DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.
Status: Proposal – Contingent upon Award
Location: Hybrid – Washington, DC Metro Area
Schedule: Full-time | Core hours 0730–1600 EST, Monday–Friday
Focus Areas: Cloud Security, FedRAMP, AWS, Continuous Monitoring, Compliance Automation, SIEM
OVERVIEWphia is seeking an experienced Cloud Architect to lead cloud security architecture and FedRAMP authorization activities in support of a federal client's multi-cloud environment. This role requires deep federal cloud expertise and the ability to design AI-enabled compliance automation solutions for complex cloud infrastructure.You will architect secure, FedRAMP-compliant cloud solutions, lead Continuous Monitoring (ConMon) design for cloud systems, and develop AI-powered tools to automate FedRAMP compliance data collection and analysis across cloud environments.WHAT YOU'LL DO Design and oversee implementation of FedRAMP-compliant cloud architectures for SaaS, PaaS, and IaaS environments; verify FedRAMP authorization status for cloud service offerings prior to adoption.Support agency CIO approval processes for FedRAMP Sponsorship requests in compliance with applicable federal policies and orders.Design and implement Continuous Monitoring (ConMon) solutions for cloud systems, ensuring control performance is measurable, documented, and reportable per federal ISCM requirements.Develop AI-enabled compliance automation tools capable of scanning cloud accounts and VPCs, collecting FedRAMP-specific control evidence, storing findings in a centralized ConMon repository, and identifying unmet requirements.Architect and assess cloud-native security configurations including networking, firewall, reverse proxy, and related automation capabilities.Review and interpret security event reports from SIEM platforms and cloud-native security services; analyze compliance and non-compliance metrics to drive remediation.Assess end-to-end data encryption practices (SSL/TLS, in-transit and at-rest) across cloud environments; identify vulnerabilities related to data or configuration exposure.Support cloud ATO packages: provide cloud-specific control evidence, assess cloud service provider (CSP) inherited controls, and ensure cloud security posture is accurately documented.Provide architectural guidance to cloud security engineers and development teams on cloud data privacy, protection practices, and federal risk management frameworks.WHO YOU ARECloud Security Architect: You have designed FedRAMP-authorized cloud environments for federal clients. You know the difference between FedRAMP Ready, In Process, and Authorized, and what it takes to get there.Cloud Networking Expert: You have deep hands-on knowledge of cloud networking, security services, and automation tooling in AWS and/or Azure environments.ConMon Specialist: You have built or operated continuous monitoring programs for federal cloud systems and know how to design automated evidence collection pipelines that satisfy ISCM requirements.AI-Forward: You can design and direct development of AI-powered compliance automation tools.SIEM-Savvy: You access, review, and interpret SIEM dashboards, alerts, and reports to derive actionable security intelligence from cloud telemetry.Federal-Fluent: You understand FedRAMP, FISMA, NIST SP 800-53, and federal compliance requirements as they apply to real cloud deployments.PREFERRED SKILLSPrior federal cloud architecture experience with federal agenciesExperience designing AI/ML-based compliance automation or security analytics platformsAWS certifications: AWS Certified Solutions Architect - Professional, AWS Certified Security - SpecialtyExperience with FedRAMP Agency ATO and Agency Sponsorship processesFamiliarity with multi-cloud security architecture (AWS and Azure) in federal settingsExperience with cloud-native SOAR integration for automated remediation workflowsREQUIRED EDUCATION + EXPERIENCEEducation: Master's degree in Cybersecurity, Cloud Computing, Information Technology, Computer Science, or closely related field (required)Experience: 10+ years of experience in cloud and cloud security solutions in federal government environmentsCertifications: Relevant AWS, Azure, or FedRAMP certifications strongly preferredGENERAL PROGRAM REQUIREMENTS
Citizenship: Must be a U.S. Citizen. No exception.
Work Hours: Full-time; Monday–Friday core hours 0730–1600 EST
Work Location: Hybrid – Washington, DC Metro Area; on-site presence required. Classified work must be performed at a government-designated facility on government-provided equipment.
Travel: Occasional travel may be required in support of this program.
Who We Are
phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits to enhance work-life balance, including the following:
Medical InsuranceDental InsuranceVision InsuranceLife InsuranceShort Term & Long Term Disability401k Retirement Savings Plan with Company MatchPaid HolidaysPaid Time Off (PTO)Tuition and Professional Development Assistancephia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
Read LessDISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.
