Senior Cloud Security Architect

DescriptionABOUT DRAGONFLI GROUPDragonfli Group is a cybersecurity and IT consulting firm providing services to federal, state, and municipal government agencies as well as Fortune 100 enterprises.

Headquartered in Washington, DC, Dragonfli supports clients in securing

mission-critical systems across on-site, hybrid, and fully remote environments.ROLE SUMMARYDragonfli Group is seeking an experienced Senior Cloud Security Architect to support a federal government client.

In this role, you will lead the strategic vision for protecting a large-scale multi-cloud ecosystem, designing security blueprints that govern the entire digital footprint—from identity perimeters to AI-driven threat detection.

This position requires a "Security as Code" mindset, where automated guardrails empower development teams to move at speed without compromising data or infrastructure safety.The ideal candidate brings 12+ years of cybersecurity experience, with at least 6 years architecting secure cloud environments at scale across AWS, Azure, or GCP.

You will serve as a trusted security advisor, bridging the gap between DevOps agility and rigorous regulatory compliance in a high-visibility federal environment.KEY RESPONSIBILITIESLead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCPArchitect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectorsDevelop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deploymentDesign and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissionsConduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilienceDrive the organization's transition to a Zero Standing Privilege model for all production environmentsAchieve automated auditing for core compliance frameworks, including NIST and CIS BenchmarksLeverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activityAct as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP)Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholdersEmbed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practiceRequirementsMust-Have Qualifications12+ years of experience in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scaleDemonstrated expertise designing and implementing Zero Trust architectures across multi-cloud environments (AWS, Azure, or GCP)Expert knowledge of Identity-First Security, including Cloud Infrastructure Entitlement Management (CIEM), Just-In-Time (JIT) access provisioning, and complex OIDC/SAML federation flowsHands-on proficiency with cloud-native security suites: AWS Security Hub, Azure Defender, and/or GCP Security Command CenterExperience developing Policy as Code frameworks using Terraform or equivalent IaC tooling for automated compliance enforcementProficiency in scripting and automation languages (Python, Go, or Bash) for custom security automations and SOAR platform integrationDeep experience embedding security testing (SAST/DAST/SCA) into CI/CD pipelines within a DevSecOps frameworkAdvanced understanding of secure cloud networking, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA)Working knowledge of CNAPP and CSPM tooling for cloud posture management and misconfiguration remediationFamiliarity with regulatory and compliance frameworks including NIST, CIS Benchmarks, and SOC 2Preferred / Desired QualificationsAdvanced degree in Computer Science, Cybersecurity, or a related engineering disciplineActive top-tier security certifications (e.g., CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate, or equivalent)Prior experience in a federal government or public-sector consulting environment; familiarity with FedRAMP and FISMA complianceExperience architecting security frameworks for AI/ML pipelines and LLM-integrated applicationsProven track record implementing Zero Standing Privilege models in large enterprise or government environmentsExperience operating at the executive advisory level, presenting security risk posture and roadmap to C-suite leadershipFamiliarity with SOAR platforms and AI-driven threat detection tooling for cloud environmentsSkill(s)TECHNICAL SKILLSCloud Security PlatformsAWS Security Hub, Amazon GuardDuty, AWS IAM, AWS Organizations SCPsMicrosoft Azure Defender for Cloud, Azure Sentinel, Azure Active Directory / Entra IDGoogle Cloud Security Command Center, Chronicle SIEMIdentity & Access ManagementCloud Infrastructure Entitlement Management (CIEM)Just-In-Time (JIT) access provisioning frameworksOIDC, SAML 2.0, OAuth 2.0 federation and SSO architecturesAutomation & DevSecOpsInfrastructure as Code: Terraform, AWS CloudFormation, PulumiScripting: Python, Go, BashCI/CD security integration: SAST, DAST, SCA tooling (e.g., Snyk, Checkov, Semgrep)SOAR platforms: Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOARCloud Networking & PerimeterZero Trust Network Access (ZTNA) architecture and implementationCloud WAF, SD-WAN, and secure connectivity designNetwork micro-segmentation and east-west traffic controlsCompliance & GovernanceNIST SP 800-53, CIS Benchmarks, SOC 2, FedRAMP, FISMACNAPP and CSPM tools: Prisma Cloud, Wiz, Orca Security, or equivalentThreat modeling methodologies: STRIDE, MITRE ATT&CK for CloudBenefitsDragonfli Group offers a comprehensive benefits package to support the health, financial well-being, and work-life balance of our team members:Insurance – Comprehensive health, dental, and vision coverage for employees and eligible dependentsPaid Time Off (PTO) and 11 Federal Holidays – Generous PTO accrual plus all 11 federally recognized holidays401(k) with Employer Match – Competitive employer match to support your long-term financial goalsOriginally posted on Himalayas