Key skills
AWSAzureTerraformContainerizationCI/CD PipelinesSecurity ComplianceLinuxWindows ServerAutomationCross-Functional CommunicationAIArtificial IntelligenceAnalyticsKubernetesDockerGitHub ActionsGitLab CIServerlessECSEKSCloudFormationEC2S3RDSIAMSplunkGitHubGitLabCI/CDResource PlanningMentoring
About this role
Defcon AI is an insights company that leverages artificial intelligence and data analytics for resilient optimization of complex systems. They are seeking an experienced Cloud Infrastructure Engineer to design, deploy, and administer cloud environments with a strong emphasis on virtualization, automation, and security.
Responsibilities:
- Administer and maintain AWS and/or Azure environments, including day-to-day operations of virtual machines, networking, and storage
- Manage VPCs, subnets, routing tables, security groups, NACLs, and private networking constructs
- Deploy, maintain, and optimize EC2 instances, RDS, S3, IAM, KMS, Secrets Manager, and CloudTrail
- Build and manage hardened VM images (AMIs / golden images) for consistent, repeatable deployments
- Implement and support high availability, auto-scaling, and disaster recovery configurations
- Support multi-account or multi-subscription cloud governance structures (e.g., AWS Organizations, Azure Management Groups)
- Design and maintain infrastructure using Terraform, including modular design, remote state management, and workspace strategies
- Lead or support migrations from legacy IaC tooling (e.g., CloudFormation) to modern frameworks
- Enforce policy-as-code guardrails and maintain version-controlled infrastructure repositories
- Build reusable, secure baseline modules for VPC architecture, IAM roles, logging, monitoring, and encryption
- Administer virtualized workloads across cloud environments, including sizing, patching, lifecycle management, and cost optimization
- Support container-based workloads in ECS and/or EKS, including cluster management, networking, and image security
- Assist with transitions from legacy compute paradigms (e.g., EBS-backed instances) to modern container or serverless architectures
- Implement automated drift detection and remediation for both VMs and containerized environments
- Identify and implement automation opportunities to reduce manual operational overhead and improve team velocity
- Integrate infrastructure provisioning and security controls into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent)
- Implement and maintain secure secrets management practices
- Collaborate with DevSecOps and application engineering teams to enforce least-privilege IAM policies and secure-by-default configurations
- Apply and maintain security hardening baselines (CIS Benchmarks, DISA STIGs) for Linux and Windows virtual systems
- Configure and monitor AWS CloudTrail, GuardDuty, Security Hub, Config, and centralized logging pipelines
- Support SIEM integration (e.g., Splunk, Microsoft Sentinel) and assist with incident response
- Maintain vulnerability management lifecycle including patching, remediation tracking, and reporting
- Support compliance efforts aligned with relevant frameworks (NIST 800-171, CMMC, HIPAA, SOC 2, or FedRAMP as applicable)
- Partner with development, security, and IT operations teams to deliver reliable, scalable services
- Produce and maintain thorough documentation — architecture diagrams, runbooks, SOPs, and evidence artifacts for audits or assessments
- Contribute to budget management, resource planning, and capacity forecasting for cloud environments
Requirements:
- 5+ years of experience in systems administration, cloud operations, or infrastructure engineering
- 3+ years of hands-on experience managing AWS and/or Azure environments, including virtual machine administration
- Strong Terraform experience, including modular design and state management; experience leading IaC migrations is a plus
- Demonstrated ability to automate operational workflows and reduce manual effort at scale
- Strong understanding of IAM, encryption (KMS, TLS), and network segmentation
- Experience with Linux (RHEL/Amazon Linux) and/or Windows Server in a cloud context
- Familiarity with containerization technologies (Docker, ECS, EKS, or Kubernetes)
- Solid understanding of CI/CD pipelines and DevSecOps practices
- Multi-cloud experience spanning AWS and Azure
- Experience in regulated industries such as healthcare (HIPAA), defense (CMMC/NIST 800-171), or financial services (SOC 2)
- AWS certifications (Solutions Architect, SysOps Administrator, Security Specialty) or Azure equivalents
- CompTIA Security+ or equivalent security certification
- Experience with AWS Control Tower, Landing Zones, or equivalent governance tooling
- Familiarity with SIEM platforms (Splunk, Microsoft Sentinel)
- Experience managing or mentoring distributed technical teams
- PMP, CSM, or similar project/program management certification
- Active DoD security clearance (Secret or above) or ability to obtain and maintain one