Status: Proposal – Contingent upon Award
Location: Hybrid – Washington, DC Metro Area
Schedule: Full-time | Core hours 0730–1600 EST, Monday–Friday
Focus Areas: Cloud Security, DevSecOps, AWS, FedRAMP, Incident Response, Vulnerability Management
OVERVIEWphia is seeking a skilled Cloud Security Engineer to provide hands-on cloud security engineering and DevSecOps support for a federal client's multi-cloud environment. This role combines deep cloud security technical expertise with DevSecOps pipeline integration skills to protect cloud-native applications and infrastructure.You will design, implement, and maintain security controls across cloud environments, integrate security into DevSecOps pipelines, support FedRAMP compliance activities, respond to cloud security incidents, and conduct vulnerability assessments across cloud infrastructure.WHAT YOU'LL DODesign and implement cloud-native security architectures: network segmentation, identity and access management (IAM), encryption (in-transit and at-rest), infrastructure-as-code (IaC) security, API security, serverless function security, and egress controls.Build and maintain DevSecOps CI/CD pipelines with integrated security controls including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).Support cloud security Incident Response activities: analyze security events, recommend forensic approaches, implement recovery procedures, develop and maintain IR playbooks, and facilitate post-incident reviews documenting root causes.Execute vulnerability scans and assessments across cloud infrastructure; correlate findings with SIEM data; develop remediation plans; track and close findings in POA&Ms.Implement and maintain cloud security governance policies and procedures aligned with FedRAMP, NIST SP 800-53, CIS Benchmarks, and applicable federal cybersecurity standards.Support cloud ATO activities: implement and document security controls, produce control implementation evidence, and support security control assessments.Perform risk assessments of cloud security configurations, audits, and procedures; drive security incidents and vulnerabilities to resolution.Assist engineering teams in implementing cloud data privacy and protection practices including encryption key management, authentication, domain segmentation, and data protection.Develop and maintain cloud security documentation including architecture diagrams, standard operating procedures (SOPs), and compliance artifacts.WHO YOU ARECloud Builder: You can deploy and secure complex cloud architectures hands-on. You understand IaC, IAM, encryption, and network security at a deep technical level.DevSecOps Practitioner: You have integrated security tooling into CI/CD pipelines and can review infrastructure-as-code with a security lens.Incident Responder: You have handled cloud security incidents: you know how to triage, contain, eradicate, and document them, and you can build playbooks that make future responses faster.Tool-Proficient: You have hands-on experience with SIEM platforms, vulnerability scanning tools, and enterprise security tools.Federal-Fluent: You understand FedRAMP, FISMA, and NIST SP 800-53 compliance requirements as they apply to cloud deployments and can translate them into concrete technical controls.Communicator: You explain cloud security risks and findings clearly to security officers, system owners, and non-technical stakeholders.PREFERRED SKILLSAWS Certified Security - Specialty or equivalent cloud security certificationExperience with Azure security services in addition to AWSExperience with container security (Docker, Kubernetes) in federal cloud environmentsFedRAMP authorization support experience (control implementation and evidence gathering)Scripting proficiency: Python, Bash, or PowerShell for security automationHands-on experience with tools such as Splunk, Nessus/Tenable Security Center, Palo Alto Prisma, and enterprise firewall platformsREQUIRED EDUCATION + EXPERIENCEEducation: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related fieldExperience: 5+ years of hands-on experience in cloud-native security; demonstrated experience with IaC, DevSecOps CI/CD pipelines, application security, and cloud incident response in a federal or regulated environmentCertifications: Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISM (ISACA), CGEIT (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)GENERAL PROGRAM REQUIREMENTS
Citizenship: Must be a U.S. Citizen. No exception.
Work Hours: Full-time; Monday–Friday core hours 0730–1600 EST
Work Location: Hybrid – Washington, DC Metro Area; on-site presence required. Classified work must be performed at a government-designated facility on government-provided equipment.
Travel: Occasional travel may be required in support of this program.
Who We Are
phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia offers excellent benefits to enhance work-life balance, including the following:
Medical InsuranceDental InsuranceVision InsuranceLife InsuranceShort Term & Long Term Disability401k Retirement Savings Plan with Company MatchPaid HolidaysPaid Time Off (PTO)Tuition and Professional Development Assistancephia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
Read Less