Principal Cloud Security Engineer

LightFeather is seeking a Principal Cloud Security Engineer with deep expertise in building and securing cloud infrastructure at scale across AWS, Azure, and GCP. The ideal candidate has strong cyber security experience in cloud environments, understands development lifecycle phases, and applies DevSecOps methodologies to embed security throughout the delivery process. This individual partners with architects, engineers, and compliance teams to design secure platforms, implement automation, and ensure readiness for Commercial, GovCloud, and DoD IL6 environments.

This role is ideal for someone who thrives at the intersection of security, engineering, and automation—delivering scalable, compliant, and resilient cloud solutions aligned with mission objectives.

Location: In-Person (5 days/week) – Washington, DC 20036
Job Type: Full-time
Citizenship Requirement: U.S. Citizenship Required
Clearance Requirement: Active Secret or Top Secret Security Clearance

• Design and implement secure architecture across AWS, Azure, and GCP, including Commercial, GovCloud, and IL6 enclaves.

• Define and enforce security baselines (CIS, NIST 800-53, FedRAMP, etc.) and align security controls with compliance frameworks.

• Lead architecture reviews, threat modeling, and secure design guidance for cloud services and workloads.

• Build and maintain Infrastructure as Code modules (Terraform) to enforce security at scale across hundreds of accounts, subscriptions, and projects.

• Integrate CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and drive secure coding practices across the organization.

• Develop and enhance automated guardrails, policies, and remediation pipelines.

• Support ATO compliance efforts by embedding controls into the cloud buildout process and leading assessments.

• Partner with compliance officers, auditors, and platform engineers to ensure evidence and reporting readiness.

• Implement centralized logging, monitoring, and incident response across multi-cloud environments.

• Guide a team of security and platform engineers on secure cloud development and automation practices.

• Partner with architects, developers, and compliance teams to align security objectives between projects, stakeholders, and platform teams.

• Act as a cloud security subject matter expert for stakeholders, architects, and engineering leads.

• Bachelor’s degree in computer science or a related technical field, or equivalent industry experience.

• 8+ years of cybersecurity or cloud engineering experience, including 5+ years in cloud security.

• Hands-on advanced experience securing and automating two or more cloud environments (AWS, Azure, GCP, Oracle).

• Experience with native cloud security tools (AWS Security Hub, GuardDuty, Microsoft Defender for Cloud, Google SCC, etc.).

• Strong background in Infrastructure as Code (Terraform, CloudFormation, ARM/Bicep) and CI/CD (GitLab, GitHub Actions, etc.).

• Proficiency in at least one programming or scripting language (Python, Go, PowerShell, Bash).

• Deep knowledge of cloud identity and access management (IAM/RBAC), key management (KMS/Key Vault/Cloud KMS), networking, and encryption.

• Experience with application security standards such as OWASP ASVS/Top 10 and CWE 25.

• Experience aligning security controls with NIST 800-53, FedRAMP, CIS Benchmarks, or equivalent frameworks.

• Proven track record embedding security into Agile/DevSecOps teams and pipelines.

• Strong communication and leadership skills with experience successfully delivering complex projects with diverse stakeholders.

• Experience securing GovCloud, DoD IL6, or other restricted cloud environments.

• Knowledge of ServiceNow for CMDB integrations, discovery, and security workflows.

• Familiarity with supply chain security (SBOM, SLSA, dependency scanning, artifact signing).

• Background in zero trust architectures and enterprise identity platforms (Okta, Entra ID, AWS SSO).

• Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, OSCP, or CISSP.

• Experience with Kubernetes security (OPA/Gatekeeper, PodSecurityStandards, Prisma, Twistlock, etc.).

You join a team dedicated to meaningful impact, working on solutions that address mission-critical needs. You experience variety, fulfillment, and the opportunity to work with some of the best in the industry. LightFeather is committed to fostering a diverse and inclusive environment where everyone is valued and respected.