SITEC - Cloud Security Engineer - MacDill AFB

Peraton requires Cloud Systems Security Engineers to support the Special Operation Command Information Technology Enterprise Contract (SITEC) – 3 EOM.  This position is located at MacDill AFB in Florida.  

The purpose of the Special Operations Forces Information Technology Enterprise Contract (SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs), and its deployed forces with Operations and Maintenance (O&M) services to maintain Network Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365. 

The Cloud System Security Engineer is responsible for the implementation, operation, and governance of cloud security controls that enforce identity, access, configuration, and service interaction across cloud and cloud-integrated enterprise environments.

This role is responsible for the cloud control plane security layer, ensuring that identities, services, workloads, and platform configurations are continuously governed and enforced in alignment with organizational risk tolerance and frameworks such as NIST 800-53.

The Cloud Security Engineer operates and maintains policy-driven cloud security capabilities, including identity governance, access control, and configuration posture enforcement. This role enables Cloud Defense Engineers by ensuring cloud environments are both secure and observable, while remaining independent from detection and response functions.

The role collaborates with Cloud Engineers during operational changes to validate secure outcomes without owning cloud architecture design, deployment, or platform operations.

• Manage and enhance cloud security posture by operating and maintaining enforcement capabilities across identity governance, access control, configuration management, and cloud workload protection (CWP).
• Develop and manage cloud security policy frameworks encompassing Identity and Access Management (IAM), Role-Based Access Control (RBAC), conditional access, service communication controls, and Cloud Security Posture Management (CSPM) to ensure compliance with security standards.
• Lead the full lifecycle of cloud security policies, including creation, validation, deployment, periodic recertification, optimization, and eventual decommissioning.
• Conduct daily operational security management, including policy tuning, validation, and the prompt correction of misconfigurations to maintain a secure baseline.
• Serve as the security reviewer for changes to cloud identities, permissions, and configurations, performing risk-based evaluations and authorizations.
• Enforce secure cloud configurations by implementing and validating controls aligned with industry best practices and NIST 800-53.
• Execute cloud-native enforcement actions, such as access revocation and workload isolation, in direct support of Defensive Cyber Operations (DCO) as directed.
• Ensure security controls are configured to produce necessary telemetry for comprehensive monitoring and threat detection by security operations teams.
• Analyze and mitigate cloud vulnerabilities and misconfigurations by implementing direct remediation or designing effective compensating controls.
• Manage and maintain the Plan of Action and Milestones (POA&M) for all items related to cloud security control deficiencies.
• Support system accreditation processes by providing evidence of effective control implementation, enforcement, and ongoing compliance.
• Collaborate with Cloud Engineering teams to provide security guidance during operational changes and validate that security controls remain effective as the cloud environment evolves.
• Participate in the design and review of new cloud architectures to ensure that security is integrated from the initial stages of development ("shift-left" security).
• Design, implement, and manage security controls within cloud environments, including Virtual Private Cloud (VPC) security, Network Security Groups (NSGs), and cloud-native firewalls.
• Conduct threat modeling exercises for new and existing cloud services to identify potential threats and design appropriate security controls.
• Participate in incident response activities, providing subject matter expertise on cloud security to help with containment, eradication, and recovery.

Qualifications: 

• Min 12 years with HS degree, 10 years with AS/AA degree, 8 years with BS/BA, 6 years with MS/MA, 3 years with PhD
• DoD 8570 IAT II Certification  
• DoD TS/SCI clearance 

Desired Qualifications:

• Hands-on experience with cloud security enforcement (IAM, configuration posture, workload protection)
• Strong understanding of identity-driven security and cloud access models
• Experience managing policy lifecycle in cloud environments
• Knowledge of cloud security standards and NIST 800-53 controls
• Understanding of cloud telemetry and its role in detection
• Ability to implement compensating controls in cloud environments
• Clear separation of responsibilities from cloud engineering and threat detection
•