Job Information
BigBear.ai Cloud Security Architect in Annapolis Junction, Maryland
Overview
BigBear.ai is seeking a Cloud Security Architect with an active TS/SCI with Poly clearance to design and implement secure cloud architectures that support an ATO Automation Platform deployment while ensuring compliance with federal security requirements. This role leads the technical implementation of an ATO Automation Platform across multi-cloud and hybrid environments, establishes secure integrations with cloud service providers, and ensures the platform operates within customer security boundaries and authorization scopes. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.
What you will do
Design secure reference architectures for deploying an ATO Automation Platform in AWS GovCloud, Azure Government, and on-premises environments
Implement secure API integrations between the ATO Automation Platform and cloud service provider platforms for real-time configuration analysis
Configure cloud security services (AWS GuardDuty, Azure Security Center) to feed security findings into the ATO Automation Platform’s compliance monitoring
Establish security boundaries and authorization scopes for systems under the ATO Automation Platform’s management
Implement data protection controls including encryption at rest and in transit for compliance artifacts processed by the ATO Automation Platform
Design network security architectures supporting the ATO Automation Platform deployment in classified environments
Conduct security assessments of an ATO Automation Platform components and validate compliance with customer security overlays
Develop cloud infrastructure-as-code templates that incorporate security controls mappable by the ATO Automation Platform
Design AWS GovCloud reference architecture for deploying the ATO Automation Platform in FedRAMP High environment with appropriate VPC segmentation and encryption
Configure the ATO Automation Platform’s integration with Azure Government APIs to enable automated analysis of NSG rules and Key Vault configurations
Implement cross-account IAM roles enabling the ATO Automation Platform to perform read-only assessments of 50+ AWS accounts across an agency
Design hybrid cloud architecture supporting the ATO Automation Platform deployment for systems spanning on-premises data centers and commercial cloud
Conduct security assessment of the ATO Automation Platform’s LLM processing to ensure compliance with agency data handling requirements
What you need to have
Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
TS/SCI with an active Poly clearance
Deep expertise in cloud security architectures across AWS GovCloud and Azure Government
Strong understanding of cloud security services and compliance capabilities
Experience with FedRAMP authorization processes and cloud security requirements
Proficiency in cloud IAM design and least-privilege access models
Knowledge of network security architecture including VPCs, security groups, and network segmentation
Experience with encryption technologies and key management services
Understanding of API security and secure integration patterns
Familiarity with cloud compliance frameworks (AWS Security Best Practices, Azure Security Benchmark)
What we'd like you to have
Experience deploying security platforms in classified cloud environments (AWS Secret/Top Secret regions, Azure Government Secret)
Knowledge of DoD Cloud Computing Security Requirements Guide (SRG) implementation
Prior experience with compliance automation platform deployments
Certifications: AWS Certified Security Specialty, Azure Security Engineer Associate, CCSP (Certified Cloud Security Professional)
Understanding of zero-trust architecture principles and implementation
Experience with Infrastructure as Code security scanning (Checkov, tfsec, Terrascan)
Familiarity with container security in cloud environments
Background in federal cloud migration projects and Cloud Smart strategy
About BigBear.ai
BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai/ and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.