Cloud Security Architect

Job DescriptionJob Description

Overview

BigBear.ai is seeking a Cloud Security Architect with an active TS/SCI with Poly clearance to design and implement secure cloud architectures that support an ATO Automation Platform deployment while ensuring compliance with federal security requirements. This role leads the technical implementation of an ATO Automation Platform across multi-cloud and hybrid environments, establishes secure integrations with cloud service providers, and ensures the platform operates within customer security boundaries and authorization scopes. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.

Responsibilities

• Design secure reference architectures for deploying an ATO Automation Platform in AWS GovCloud, Azure Government, and on-premises environments

• Implement secure API integrations between the ATO Automation Platform and cloud service provider platforms for real-time configuration analysis

• Configure cloud security services (AWS GuardDuty, Azure Security Center) to feed security findings into the ATO Automation Platform’s compliance monitoring

• Establish security boundaries and authorization scopes for systems under the ATO Automation Platform’s management

• Implement data protection controls including encryption at rest and in transit for compliance artifacts processed by the ATO Automation Platform

• Design network security architectures supporting the ATO Automation Platform deployment in classified environments

• Conduct security assessments of an ATO Automation Platform components and validate compliance with customer security overlays

• Develop cloud infrastructure-as-code templates that incorporate security controls mappable by the ATO Automation Platform
• Design AWS GovCloud reference architecture for deploying the ATO Automation Platform in FedRAMP High environment with appropriate VPC segmentation and encryption

• Configure the ATO Automation Platform’s integration with Azure Government APIs to enable automated analysis of NSG rules and Key Vault configurations

• Implement cross-account IAM roles enabling the ATO Automation Platform to perform read-only assessments of 50+ AWS accounts across an agency

• Design hybrid cloud architecture supporting the ATO Automation Platform deployment for systems spanning on-premises data centers and commercial cloud

• Conduct security assessment of the ATO Automation Platform’s LLM processing to ensure compliance with agency data handling requirements

Qualifications

• Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
• TS/SCI with an active Poly clearance
• Deep expertise in cloud security architectures across AWS GovCloud and Azure Government

• Strong understanding of cloud security services and compliance capabilities

• Experience with FedRAMP authorization processes and cloud security requirements

• Proficiency in cloud IAM design and least-privilege access models

• Knowledge of network security architecture including VPCs, security groups, and network segmentation

• Experience with encryption technologies and key management services

• Understanding of API security and secure integration patterns

• Familiarity with cloud compliance frameworks (AWS Security Best Practices, Azure Security Benchmark)