[Hiring] Senior Cloud Security Architect @Dragonfli Group

Role Description

Dragonfli Group is seeking an experienced Senior Cloud Security Architect to support a federal government client. In this role, you will lead the strategic vision for protecting a large-scale multi-cloud ecosystem, designing security blueprints that govern the entire digital footprint—from identity perimeters to AI-driven threat detection. This position requires a "Security as Code" mindset, where automated guardrails empower development teams to move at speed without compromising data or infrastructure safety.

The ideal candidate brings 12+ years of cybersecurity experience, with at least 6 years architecting secure cloud environments at scale across AWS, Azure, or GCP. You will serve as a trusted security advisor, bridging the gap between DevOps agility and rigorous regulatory compliance in a high-visibility federal environment.

Key Responsibilities

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, and/or GCP.
• Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors.
• Develop and enforce enterprise-wide security policies using Infrastructure-as-Code tools (e.g., Terraform), ensuring non-compliant infrastructure is automatically remediated or blocked from deployment.
• Design and oversee integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions.
• Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and blast-radius scenarios to strengthen system resilience.
• Drive the organization's transition to a Zero Standing Privilege model for all production environments.
• Achieve automated auditing for core compliance frameworks, including NIST and CIS Benchmarks.
• Leverage AI-driven monitoring to minimize Mean Time to Detect (MTTD) anomalous cloud activity.
• Act as lead security advisor for the Cloud Architecture team, bridging DevOps agility with rigorous regulatory compliance (SOC 2, FedRAMP).
• Communicate security risks, architecture decisions, and roadmap recommendations clearly to C-suite and executive stakeholders.
• Embed automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines as part of a mature DevSecOps practice.

Qualifications

• 12+ years of experience in Cybersecurity, with at least 6 years focused on architecting secure cloud environments at scale.
• Demonstrated expertise designing and implementing Zero Trust architectures across multi-cloud environments (AWS, Azure, or GCP).
• Expert knowledge of Identity-First Security, including Cloud Infrastructure Entitlement Management (CIEM), Just-In-Time (JIT) access provisioning, and complex OIDC/SAML federation flows.
• Hands-on proficiency with cloud-native security suites: AWS Security Hub, Azure Defender, and/or GCP Security Command Center.
• Experience developing Policy as Code frameworks using Terraform or equivalent IaC tooling for automated compliance enforcement.
• Proficiency in scripting and automation languages (Python, Go, or Bash) for custom security automations and SOAR platform integration.
• Deep experience embedding security testing (SAST/DAST/SCA) into CI/CD pipelines within a DevSecOps framework.
• Advanced understanding of secure cloud networking, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA).
• Working knowledge of CNAPP and CSPM tooling for cloud posture management and misconfiguration remediation.
• Familiarity with regulatory and compliance frameworks including NIST, CIS Benchmarks, and SOC 2.

Preferred / Desired Qualifications

• Advanced degree in Computer Science, Cybersecurity, or a related engineering discipline.
• Active top-tier security certifications (e.g., CISSP, CCSP, AWS Security Specialty, GCP Professional Cloud Security Engineer, Azure Security Engineer Associate, or equivalent).
• Prior experience in a federal government or public-sector consulting environment; familiarity with FedRAMP and FISMA compliance.
• Experience architecting security frameworks for AI/ML pipelines and LLM-integrated applications.
• Proven track record implementing Zero Standing Privilege models in large enterprise or government environments.
• Experience operating at the executive advisory level, presenting security risk posture and roadmap to C-suite leadership.
• Familiarity with SOAR platforms and AI-driven threat detection tooling for cloud environments.

Technical Skills

• Cloud Security Platforms: AWS Security Hub, Amazon GuardDuty, AWS IAM, AWS Organizations SCPs, Microsoft Azure Defender for Cloud, Azure Sentinel, Azure Active Directory / Entra ID, Google Cloud Security Command Center, Chronicle SIEM.
• Identity & Access Management: Cloud Infrastructure Entitlement Management (CIEM), Just-In-Time (JIT) access provisioning frameworks, OIDC, SAML 2.0, OAuth 2.0 federation and SSO architectures.
• Automation & DevSecOps: Infrastructure as Code: Terraform, AWS CloudFormation, Pulumi; Scripting: Python, Go, Bash; CI/CD security integration: SAST, DAST, SCA tooling (e.g., Snyk, Checkov, Semgrep); SOAR platforms: Splunk SOAR, Microsoft Sentinel Automation, Palo Alto XSOAR.
• Cloud Networking & Perimeter: Zero Trust Network Access (ZTNA) architecture and implementation, Cloud WAF, SD-WAN, and secure connectivity design, Network micro-segmentation and east-west traffic controls.
• Compliance & Governance: NIST SP 800-53, CIS Benchmarks, SOC 2, FedRAMP, FISMA; CNAPP and CSPM tools: Prisma Cloud, Wiz, Orca Security, or equivalent; Threat modeling methodologies: STRIDE, MITRE ATT&CK for Cloud.

Benefits

• Insurance – Comprehensive health, dental, and vision coverage for employees and eligible dependents.
• Paid Time Off (PTO) and 11 Federal Holidays – Generous PTO accrual plus all 11 federally recognized holidays.
• 401(k) with Employer Match – Competitive employer match to support your long-term financial goals.