIEM, workload protection, runtime security
  • 7+ years of cybersecurity experience with at least 4+ years focused on AWS cloud security and CNAPP technologies
  • Strong understanding of Zero Trust Architecture (ZTA) and FedRAMP High

Responsibilities

  • Implement, configure, and manage CNAPP capabilities across AWS cloud environments
  • Monitor and analyze Wiz vulnerabilities, Splunk alerts, and AWS security findings
  • Integrate CNAPP tooling with SIEM, logging, monitoring, and incident response platforms
  • Develop and maintain SSPs, security implementation procedures, and documentation supporting FedRAMP

About the company

NES Associates, LLC logo

NES Associates, LLC

IT Services & IT Consulting

NES is your go-to partner when you’re looking for a global Information Technology team that works WITH you, rather than in a vacuum, and possesses the ability to respond quickly. NES supplies the technology experts you need who are experienced in reducing cost and delivering ROI, while striving to exceed your expectations. NES, an employee-owned IT company, works every project with the goal of 100% client satisfaction – PROVEN by our “exceptional” customer satisfaction ratings and 100% client contract renewal in many of our key service areas.

Company details

IndustryIT Services & IT Consulting
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Type of Requisition:

Regular

Clearance Level Must Currently Possess:

None

Clearance Level Must Be Able to Obtain:

None

Public Trust/Other Required:

BI Full 6C (T4)

Job Family:

Cyber and IT Risk Management

Job Qualifications:

Skills:

AWS Cloud Computing, Cloud Computing, Cloud Security

Certifications:

None

Experience:

10 + years of related experience

US Citizenship Required:

No

Job Description:

The AWS Cloud Security Engineer will work as part of an agile development team to build and support the modernization of enterprise-class software applications utilizing judiciary frameworks. They will provide advanced technical expertise in securing AWS cloud environments through continuous vulnerability management, Cloud-Native Application Protection Platform (CNAPP) operations, threat detection, compliance monitoring, and cloud security engineering. This role supports enterprise cloud modernization initiatives operating within a FedRAMP High and Zero Trust Architecture (ZTA) environment by implementing and maintaining cloud-native security capabilities across AWS infrastructure, containerized workloads, storage platforms, cloud services, and enterprise applications. Security platforms utilized include Wiz, Splunk, New Relic, IriusRisk, and TestifySec.

KEY RESPONSIBILITIES:

  • Implement, configure, and manage CNAPP capabilities across AWS cloud environments supporting FedRAMP High compliance requirements.
  • Configure and maintain AWS-native security services.
  • Implement and monitor Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), workload protection, runtime security, vulnerability management, attack-path analysis, encryption controls, network segmentation, backup/recovery protections, and continuous compliance monitoring capabilities.
  • Monitor and analyze Wiz vulnerabilities, Splunk alerts, AWS security findings, SIEM events, runtime alerts, and New Relic dashboards to identify threats, validate remediation efforts, and support continuous cloud security operations and incident response activities.
  • Implement and validate security baselines, policy enforcement mechanisms, encryption standards, workload isolation controls, secrets protection, secure storage configurations, and least-privilege access controls aligned with Zero Trust principles.
  • Integrate CNAPP tooling with SIEM, logging, monitoring, alerting, automated remediation, and incident response platforms to support centralized cloud security operations.
  • Support continuous ATO activities by developing and maintaining SSPs, security implementation procedures, SOPs, mitigation plans, technical runbooks, automated remediation playbooks, audit evidence, POA&M documentation, and operational security documentation supporting FedRAMP, NIST 800-53, FISMA, and Judiciary security requirements.

REQUIREMENTS

Required Education & Experience: Technical Training, Certification(s) or Degree and 10+ years of general experience in information systems required

Preferred Education & Experience: Additional education and/or experience are strongly preferred in the following combinations:

  • HS Diploma & 16+ Years Experience
  • AA/AS & 14+ Years Experience
  • BA/BS & 12+ years Experience
  • MA/MS & 10+ Years Experience
  • Doctorate Degree/Ph.D. & 9+ Years Experience (may subtract 1 year from required experience with Doctorate Degree)

Required Skills:

  • 7+ years of cybersecurity experience with at least 4+ years focused on AWS cloud security and CNAPP technologies.
  • Hands-on experience implementing and operating Wiz and AWS-native CNAPP/security services in enterprise cloud environments.
  • Strong experience with CSPM, CIEM, workload protection, runtime security, vulnerability management, cloud compliance monitoring, and cloud attack-path analysis.
  • Strong understanding of Zero Trust Architecture (ZTA), FedRAMP High, NIST 800-53, FISMA, CIS Benchmarks, and cloud security best practices.
  • Experience supporting vulnerability remediation, incident response, compliance assessments, and continuous monitoring activities in regulated cloud environments.
  • Ability to support after-hours vulnerability scanning, incident response, and critical security remediation activities as required.

Preferred Certifications:

  • AWS Certified Security - Specialty
  • Certified Kubernetes Security Specialist
  • AWS Certified Solutions Architect - Professional


Security Clearance Level: Ability to pass a background check to obtain and maintain a position of Public Trust with the Administrative Office of the US Courts
 

Must be a US Person (Green Card Holder, US Permanent Resident Alien, Refugee, Asylee, US Citizen)


Location: Remote

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

  • Growth: AI-powered career tool that identifies career steps and learning opportunities
  • Support: An internal mobility team focused on helping you achieve your career goals
  • Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
  • Community: Award-winning culture of innovation and a military-friendly workplace


OWN YOUR OPPORTUNITY
Explore an enterprise IT career at GDIT and you’ll find endless opportunities to grow alongside colleagues who share your desire to drive operations forward.

#GDITLA

The likely salary range for this position is $149,469 - $195,500. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:

40

Travel Required:

Less than 10%

Telecommuting Options:

Remote

Work Location:

Any Location / Remote

Additional Work Locations:

Total Rewards at GDIT:

Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year. Paid leave and paid holidays are prorated based on the employee’s date of hire. The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

 

 


Our Identity Verification Process:

As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

 

 

About Our Work:

We are GDIT. A global technology and professional services company that delivers technology solutions and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50+ countries worldwide, offering leading mission-ready capabilities in AI, cloud, cyber and software development.

Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc.

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Cloud Security Engineer Related jobs

Other jobs at NES Associates, LLC

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.