We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Phia LLC jobs

[Contingent] Cloud Security Engineer

Phia LLC
medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k)
United States, Virginia, Fairfax
11166 Fairfax Boulevard (Show on map)
May 14, 2026

DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.

Status: Proposal - Contingent upon Award

Location: Hybrid - Washington, DC Metro Area

Schedule: Full-time | Core hours 0730-1600 EST, Monday-Friday

Focus Areas: Cloud Security, DevSecOps, AWS, FedRAMP, Incident Response, Vulnerability Management

OVERVIEW
phia is seeking a skilled Cloud Security Engineer to provide hands-on cloud security engineering and DevSecOps support for a federal client's multi-cloud environment. This role combines deep cloud security technical expertise with DevSecOps pipeline integration skills to protect cloud-native applications and infrastructure.
You will design, implement, and maintain security controls across cloud environments, integrate security into DevSecOps pipelines, support FedRAMP compliance activities, respond to cloud security incidents, and conduct vulnerability assessments across cloud infrastructure.
WHAT YOU'LL DO
  • Design and implement cloud-native security architectures: network segmentation, identity and access management (IAM), encryption (in-transit and at-rest), infrastructure-as-code (IaC) security, API security, serverless function security, and egress controls.
  • Build and maintain DevSecOps CI/CD pipelines with integrated security controls including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
  • Support cloud security Incident Response activities: analyze security events, recommend forensic approaches, implement recovery procedures, develop and maintain IR playbooks, and facilitate post-incident reviews documenting root causes.
  • Execute vulnerability scans and assessments across cloud infrastructure; correlate findings with SIEM data; develop remediation plans; track and close findings in POA&Ms.
  • Implement and maintain cloud security governance policies and procedures aligned with FedRAMP, NIST SP 800-53, CIS Benchmarks, and applicable federal cybersecurity standards.
  • Support cloud ATO activities: implement and document security controls, produce control implementation evidence, and support security control assessments.
  • Perform risk assessments of cloud security configurations, audits, and procedures; drive security incidents and vulnerabilities to resolution.
  • Assist engineering teams in implementing cloud data privacy and protection practices including encryption key management, authentication, domain segmentation, and data protection.
  • Develop and maintain cloud security documentation including architecture diagrams, standard operating procedures (SOPs), and compliance artifacts.
WHO YOU ARE
  • Cloud Builder: You can deploy and secure complex cloud architectures hands-on. You understand IaC, IAM, encryption, and network security at a deep technical level.
  • DevSecOps Practitioner: You have integrated security tooling into CI/CD pipelines and can review infrastructure-as-code with a security lens.
  • Incident Responder: You have handled cloud security incidents: you know how to triage, contain, eradicate, and document them, and you can build playbooks that make future responses faster.
  • Tool-Proficient: You have hands-on experience with SIEM platforms, vulnerability scanning tools, and enterprise security tools.
  • Federal-Fluent: You understand FedRAMP, FISMA, and NIST SP 800-53 compliance requirements as they apply to cloud deployments and can translate them into concrete technical controls.
  • Communicator: You explain cloud security risks and findings clearly to security officers, system owners, and non-technical stakeholders.
PREFERRED SKILLS
  • AWS Certified Security - Specialty or equivalent cloud security certification
  • Experience with Azure security services in addition to AWS
  • Experience with container security (Docker, Kubernetes) in federal cloud environments
  • FedRAMP authorization support experience (control implementation and evidence gathering)
  • Scripting proficiency: Python, Bash, or PowerShell for security automation
  • Hands-on experience with tools such as Splunk, Nessus/Tenable Security Center, Palo Alto Prisma, and enterprise firewall platforms
REQUIRED EDUCATION + EXPERIENCE
Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field
Experience: 5+ years of hands-on experience in cloud-native security; demonstrated experience with IaC, DevSecOps CI/CD pipelines, application security, and cloud incident response in a federal or regulated environment
Certifications: Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISM (ISACA), CGEIT (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)
Clearance: Public Trust / Suitability clearance required

GENERAL PROGRAM REQUIREMENTS

Citizenship: Must be a U.S. Citizen. No exception.

Work Hours: Full-time; Monday-Friday core hours 0730-1600 EST

Work Location: Hybrid - Washington, DC Metro Area; on-site presence required. Classified work must be performed at a government-designated facility on government-provided equipment.

Travel: Occasional travel may be required in support of this program.

Who We Are

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance work-life balance, including the following:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-ftqzq)