Lead Infrastructure and Cybersecurity Architect

Lead Infrastructure and Cybersecurity Architect
City/State: Colorado Springs, CO USA
Type and Schedule: Full-Time, Salary/Exempt , on-site in Colorado Springs, CO
Annualized Salary Range: $150,000 - $185,000 commensurate with experience .
About Us: Caliola is a woman-owned small business that is improving and protecting our Nation's way of life through secure collaboration and resilient communications. Our engineers, subject matter experts, and veterans are developing and delivering trusted solutions for mission-critical communications. We seek teammates who share our core values:
I 3 for C 3 - Insight, Innovation, and Integrity for Command, Control, and Communications
These values guide how we work every day. At Caliola, you will find technically challenging, mission-focused work within a flexible and collaborative culture that is uncommon in the defense industry. We offer flexible PTO, subsidized health insurance, 401(k) matching, professional development, and a competitive compensation structure designed to support long-term growth.
Our performance has driven rapid growth and national recognition, being named twice to the Deloitte Technology Fast 500™ and inclusion on the 2025 Inc. 5000 list of America's fastest-growing private companies. We have also been recognized as a Colorado Company to Watch, a ColoradoBiz Top Company in Aerospace & Defense, and the #2 Gazette's Best Workplace (medium size) in 2025.
Headquartered in Colorado Springs, CO, we operate in a leading aerospace and defense hub with proximity to major military installations. Set against the Rocky Mountains, the region offers year-round outdoor recreation and a high quality of life for professionals and families considering relocation.
As a part of our selection process, we ask all applicants to complete a short, 10-12-minute survey from Culture Index. This is a survey, not a test; no passing or failing. The purpose of this survey is to identify your unique strengths as they relate to our open positions. Please copy and paste the following link into a separate browser window to complete: https://go.cultureindex.com/s/5i6Gpe3wge
Position Description:
Caliola is seeking a highly capable Lead Infrastructure and Cybersecurity Architect who reports to the Director of Infrastructure Operations to support the design, modernization, security, and governance of our internal infrastructure, enterprise networks, cloud environments, and regulated systems .
This role will serve as a hands-on technical anchor as Caliola scales, building the secure architecture needed to support new programs , mature our technical infrastructure, operate secure spaces, sustain CMMC Level 2 compliance, and design secure AI capabilities. This person leads the architecture, documentation, configuration management, and risk mitigation efforts supporting the continued growth and maturity of Caliola's infrastructure and cybersecurity capabilities .
The ideal candidate will be comfortable moving between high-level architecture decisions and direct technical execution across on-premises, cloud, hybrid, network, endpoint, cybersecurity, AI, and compliance environments.
This role requires deep technical capability across enterprise networking, cybersecurity architecture, Microsoft GCC High / Azure Government, secure monitoring, disaster recovery, and regulated government systems. The successful candidate will work closely with engineering, cybersecurity, compliance, facilities, and program management to ensure Caliola's systems remain secure, resilient, compliant, and ready for growth.
Technic al Responsibilitie s :

• Design, build, and maintain secure, resilient, and scalable core infrastructure across on-premises, cloud, hybrid, and multi-site environments. Drive modernization initiatives including cloud integration, virtualization, software-defined networking, LAN/WAN, SD-WAN, VPN, network segmentation, and Infrastructure as Code automation .
• Evaluate, integrate, and govern enterprise network technologies, including routers, switches, firewalls, IDS/IPS, NAC, load balancing, encryption, wireless, and secure connectivity solutions.
• Implement, configure, tune, and improve security monitoring technologies, including endpoint protection, SIEM/SOAR, Microsoft Defender, Microsoft Sentinel, logging, alerting, dashboards, and incident-response integrations.
• Architect, administer, and support Microsoft GCC High, Azure Government, and hybrid commercial cloud environments in accordance with federal security requirements. Govern foundational systems, backup environments, identity, endpoint, collaboration, monitoring, and data protection capabilities.
• Implement and govern secure cloud and hybrid architectures using Microsoft Entra ID, Conditional Access, MFA/PIM, Intune, Purview, AvePoint, and related tools to support resource protection, access control, monitoring, and compliance.
• Secure and harden foundational IT components, including software development environments, databases, endpoints, servers, cloud resources, and network devices by applying DISA STIGs, configuration baselines, vulnerability remediation, and risk mitigation strategies.
• Provide hands-on technical support during security incidents, including investigation, containment, remediation, recovery, documentation, and follow-up hardening.
• Architect and oversee disaster recovery and business continuity strategies, including backup validation, recovery planning, high availability, resilience, and continuity of critical infrastructure and business systems.
• Supports the evaluation, implementation, and secure operation of approved AI-enabled tools and workflows in accordance with organizational security, risk mitigation, and compliance requirements .

