Principal Cloud Information Assurance Specialist

This position requires an Active Secret Clearance. Candidates who do not hold this clearance are not eligible for hire.. This is a remote position, however candidates must live within a reasonable driving distance of Hanscom Air Force Base in Bedford, MA. This position is contingent on award.

Solidus is searching for an exceptional Principal Cloud Information Assurance Specialist to define and drive the future of our enterprise-wide cloud security posture!
We're seeking a strategic leader and deep technical expert who can move beyond implementation to architect, govern, and continuously enhance our defenses across complex, multi-cloud environments.
This is an unparalleled opportunity to leverage your expertise to safeguard cutting-edge innovation, shape our global security strategy, and cement our position as an industry leader.
Join Solidus and become the architect of our secure cloud future!

Day in the life:

• Define, evangelize, and drive the long-term cloud security strategy and roadmap for the entire organization, aligning with business objectives and evolving threat landscapes
• Serve as the authoritative voice and internal consultant on all matters related to cloud security architecture, policy, and risk
• Lead the selection, evaluation, and adoption of cutting-edge cloud security technologies and innovative solutions.
• Anticipate future cloud security challenges and proactively develop scalable, resilient, and cost-effective defenses
• Design, develop, and implement highly complex and secure cloud architectures (IaaS, PaaS, SaaS) that meet stringent security, compliance, and performance requirements across multi-cloud and hybrid environments
• Act as the lead architect for critical cloud security projects, providing architectural guidance and oversight to engineering teams
• Establish and enforce cloud security design patterns, standards, and best practices across the organization, promoting "security-by-design" and "shift-left" principles
• Lead threat modeling exercises for complex cloud-native applications and infrastructure
• Own and continually mature the cloud security governance framework, policies, and control objectives
• Lead comprehensive cloud security risk assessments, translating technical risks into business impact for executive decision-making.
• Drive continuous compliance efforts with a wide range of regulatory requirements and industry standards (e.g., FedRAMP, CMMC, HIPAA, GDPR, PCI DSS, ISO 27001, SOC 2 Type II) at an enterprise scale
• Engage directly with auditors, regulators, and external stakeholders as the primary cloud security subject matter expert
• Lead and direct response efforts for the most critical and complex cloud security incidents, including sophisticated cyber-attacks.
• Develop and refine advanced cloud incident response playbooks and forensic capabilities
• Oversee the integration of cutting-edge threat intelligence into cloud security operations and proactive defense mechanisms
• Lead the development of custom security tools, scripts, and frameworks to enhance detection, response, and posture management
• Evaluate and implement AI/ML-driven security solutions for advanced threat detection and anomaly analysis in cloud environments
• Mentor, guide, and develop senior cloud security engineers and architects, fostering a culture of technical excellence and continuous learning
• Act as a principal evangelist for cloud security best practices, conducting training, workshops, and presentations for various internal and external audiences
• Collaborate at a peer level with Principal Architects, Distinguished Engineers, and C-suite executives across IT, DevOps, and business units to ensure security is ingrained in all strategic initiatives
• Represent the organization at industry conferences, panels, and working groups, contributing to the broader cybersecurity community
• Lead the technical evaluation and selection of major cloud security vendors and service providers
• Negotiate technical requirements and capabilities with vendors to ensure optimal security posture and return on investment

Requirements/Qualifications:

• Bachelor's degree with 10 years of relevant experience, Associate degree with 12 years of relevant experience, or 14 years of relevant experience with no degree
• Active Secret clearance
• US Citizenship
• Minimum of 10+ years of progressive experience in information security, with at least 7-8 years specifically focused on designing, implementing, and managing security for large-scale, complex cloud environments
• Demonstrated experience in a leadership or principal-level role, driving strategic security initiatives
• Proven track record of successfully delivering major cloud security projects from conception to implementation and operationalization
• Architect-level expertise in at least two major cloud providers (AWS, Azure, GCP), with deep knowledge of their security services, native tools, APIs, and architectural patterns
• Extensive experience with hybrid cloud and multi-cloud security strategies
• CISSP (Certified Information Systems Security Professional)
• Multiple advanced cloud security certifications: CCSK, CCSP, AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Cloud Professional Cloud Security Engineer, or equivalent
• Exceptional proficiency in security architecture principles: Zero Trust, micro-segmentation, data classification, secure SDLC (DevSecOps), immutable infrastructure, identity governance
• Mastery of scripting and automation: Expert-level Python, PowerShell, Go, Terraform, CloudFormation, Ansible for "security as code" and orchestrating complex security workflows
• Deep expertise in enterprise-level IAM: Directories, SSO, MFA, Federation, PAM solutions (e.g., CyberArk, HashiCorp Vault), identity governance across cloud and on-prem
• Extensive experience with data protection technologies: Encryption (at-rest, in-transit, in-use), DLP, key management systems (KMS/HSM), data residency solutions
• Advanced networking and network security in cloud: VPC/VNET design, routing, firewalls, WAF, DDoS protection, intrusion detection/prevention
• Expertise in container security (Kubernetes, Docker, OpenShift), serverless security, and API security
• In-depth knowledge of SIEM/SOAR platforms, CSPM, CWPP, CASB, EDR/XDR solutions
• Proven experience with advanced threat modeling methodologies and security assessment techniques
• Exceptional strategic thinking and problem-solving abilities, with a proven capacity to anticipate, analyze, and resolve highly complex security challenges
• Outstanding communication and presentation skills, capable of articulating complex technical concepts and security risks to executive leadership, technical teams, and external stakeholders
• Demonstrated ability to influence, persuade, and build consensus across diverse technical and business teams
• Strong leadership, mentorship, and team-building skills, with experience guiding and developing senior-level professionals
• Ability to drive cultural change towards a security-first mindset within the organization

Preferred Skills:

• CISM, CISA, GIAC (e.g., GSEC, GPEN, GCFA, GCSA, GCFE), TOGAF, SABSA are highly valued

Benefit selection, customer contractual specifications, relevant work experience, skills, competencies, certifications, and clearance status will influence the final salary.
Full benefits: $174,000 to $217,000 annually
Reduced benefits (no medical, dental, vision): Up to $235,000 annually

What we will bring:
Solidus offers you an exciting opportunity to tackle the nation's greatest challenges, applying innovation and expertise to produce cutting-edge results that have a long-lasting impact. We offer outstanding benefits, generous PTO and much more! Apply today to learn why Solidus has a 4.9/5 Star rating on Glassdoor!

Req ID: 5072

Solidus is an Equal Opportunity Employer and provides equal employment opportunities regarding all terms and conditions of employment to all employees and qualified applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. The Company will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application and interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.

Click to review - Federal Job Notices for Job Applicants

Please Note: Solidus does not accept applications from agencies, 3rd party vendors, or applications with incomplete information.