Security Builder (Cloud Security Engineer) Jobs

Job Description

Company: D9Tech Resources, LLC

Location: Washington, US

Title: Cloud Security Engineer (AWS GovCloud, IL5) — Secret Clearance

Summary

This role lives at the organization level, where guardrails are written and where a single SCP can either protect a fleet or break it. You will design those guardrails, you will produce the documentation that carries them through the ATO process, and you will run the day-to-day triage that keeps the security posture clean. Builders who enjoy both the policy-as-code work and the evidence work will thrive here.

What you will own

Day-to-day security triage, including Security Hub critical findings (for example SSM.7, EC2.182, and S3.6 false positives), with proper disposition and remediation.

Organization-level guardrails: Service Control Policy (SCP) and Resource Control Policy (RCP) authoring, IAM permissions boundaries, AWS Config rules, and KMS key policy design.

Landing Zone Accelerator security configuration, specifically the custom files under service-control-policies/, rcp-policies/, and iam-policies/, plus iam-config.yaml updates.

SSP-aligned documentation, including PPSM evidence packages, Plan of Action and Milestones (POAM) entries, and Body of Evidence (BoE) artifacts.

Security narrative inputs to the ATO package.

Required

Depth in AWS organization-level guardrails: SCP and RCP authoring, IAM permissions boundaries, AWS Config rules, KMS key policy design, and Security Hub finding remediation.

Ability to produce SSP-aligned documentation, including PPSM evidence packages, POAMs, and BoE artifacts.

Preferred

Hands-on Landing Zone Accelerator (LZA) configuration, specifically writing custom service-control-policies/, rcp-policies/, and iam-policies/ files.

Familiarity with IL5 and CC SRG control mapping.

Source: Clearance Jobs