Cloud Engineer Virginia

This is a full-time position and requires a TS/SCI/Full Scope Polygraph Clearance.

2HB Incorporated is seeking a Cloud Engineer to support its government customer in Chantilly, VA.
The US Government (USG) plans to build a new secure cloud-based enclave and migrate off of legacy on-premises infrastructure. The USG requires cloud engineering support to help design and build the new cloud enclave, perform Operations and Maintenance (O&M) tasks, evolve and enhance the cloud architecture once the build out and migration is complete, help continuously identify and mitigate system and data risks and achieve and maintain Assessment & Authorization (A&A) compliance.
Work requirementS
The Candidate shall:

• Work closely with the USG for work prioritization.
• Set up, configure, update and maintain the USG's AWS cloud-based enclave, in all environments including PRODUCTION.
• Work in close coordination with the cloud vendor's Professional Services as the cloud-based enclave is initially designed and stood up.
• Take the lead, in coordination with the USG, in implementing the new cloud-based enclave architecture as well as moving mission data into the cloud for the migration from the legacy (Windows-based) on-premises enclave.
• Reach out to partners for technical details and solutions related to system implementation and security.
• Execute cloud engineering tasks to support the USG's information technology enterprise, as well as related tasks such as documentation, knowledge transfer, configuration management, systems security-related tasks and planning activities.
• Provide technical support and assist in the timely resolution of technical issues related to the USG's cloud environment and systems.
• Support system requirements gathering and refinement as directed by the USG, and provide technical expertise on cloud computing techniques and technologies.
• Coordinate with and participate in meetings with internal and external teams and partners.
• Monitor current, and estimate future cloud-related costs and provide recommendations to the USG for cost-optimization strategies.
• Provide input and recommendations to USG staff and coordinate with the Information System Security Manager (ISSM) staff as necessary to help achieve and maintain ATO for the USG's cloud enclave.
• Provide support for application deployments, fixes and configuration changes in the cloud environment.
• Plan and implement backup and Disaster Recovery (DR) solutions in accordance with USG's requirements.
• Evaluate cloud strategy and architecture and provide recommendations and roadmaps for changes to improve security, reduce cost, and streamline operations to the USG.
• Select appropriate cloud services to design and deploy applications based on given requirements.
• Create functional design specifications, architectures, and render support to other cloud project deliverables.
• Design, build and maintain high availability cloud-based IT systems.
• Use Infrastructure-as-Code principles and automation within cloud environments to reduce the risk of errors, streamline operations and facilitate repeatability.
• Keep the USG informed of security, data integrity or technical risks.
• Work off-hours on occasion to support deployments, fixes or operations (happens rarely).
• Identify, analyze, and resolve infrastructure vulnerabilities and application deployment issues.
• Perform O&M tasks related to USG's enclave.
• Perform cloud activities including but not limited to; Create and configure virtual private clouds (VPCs), Create EC2 instances, Create RDS instances, Create and secure AMIs that meet security requirements, Create, manage, and test Lifecycle policies for backup and DR purposes, Create public and private subnets, Create auto scaling groups, Configure load balancers, Configure security groups, Create users and groups in cloud environments, Integration with external services.

required skills and demonstrated experience
The Contractor shall have the following required current skills, certifications, and demonstrated experience:

• Demonstrated experience including knowledge of Best Practices for implementing the security services provided by Amazon AWS (such as Identity Management, Secure Tokens, Cloud Watch and Cloud Monitoring).
• Demonstrated experience with knowledge of security constraints and required protections for enclave accreditation in an AWS cloud.
• Demonstrated experience making virtual machine configuration changes necessary to resolve trouble tickets or to comply with security requirements and IT best practices.
• Demonstrated experience, within the last two (2) years, setting up and maintaining an AWS-cloud based VPC.
• Demonstrated experience deploying and maintaining Windows environments in AWS.
• Demonstrated experience, within the last six (6) months, managing MS Product Suite.
• Demonstrated experience, within the last six (6) months, managing MS SQL.
• Demonstrated experience, within the last six (6) months, managing MS Server 2012/2016/2019/2022.
• Demonstrated experience, within the last six (6) months, deploying and managing log aggregation systems, such as Splunk.
• Demonstrated experience, within the last six (6) months, maintaining system accreditation.
• Certification(s):
  • AWS Cloud Solutions Architect - Professional

Highly Desired skills and demonstrated experience
Skills and demonstrated experiences that are highly desired but not required to perform the work include:

• Demonstrated experience with knowledge of security constraints and required protections for enclave accreditation in an AWS cloud in the Sponsor's environment.
• Demonstrated experience transitioning an on-premises enclave solution to a virtual private cloud (VPC).
• Demonstrated experience making application software and operating system configuration changes necessary to resolve trouble tickets or to comply with USG requirements and IT best practices.
• Demonstrated experience evaluating and mitigating software security vulnerabilities.
• Demonstrated experience with continuous monitoring from a security perspective.
• Demonstrated experience obtaining Certification and Accreditation within the USG's environment.
• Demonstrated experience with the USG's unique IT infrastructure and ongoing projects.
• Demonstrated experience executing O&M tasks as necessary to support the USG's software and hardware infrastructure.
• Demonstrated experience understanding and implementing Multi Factor Authentication (MFA) with AWS.
• Demonstrated experiencing managing Windows services and devices. This experience should be related to managing a Windows based enterprise, such as maintaining Server ISOs and related AMIs, COTS updates, managing domain forests and group policy objects, user role-based authentication in active directory.
• Demonstrated experience managing LDAP authentication with COTS applications, load balancing and gateway services related to remote desktop service deployments.
• Demonstrated experience with troubleshooting errors utilizing Event Viewer and Splunk logging.

This is a full-time position and requires a TS/SCI/Full Scope Polygraph Clearance.