DoW Cloud SecOps Engineer

About The Position

Requirements

• Active DoD Secret or Top-secret clearance.
• Role required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
• Demonstrated experience in CND/DCO operations (detection, triage, incident handling) supporting enterprise or mission environments.
• Cloud SecOps depth (GCP strongly preferred; AWS/Azure acceptable), including logging architecture, identity telemetry, and SIEM integration.
• Experience working with a CSSP (or SOC/CNDSP-equivalent) and operating within defined escalation, reporting, and coordination processes.
• Working proficiency with SIEM tooling, endpoint/EDR, firewall/network telemetry, identity/authentication logs, and cloud logging pipelines.
• Practical incident response capability: evidence handling, containment guidance, recovery support, and post-incident improvement.
• Strong writing and briefing skills: able to deliver precise, customer-ready outputs with minimal oversight.
• Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce toil and improve speed/quality.
• Comfort operating in a high-change environment with competing priorities, time-sensitive events, and frequent stakeholder engagement.

Nice To Haves

• Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).

Responsibilities

• Comply with the appropriate currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
• Coordinate with the CSSP to support near-real-time monitoring and analysis of insider and external threats during core business hours using security tools (e.g., SIEM, endpoint/EDR, firewall/network logs, cloud-native logging), dashboards/alerts, and custom-developed scripts.
• Support CSSP alerting workflows by triaging events, enriching context, escalating appropriately, and helping prioritize remediation using reliable threat intelligence.
• Perform continuous monitoring (ConMon) activities including audit review, attack sensing and warning, intrusion/malware detection support, and recurring control-health checks aligned to program needs.
• Support and execute cyber incident response actions in coordination with the Government lead, including initial triage, evidence capture, containment recommendations, and recovery support.
• Coordinate response and recovery actions with external agencies/providers as needed (e.g., CSSP, CCMDs, platform providers) while ensuring actions are performed IAW applicable policies and instructions.
• Provide CNAP monitoring support as applicable (network monitoring, intrusion detection monitoring, authentication monitoring).
• Conduct intrusion research and vulnerability research to inform detection priorities, hardening actions, and risk-based remediation recommendations.
• Coordinate and deconflict activities for CSSP responses and red team responses; ensure findings translate into actionable improvements and trackable outcomes.
• Develop and maintain scripts, queries, and repeatable workflows (including responsible AI-enabled methods where appropriate) to automate labor-intensive monitoring, enrichment, evidence capture, and reporting tasks.
• Communicate clearly and concisely: produce incident summaries, technical findings, and stakeholder-ready updates with minimal editing in a high-tempo environment.