Cloud Security Architect

Overview

BigBear.ai is seeking a Cloud Security Architect with an active TS/SCI with Poly clearance to design and implement secure cloud architectures that support an ATO Automation Platform deployment while ensuring compliance with federal security requirements. This role leads the technical implementation of an ATO Automation Platform across multi-cloud and hybrid environments, establishes secure integrations with cloud service providers, and ensures the platform operates within customer security boundaries and authorization scopes. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.

What you will do

• Design secure reference architectures for deploying an ATO Automation Platform in AWS GovCloud, Azure Government, and on-premises environments
• Implement secure API integrations between the ATO Automation Platform and cloud service provider platforms for real-time configuration analysis
• Configure cloud security services (AWS GuardDuty, Azure Security Center) to feed security findings into the ATO Automation Platform’s compliance monitoring
• Establish security boundaries and authorization scopes for systems under the ATO Automation Platform’s management
• Implement data protection controls including encryption at rest and in transit for compliance artifacts processed by the ATO Automation Platform
• Design network security architectures supporting the ATO Automation Platform deployment in classified environments
• Conduct security assessments of an ATO Automation Platform components and validate compliance with customer security overlays
• Develop cloud infrastructure-as-code templates that incorporate security controls mappable by the ATO Automation Platform
• Design AWS GovCloud reference architecture for deploying the ATO Automation Platform in FedRAMP High environment with appropriate VPC segmentation and encryption
• Configure the ATO Automation Platform’s integration with Azure Government APIs to enable automated analysis of NSG rules and Key Vault configurations
• Implement cross-account IAM roles enabling the ATO Automation Platform to perform read-only assessments of 50+ AWS accounts across an agency
• Design hybrid cloud architecture supporting the ATO Automation Platform deployment for systems spanning on-premises data centers and commercial cloud
• Conduct security assessment of the ATO Automation Platform’s LLM processing to ensure compliance with agency data handling requirements

What you need to have

• Bachelor's Degree with a Technical concentration with at least 10 years of professional experience
• TS/SCI with an active Poly clearance
• Deep expertise in cloud security architectures across AWS GovCloud and Azure Government
• Strong understanding of cloud security services and compliance capabilities
• Experience with FedRAMP authorization processes and cloud security requirements
• Proficiency in cloud IAM design and least-privilege access models
• Knowledge of network security architecture including VPCs, security groups, and network segmentation
• Experience with encryption technologies and key management services
• Understanding of API security and secure integration patterns
• Familiarity with cloud compliance frameworks (AWS Security Best Practices, Azure Security Benchmark)

What we'd like you to have

• Experience deploying security platforms in classified cloud environments (AWS Secret/Top Secret regions, Azure Government Secret)
• Knowledge of DoD Cloud Computing Security Requirements Guide (SRG) implementation
• Prior experience with compliance automation platform deployments
• Certifications: AWS Certified Security Specialty, Azure Security Engineer Associate, CCSP (Certified Cloud Security Professional)
• Understanding of zero-trust architecture principles and implementation
• Experience with Infrastructure as Code security scanning (Checkov, tfsec, Terrascan)
• Familiarity with container security in cloud environments
• Background in federal cloud migration projects and Cloud Smart strategy

About BigBear.ai

BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai’s predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.

BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.