Additional Responsibilities:

• Lead the technical implementation and sustainment of GRC controls aligned with CMMC Level 2, NIST SP 800-171/800-53, DFARS, DISA STIGs, and applicable DoD cybersecurity requirements. Support internal assessments, remediation planning, customer reviews, and external C3PAO assessments.
• Develop and maintain compliance and engineering artifacts, including System Security Plans, POA&Ms, configuration management documentation, HLDs/LLDs, network diagrams, technical standards, implementation plans, incident response procedures, and security control evidence.
• Provide technical architecture and infrastructure support for secure rooms, classified or controlled environments, and related systems in coordination with the ISSM, FSO, security, compliance, facilities, and program teams.
• Partner across engineering, cybersecurity, compliance, facilities, program management, customer stakeholders, and vendors to embed security throughout the system lifecycle. Participate in architecture reviews, risk assessments, vendor evaluations, change management, and IT Configuration Control Board activities.
• Prepare and maintain technical roadmap s and standards for infrastructure, cybersecurity tooling, cloud architecture, network modernization, endpoint management, disaster recovery, secure AI adoption, and compliance sustainment.
• Provide technical guidance and mentorship to engineering and technical staff to build organization-wide capability in secure design, cloud operations, infrastructure engineering, and cybersecurity practices.
• Evaluate emerging technologies, threats, and industry trends to guide strategic upgrades while balancing long-term architecture goals with operational needs.

What We Require :

• Active Secret Clearance
• Bachelor's degree in Computer Science , Information Technology, Engineering, Cybersecurity, or a related field, or equivalent professional experience.
• 10+ years of progressive experience in enterprise infrastructure architecture, network engineering, cybersecurity architecture, cloud security, systems architecture, or related technical roles.
• Experience supporting DoD, Federal Government, defense contractor, or similarly regulated environments.
• Advanced knowledge of enterprise network and infrastructure architecture, including routing, switching, firewalls, VPNs, wireless, VLANs, network segmentation, secure connectivity, and high availability / disaster recovery architectures.
• Experience designing, administering, or supporting Microsoft GCC High, Azure Government, or comparable secure cloud, identity, endpoint, collaboration, monitoring, or data protection environments.
• Strong working familiarity with CMMC Level 2, NIST SP 800-171, RMF, DFARS cybersecurity requirements, DISA STIGs, and related DoD cybersecurity expectations.
• Hands-on experience with security hardening, vulnerability management, vulnerability remediation, configuration baselines, endpoint protection, access control, logging, SIEM/security monitoring, and incident response support, including Microsoft Sentinel or comparable platforms.
• Ability to translate business, program, compliance, e ngineering and emerging technology needs into secure technical architecture, implementation plans, and operational documentation.
• Ability to mentor technical teammates, collaborate effectively across engineering, cybersecurity, compliance, facilities, and program teams, and influence outcomes without direct management authority.

What We Value :

• Active Top Secret or TS/SCI security clearance.
• Direct involvement in CMMC Level 2 sustainment, C3PAO or DIBCAC assessments, secure rooms, classified systems, SSPs, POA&Ms, audit evidence, and continuous compliance.
• Deep knowledge of Microsoft GCC High, Azure Government, Entra ID, Intune, Defender, Sentinel, Purview, Conditional Access, MFA/PIM, Zero Trust Architecture, FedRAMP, DoD SRG, or related federal cloud/security frameworks.
• Familiarity with Cisco, Palo Alto, Fortinet, Aruba, Juniper or comparable network platforms.
• Windows/Linux server administration and infrastructure automation using tools such as Windows Server, Ubuntu, RHEL, Terraform, Ansible, Bicep, PowerShell, Bash, or Python .
• Secure AI architecture and governance, including approved tools, workflows, access controls, logging, monitoring, and data boundary protections.
• Relevant certifications such as CISSP, CISM, CCNP, CCIE, Microsoft Cybersecurity Architect Expert, Microsoft Azure Solutions Architect Expert, Certified CMMC Professional, Security+, Network+, or SANS/GIAC .

Minimum Physical Requirements:

• Must possess exceptional written and verbal English communication skills, with the ability to convey complex technical concepts to both technical and non-technical audiences.
• Ability to multitask across multiple programs, manage competing priorities, and maintain high focus in a fast-paced environment.
• Ability to navigate an office or server room setting, including prolonged periods at a workstation.
• Ability to bend, kneel, crouch, or reach to install, inspect, or maintain IT hardware, server racks, and cabling.
• Close visual acuity required for analyzing data, engineering diagrams, and extensive reading.
• Fine motor skills and dexterity to manipulate small technical devices and components.
• Ability to occasionally lift, move, and set up infrastructure equipment weighing up to 35 lbs.

Please contact Human Resources with questions about ADA accommodations.
Expression of Interest: By applying to this job, you are expressing interest in this position and could be considered for other career opportunities at Caliola Engineering. Should a match be identified between your skillset and Caliola's requirements for this or a future opening, you may be contacted.
At Caliola, we believe that true innovation can only occur when teammates bring their authentic selves to collaborate in a supportive, encouraging environment. We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.
Caliola participates in E-Verify, an internet-based system used to confirm the employment eligibility of all new hires. Upon hire, all employees are required to complete Form I-9 to verify their identity and employment eligibility to work in the United States.
All candidates will be required to pass a basic background screening.