Description

Strategic Business Systems


Cloud Infrastructure Engineer AWS (Classified Environments / Landing Zone)

Location: Chantilly, VA
Work Type: Onsite / Hybrid
Citizenship: U.S. Citizenship required
Clearance: Active Top Secret/SCI clearance required

About SBS
Strategic Business Systems, Inc. (SBS) delivers AWS-aligned mission-critical cloud, cybersecurity, software engineering, and data modernization solutions to the U.S. Department of Defense, the Intelligence Community, and federal civilian agencies.

We hire engineers, architects, and consultants who want to do hands-on work on high-impact national-security programs while collaborating directly with AWS Professional Services. Our culture is technical, lean, and clearance-friendly: we invest in certifications, retain talent through long-duration prime engagements, and provide a comprehensive benefits package.

POSITION SUMMARY

SBS is expanding its AWS Professional Services delivery team to support a high-priority national-security program. As a Senior Cloud Infrastructure Engineer, you will design and stand up secure, multi-account AWS Landing Zones in air-gapped and classified regions that serve as the foundational platform for downstream mission applications. You will partner directly with AWS Professional Services architects and government technical leads, owning architecture decisions across networking, identity, security, and automation.

This is a hands-on engineering role: you will write Terraform, configure VPCs and Transit Gateways, harden IAM, and deploy logging and audit pipelines that satisfy DoD/IC accreditation requirements. The work directly enables Authority to Operate (ATO) and accelerates the customer's adoption of cloud-native capabilities.

KEY RESPONSIBILITIES

• Design and deploy AWS Landing Zones in air-gapped, classified regions, including AWS Control Tower equivalents and account-vending automation.

• Architect multi-account AWS organizations with appropriate Organizational Unit (OU) structure, Service Control Policies (SCPs), and tag governance.

• Build and maintain Infrastructure-as-Code modules in Terraform (and AWS CloudFormation where required) for repeatable, auditable deployments.

• Configure VPCs, subnets, route tables, Transit Gateways, VPC endpoints, DNS (Route 53 / hybrid resolvers), and private connectivity to on-premises enclaves.

• Implement IAM policies, permission boundaries, role federation, and break-glass procedures aligned to least-privilege principles.

• Stand up centralized logging, audit, and monitoring (CloudTrail, Config, GuardDuty, Security Hub, CloudWatch) and integrate with the customer's SIEM.

• Integrate the cloud platform with enterprise identity (e.g., Identity, Credential, and Access Management (ICAM); Personal Identity Verification (PIV); Common Access Card (CAC)) and compliance tooling.

• Collaborate with AWS Professional Services, mission application teams, and the customer's Risk Management Framework (RMF) / Authority to Operate (ATO) authorizing officials.

• Produce architecture diagrams, runbooks, and design decision records suitable for ATO body-of-evidence packages.

REQUIRED QUALIFICATIONS

• U.S. Citizenship and active Top Secret / SCI clearance.

• Five (5) or more years of hands-on AWS engineering experience, including building environments from inception (greenfield).

• Demonstrated experience designing multi-account AWS architectures and AWS Landing Zone patterns.

• Advanced AWS networking knowledge: VPC design, Transit Gateway, PrivateLink, hybrid DNS, and on-premises connectivity patterns.

• Proficiency with Infrastructure-as-Code, specifically Terraform and/or AWS CloudFormation, including module design and state management.

• Experience implementing AWS security controls, IAM at scale, KMS, audit logging, and resource-based policies.

• Familiarity working in classified or highly regulated environments and producing artifacts suitable for compliance review.

• Bachelor's degree in Computer Science, Engineering, or a related discipline — or equivalent professional experience.

• Clear written and verbal communication skills for technical documentation, stakeholder coordination, and customer-facing delivery.

PREFERRED QUALIFICATIONS

• Prior delivery experience in AWS GovCloud (US), AWS Secret Region / AWS Secret-West, or AWS Top Secret-East/West.

• Working knowledge of DISA STIGs, NIST SP 800-53 / 800-171, and the DoD Cloud Computing Security Requirements Guide (SRG).

• Direct experience supporting Risk Management Framework (RMF) / Authority to Operate (ATO) packages (SSP, control implementation, POA&M).

• Experience with CI/CD for infrastructure (GitLab CI, Jenkins, AWS CodePipeline).

• Scripting in Python or PowerShell for automation and integration tasks.

CERTIFICATIONS

Required:

• None mandatory.

Preferred:

• AWS Certified Solutions Architect — Professional

• AWS Certified Advanced Networking — Specialty

• AWS Certified Security — Specialty

• HashiCorp Certified: Terraform Associate

• HashiCorp Certified: Terraform Authoring & Operations Professional

WORK ENVIRONMENT & PHYSICAL REQUIREMENTS

Onsite work within a Sensitive Compartmented Information Facility (SCIF). Sustained focus at a workstation; standard office environment; no special lifting requirements. Mobile devices are not permitted in the work area.

COMPENSATION & BENEFITS

SBS offers competitive compensation and a comprehensive total-rewards package, including:

• Comprehensive medical, dental, and vision coverage; HSA-eligible plan options available

• 401(k) retirement plan with company match (vesting schedule per Plan Document)

• Paid Time Off, federal holidays, and floating holiday for personal observance

• Annual professional development support for AWS certifications, training, and conferences

• Employee referral program where applicable and documented by program policy

• Life, AD&D, and short- / long-term disability insurance

• Telework and flexible-schedule support where mission and contract permit

• Mission-focused federal contractor supporting national-security customers

EEO Disclaimer
SBS is an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to age, gender, gender identification, sex, sexual orientation, color, race, creed, national origin, religion, marital status, parental status, citizenship status, ancestry, physical or mental disability, genetic information, veteran status, military status, or any other classification protected by federal, state, or local laws.

Accommodations
If you need an accommodation seeking employment with SBS, please email hr@sbsplanet.com . Accommodations are made on a case-by-case basis.

Apply

Send resumes to recruiting@sbsplanet.com

PI284109631