Company: SAIC
Location: Remote Work, VA
Career Level: Associate
Industries: Technology, Software, IT, Electronics
Description
Description
Introduction
Make a difference for national security by joining a team of dedicated IT professionals who will sustain, modernize and transform the enterprise IT capabilities for the Defense Counterintelligence and Security Agency (DCSA). The Air Force, Space & Intel Business Group (AFSI) of SAIC is seeking a Senior Cloud Architect Lead to support a transformational infrastructure program for DCSA.
SAIC is proud to be supporting DCSA in safeguarding our nation's information. DCSA is the designated oversight authority on the accreditation of classified facilities, information systems, and the insider threat program. This involves security oversight of more than 10,000 companies and approximately 13,000 facilities involved in classified work throughout the DoD and 31 Federal agencies.
Specifically, on the DCSA One IT program, SAIC will provide an enterprise IT solution that delivers highly secure and adaptable IT infrastructure, provide customer support, and cutting-edge technologies that support operations and advance the DCSA mission under a single IT environment (i.e., One IT).
This position is remote with limited travel.
Job Description
- Serve as a cloud architecture leader, providing guidance and mentorship to team members, while supporting a DoD mission program. Design and deliver secure, compliant workloads within a platform-managed hub-and-spoke environment across AWS GovCloud and Azure Government.
- Architect and deliver secure, scalable AWS‑centric solutions (with multi‑cloud fluency across Azure Government/GCP) as a spoke workload team operating inside a platform‑managed hub‑and‑spoke environment.
- Be well‑versed in platform management constructs (network hub, identity, operations, DevOps, shared services) to facilitate design discussions and articulate workload requirements to platform owners/providers.
- Operate as a liaison between mission teams, leadership, and platform providers, ensuring workload strategies align with programmatic, operational, and compliance goals.
- Translate DoD operational constraints (Cloud Computing SRG impact levels, RMF/ATO, DISA STIGs) into practical workload architectures and deployment patterns that inherit and align with platform guardrails.
Key Responsibilities:
- Leadership & Team Management
- Mentor and manage team members involved in workload architecture and cloud deployment to ensure technical proficiency, adherence to compliance requirements, and timely delivery of mission objectives.
- Foster a collaborative team environment, driving alignment on priorities and ensuring clear communication.
- Act as the primary technical point of contact for workload-related activities, providing direction to the team while coordinating with external stakeholders, including platform owners, vendor teams, and mission partners.
- Requirements & Coordination with Platform Providers
- Define and communicate workload requirements for routing, firewall/inspection, DNS, identity trust, logging/telemetry, secrets, and egress—packaged as intake/change requests to the platform team with clear technical specifications and risk/treatment rationales.
- Manage cross-functional teams and discussions, ensuring alignment between workload needs and platform provisioning, while clarifying roles and responsibilities for network components like TGW attachments, VPCs, subnets, endpoints, and route tables.
- Architecture & Delivery (Spoke Workloads)
- Drive the creation of workload reference architectures and IaC templates (Terraform/CloudFormation/Bicep/CDK) ensuring alignment with platform guardrails and program security policies (e.g., SCPs/Org Policies, Azure Policy, tagging, encryption/KMS/CMEK).
- Lead the team in Implementing secure network zoning and service exposure (PrivateLink/VPC endpoints, ALB/NLB, WAF) ensuring alignment with centralized inspection at the hub.
- Design CI/CD pipelines with security/compliance gates that inherit platform logging and monitoring (CloudTrail/Config/Security Hub; Azure Log Analytics/Sentinel) and feed continuous monitoring/POA&M workflows.
- DoD Compliance & Security Engineering (Within Workload Scope)
- Map workload data and mission needs to SRG IL2–IL6 and engineer control implementations that leverage platform inheritance where available; drive RMF documentation, STIG hardening/SCAP automation, and ATO/IATT artifacts for the workload.
- Provide team guidance on applying Zero Trust principles, including identity‑centric access, micro‑segmentation, and DevSecOps, ensuring alignment with DoD mission cloud practices.
- Vendor/ISV Collaboration & Technical Assessments
- Lead collaboration efforts with external vendors and industry solution providers to evaluate COTS/ISV solutions for mission fit and DoD compliance.
- Facilitate engineering design reviews, ensuring the ability to document trade-offs, residual risks, and mitigation plans in alignment with DoD guidelines.
- Reliability, Resilience & Cost Management
- Define and manage workload resilience strategies, including Multi‑AZ/Region configurations, backups, and failover mechanisms within impact level boundaries; document DR strategies and exercise runbooks compatible with platform‑managed services.
- Guide team members in Implementing and monitoring FinOps practices for ongoing cost control, including budget tracking, reserved capacity planning, and resource rightsizing.
Qualifications
It is required that the Senior Cloud Architect have the following qualifications:
- Bachelor's degree.
- Ten (10) or more years of experience in cloud architecture/engineering with deep hands‑on AWS experience; proven delivery of secure workloads in AWS GovCloud (US) and/or Azure Government supporting DoD missions within a platform‑managed hub‑and‑spoke environment.
- U.S. Citizenship and an active Top Secret Security Clearance.
- Government program experience and proven team leadership skills, including managing, mentoring, and guiding technical teams toward achieving project and operational goals.
- Demonstrated ability to translate system requirements into technical solutions and to negotiate workload needs with platform owners/providers (networking, identity, security, logging/monitoring, DevOps).
- Strong grasp of DoD SRG, RMF (NIST SP 800‑53/53B), DISA STIGs, ATO/IATT processes, and continuous monitoring/POA&M practices; experience leading teams in the implementation of these practices into workload designs.
Required Certifications:
- CompTIA Security+ (CE).
- At least one Professional/Expert‑level cloud certification (Associate/Foundation does not meet the requirement):
- AWS Certified Solutions Architect – Professional (preferred), AWS DevOps Engineer – Professional, or another AWS Professional.
- Microsoft Certified: Azure Solutions Architect Expert.
- Google Professional Cloud Architect.
- Relevant specialty certs (e.g., Advanced Networking, Security) are a plus when paired with a Professional/Expert certification.
Preferred Skills and Tools:
- Leadership Skills: Experience managing teams, driving cross-functional collaboration, and mentoring junior members to grow technical, compliance, and operational expertise.
- IaC & automation: Terraform, CloudFormation, CDK, Bicep; configuration as code (Ansible/PowerShell/Bash).
- CI/CD: GitLab/GitHub Actions/Azure DevOps with policy gates and security scanning aligned to platform controls.
- Networking: Transit Gateway, VPC/VNet segmentation, PrivateLink/VPC endpoints, firewall policies; ability to specify correct TGW attachment parameters and route associations while respecting platform ownership.
- Security services & monitoring: AWS Security Hub/GuardDuty/Config/KMS, Azure Sentinel/Defender; integration to centralized logging/telemetry required by the platform.
- Documentation & compliance: Author SSP sections, control inheritance matrices, STIG baselines, and continuous monitoring playbooks for workloads.
Preferred Qualifications:
- Master's degree.
- Seven (7) or more years of experience.
Apply on company website
Find Connections via Linkedin
