Principal Cloud Engineer

Description

Looking for an opportunity to make an impact?

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. The Leidos National Security Sector (NSS) combines technology-enabled services and mission software capabilities in the areas of cyber, logistics, security operations, and decision analytics to support our defense and intel customers' mission to defend against evolving threats around the world.

Your greatest work is ahead!

• Design, implement, and maintain secure cloud environments that protect sensitive data and critical business applications.
• Work closely with security teams, cloud architects, and DevOps engineers to ensure cloud infrastructure and services align with industry best practices, regulatory requirements, and security frameworks.
• Play a key role in securing cloud-based applications and services across multi-cloud environments.
• Assess cloud security risks, automate security controls, and respond to potential incidents while driving continuous improvements to the organization's cloud security posture.
• Responsible for technical planning, system hardware-software-network design, development and integration, verification and validation, and fielding.
• Evaluate alternatives including cost and risk, supportability and analyses for total systems.
• Responsible for performing systems requirements analysis, functional analysis, timeline analysis, trade studies, requirements allocation and interface definition, technical management, integration, system testing, and quality assurance.
• Work to achieve key project/program objectives and deliverables.
• Responsible for entire projects or processes spanning multiple technical areas.
• Manage large projects or processes with moderate impact on the achievement of sub-family results.
• Design and implement secure cloud architectures for Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) models across AWS, Azure, and/or Google Cloud (GCP).
• Develop and enforce cloud security policies, procedures, and standards aligned with frameworks such as NIST, CIS, and ISO 27001.
• Ensure secure design principles (Zero Trust, Least Privilege, Defense-in-Depth) are applied across cloud environments.
• Configure cloud-native security services such as AWS Security Hub, Azure Security Center, and Google Security Command Center.
• Integrate security controls into CI/CD pipelines, ensuring security is embedded in every stage of the software development lifecycle (DevSecOps).
• Develop Infrastructure as Code (IaC) using tools such as Terraform, CloudFormation, or ARM templates to enforce security best practices.
• Automate security compliance checks and vulnerability scanning in cloud environments using tools such as AWS Config, Azure Policy, and GCP Security Scanner.
• Collaborate with DevOps teams to ensure secure configurations and hardening of containerized environments (Docker, Kubernetes).
• Configure and manage cloud-native security monitoring tools to detect and respond to security threats in real time.
• Monitor cloud security events using Security Information and Event Management (SIEM) platforms such as Splunk, Microsoft Sentinel, or Elastic Security.
• Investigate and respond to cloud security incidents, performing root cause analysis (RCA) and implementing preventive controls.
• Develop and maintain incident response plans (IRP) for cloud-based environments, ensuring swift containment and remediation.
• Implement and manage IAM solutions, enforcing least privilege and role-based access controls (RBAC) across cloud platforms.
• Configure and maintain Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and Single Sign-On (SSO) solutions for cloud services.
• Regularly audit access permissions to detect and remediate over-privileged accounts and misconfigurations.
• Conduct regular cloud security assessments, vulnerability scans, and penetration tests to identify and mitigate risks.
• Utilize Cloud Security Posture Management (CSPM) tools to continuously assess compliance and remediate cloud misconfigurations.
• Collaborate with system administrators and DevOps teams to address identified vulnerabilities and enforce secure configurations.
• Ensure compliance with regulatory frameworks such as GDPR, HIPAA, PCI-DSS, FedRAMP, and SOC 2 by implementing appropriate security controls.
• Develop and maintain documentation to demonstrate compliance with cloud security standards and audit requirements.
• Conduct periodic risk assessments and provide recommendations to mitigate security gaps in cloud environments.

• Active Top Secret/SCI (TS/SCI) with Polygraph security clearance required. Must be U.S. Citizen.
• Bachelor's degree and 8 to 12 years of prior relevant experience or Master's with 6 to 10 years of prior relevant experience. Experience may be considered in lieu of a degree.

• AWS Certified Security - Specialty.
• Microsoft Certified: Azure Security Engineer Associate.
• Google Professional Cloud Security Engineer.
• Certified Information Systems Security Professional (CISSP).
• Certified Cloud Security Professional (CCSP).
• Experience with container orchestration security and Kubernetes hardening.
• Familiarity with cloud-based data encryption technologies and key management systems (KMS).
• Experience in implementing Zero Trust and cloud network segmentation principles.