Job Requirements
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Marathon TS. is seeking a Senior Cloud Systems Engineer within the Mission Performance & Security Systems Division. We are seeking an accomplished Senior Cloud Engineer with extensive experience in designing and managing secure cloud environments for high-impact defense operations. This position goes beyond traditional cloud architecture-it focuses on constructing secure, compliant, and resilient infrastructure critical to classified defense missions. The selected candidate will make key architectural decisions across multiple cloud regions, including AWS GovCloud and commercial environments, design network segmentation for air-gapped and hybrid systems, oversee cross-domain data transfer between different classification levels, and ensure ongoing compliance for workload authorization. Defense-specific cloud operations entail unique challenges such as network isolation, cross-domain enforcement, and authorization management-these are core constraints shaping every decision. This role directly supports space-based national security operations through infrastructure that underpins mission success.
Key Responsibilities:
Design, deploy, and sustain cloud environments within AWS, supporting impact levels IL2 through IL5.
Develop secure network architectures for classified, air-gapped, and hybrid environments-including VPC setup, cross-account routing, and secure on-premises connectivity.
Implement and uphold security controls aligned with DoD compliance standards, supporting continuous authorization efforts and audit readiness.
Engineer secure data transfer mechanisms across cross-domain solutions and different classification zones.
Manage identity and access frameworks-RBAC, credential management, identity federation-across multiple accounts and regions.
Use infrastructure-as-code to deliver repeatable, auditable deployments in classified environments.
Configure security monitoring, logging, and alerting infrastructure to support operational and compliance needs.
Collaborate with cross-domain solution engineers on integrating security labels and enforcement.
Oversee cloud cost governance-rightsizing, reserved capacity, tagging, policy enforcement, and budget alerts.
Create and maintain detailed architecture documentation-network diagrams, control mappings, and authorization artifacts for government review.
Requirements:
An active U.S. Secret clearance is required; TS/SCI clearance is preferred.
Must be a U.S. citizen.
Bachelor's degree in Computer Science, Cybersecurity, Cloud Computing, IT, or a related technical discipline. An advanced degree is a plus.
10+ years of experience designing and operating cloud infrastructure for DoD or national security projects.
Required Skills:
Extensive hands-on experience with AWS, including GovCloud, multi-account architectures, and classified workloads at IL4/IL5.
Practical experience designing and managing cloud networking in air-gapped, classified, or hybrid environments.
Working knowledge of RMF, FedRAMP, CMMC, NIST SP 800-171, and NIST SP 800-53.
Proven experience with infrastructure-as-code, IAM architecture (cross-account roles, federation, least privilege), and compliance monitoring.
Strong documentation skills for government review-authorization artifacts, control mappings, architecture decision records.
Desired Skills:
AWS certifications (Solutions Architect Professional, Security Specialty) or CISSP, CCSP, Security+.
Experience with container orchestration, CI/CD pipelines, and DevSecOps in classified environments.
Familiarity with cross-domain solutions and secure data transfer between cloud partitions.
Experience with MBSE and SysML v2 modeling tools.
Experience supporting space, satellite, or missile defense programs.
Experience with Amazon Dedicated Cloud (Client) air-gapped regions.
FinOps expertise-cloud spend optimization and financial governance in DoD environments.
Experience with Azure or other DIB cloud providers; AWS Landing Zone Accelerator (LZA) for multi-account governance.
#CJJOBS
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
Key Responsibilities:
Design, deploy, and sustain cloud environments within AWS, supporting impact levels IL2 through IL5.
Develop secure network architectures for classified, air-gapped, and hybrid environments-including VPC setup, cross-account routing, and secure on-premises connectivity.
Implement and uphold security controls aligned with DoD compliance standards, supporting continuous authorization efforts and audit readiness.
Engineer secure data transfer mechanisms across cross-domain solutions and different classification zones.
Manage identity and access frameworks-RBAC, credential management, identity federation-across multiple accounts and regions.
Use infrastructure-as-code to deliver repeatable, auditable deployments in classified environments.
Configure security monitoring, logging, and alerting infrastructure to support operational and compliance needs.
Collaborate with cross-domain solution engineers on integrating security labels and enforcement.
Oversee cloud cost governance-rightsizing, reserved capacity, tagging, policy enforcement, and budget alerts.
Create and maintain detailed architecture documentation-network diagrams, control mappings, and authorization artifacts for government review.
Requirements:
An active U.S. Secret clearance is required; TS/SCI clearance is preferred.
Must be a U.S. citizen.
Bachelor's degree in Computer Science, Cybersecurity, Cloud Computing, IT, or a related technical discipline. An advanced degree is a plus.
10+ years of experience designing and operating cloud infrastructure for DoD or national security projects.
Required Skills:
Extensive hands-on experience with AWS, including GovCloud, multi-account architectures, and classified workloads at IL4/IL5.
Practical experience designing and managing cloud networking in air-gapped, classified, or hybrid environments.
Working knowledge of RMF, FedRAMP, CMMC, NIST SP 800-171, and NIST SP 800-53.
Proven experience with infrastructure-as-code, IAM architecture (cross-account roles, federation, least privilege), and compliance monitoring.
Strong documentation skills for government review-authorization artifacts, control mappings, architecture decision records.
Desired Skills:
AWS certifications (Solutions Architect Professional, Security Specialty) or CISSP, CCSP, Security+.
Experience with container orchestration, CI/CD pipelines, and DevSecOps in classified environments.
Familiarity with cross-domain solutions and secure data transfer between cloud partitions.
Experience with MBSE and SysML v2 modeling tools.
Experience supporting space, satellite, or missile defense programs.
Experience with Amazon Dedicated Cloud (Client) air-gapped regions.
FinOps expertise-cloud spend optimization and financial governance in DoD environments.
Experience with Azure or other DIB cloud providers; AWS Landing Zone Accelerator (LZA) for multi-account governance.
#CJJOBS
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").
group id: 10362312