Senior Cloud Information Assurance Specialist

This position requires an Active Secret Clearance. Candidates who do not hold this clearance are not eligible for hire.. This is a remote position, however candidates must live within a reasonable driving distance of Hanscom Air Force Base in Bedford, MA. This position is contingent on award.

Are you a visionary cloud security leader with experience, ready to shape the future of information assurance? Solidus is actively seeking a Senior Cloud Information Assurance Specialist to join our elite team and drive our strategic security initiatives!
We're looking for a seasoned expert who thrives on complex challenges, can architect unbreakable cloud defenses, and effortlessly navigates the intricate landscape of compliance and risk.
If you're passionate about leading impactful projects, transforming security strategy into tangible results, and being the go-to authority in cloud information assurance, then Solidus is your next destination.

Day in the life:

• Develop, define, and execute comprehensive cloud information security policies, standards, guidelines, and procedures aligned with industry frameworks (e.g., NIST, ISO 27001, CMMC, SOC 2, HIPAA, GDPR)
• Design and implement robust, scalable, and secure cloud architectures (IaaS, PaaS, SaaS) across multiple cloud providers (AWS, Azure, GCP)
• Lead the integration of security into the entire cloud development lifecycle (DevSecOps), ensuring security-by-design principles are followed from conception to deployment
• Provide authoritative advice and guidance on the application and operation of all types of security controls, including legislative and regulatory requirements
• Evaluate and recommend new and emerging cloud security products, technologies, and solutions
• Lead sophisticated cloud security risk assessments, threat modeling, and vulnerability management programs
• Develop and manage complex remediation plans (e.g., Plan of Action and Milestones - POAMs) to address identified vulnerabilities and risks
• Ensure continuous compliance with internal security frameworks and external regulatory standards, including preparing for and supporting audits
• Translate technical security risks and compliance requirements into clear, concise, and actionable terms for both technical and non-technical stakeholders, including senior leadership
• Lead complex cloud security incident response efforts, including investigation, containment, eradication, recovery, and post-mortem analysis
• Develop and refine cloud-specific incident response plans and playbooks
• Oversee forensic analysis of cloud incidents to identify root causes and enhance preventative measures
• Architect and enforce advanced IAM strategies for cloud environments, including fine-grained access controls, privileged access management (PAM), and identity federation
• Design and implement comprehensive data protection strategies in the cloud, covering encryption, data loss prevention (DLP), and data residency requirements
• Drive the adoption and optimization of cloud-native security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center)
• Develop and maintain sophisticated security automation scripts and tools using languages like Python, PowerShell, or Go, to enhance security operations and enable "security as code."
• Mentor junior and mid-level cloud security professionals, fostering their growth and skill development
• Collaborate extensively with cross-functional teams (DevOps, IT Operations, Software Development, Legal, Audit) to embed security best practices throughout the organization
• Serve as a subject matter expert (SME) in cloud security, representing the security team in high-level discussions, project reviews, and strategic planning
• Conduct research and pilot new security technologies and approaches to proactively address emerging risks
• Contribute to the broader cybersecurity community through knowledge sharing and thought leadership (e.g., presentations, whitepapers)

Requirements/Qualifications:

• Bachelor's degree with 8 years of relevant experience, Associate degree with 10 years of relevant experience, or 12 years of relevant experience with no degree
• Active Secret clearance
• US Citizenship
• Minimum of 8 years of progressive experience in information security, with at least 5-6 years specifically focused on cloud security architecture, engineering, and operations
• Proven experience leading significant cloud security initiatives and projects
• Deep Cloud Platform Expertise
• Expert-level proficiency in at least two major cloud providers (AWS, Azure, GCP), demonstrating a deep understanding of their security services, architecture, and best practices
• Experience with cloud-native security tools and services from these providers
• Extensive experience with security architecture principles: Zero Trust, least privilege, segmentation, defense-in-depth
• Strong expertise in security frameworks and compliance standards: NIST SP 800-53, ISO 27001, FedRAMP, PCI DSS, HIPAA, GDPR, SOC 2
• Mastery of Identity and Access Management (IAM) concepts and technologies in cloud environments
• Proficient in scripting and automation (e.g., Python, PowerShell, Terraform, CloudFormation, Ansible) for automating security tasks, configurations, and deployments
• Deep understanding of network security concepts in cloud environments (VPCs, VNETs, security groups, network ACLs, firewalls, VPNs, direct connect)
• Expertise in container security (Docker, Kubernetes) and serverless security
• Experience with SAST, DAST, and other application security testing methodologies
• Familiarity with various security tools and technologies: SIEM/SOAR platforms, IDS/IPS, WAF, CASB, CSPM, endpoint detection and response (EDR), vulnerability scanners
• Knowledge of common attack vectors and mitigation strategies.
• Exceptional leadership and mentorship abilities
• Superior communication skills (written and verbal), with the ability to effectively communicate complex technical concepts to diverse audiences, from engineers to executive leadership
• Strong analytical, problem-solving, and critical thinking skills
• Ability to work autonomously, manage multiple priorities, and lead complex projects
• Strategic mindset with the ability to anticipate future security challenges and proactively develop solutions

Preferred Skills:

• Industry-recognized cloud security certifications: CCSK, CCSP, AWS Certified Security - Specialty, Azure Security Engineer Associate, Google Cloud Professional Cloud Security Engineer
• Advanced cybersecurity certifications: CISSP, CISM, CISA, GIAC (e.g., GSEC, GCIA, GCIH, GCSA)

Benefit selection, customer contractual specifications, relevant work experience, skills, competencies, certifications, and clearance status will influence the final salary.
Full benefits: $143,000 to $179,000 annually
Reduced benefits (no medical, dental, vision): Up to $193,000 annually

What we will bring:
Solidus offers you an exciting opportunity to tackle the nation's greatest challenges, applying innovation and expertise to produce cutting-edge results that have a long-lasting impact. We offer outstanding benefits, generous PTO and much more! Apply today to learn why Solidus has a 4.9/5 Star rating on Glassdoor!

Req ID: 5071

Solidus is an Equal Opportunity Employer and provides equal employment opportunities regarding all terms and conditions of employment to all employees and qualified applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. The Company will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application and interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.

Click to review - Federal Job Notices for Job Applicants

Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.