Cloud Hosting Subject Matter Expert; SME

Req : RQ211627

Type of Requisition: Regular

Clearance Level Must Be Able to Obtain: None

Public Trust/Other

Required:

MBI (T2)

Job Family: IT Infrastructure and Operations

Skills:

Cloud Architectures, Cloud Based Services, Cloud Hosting, Cloud Platform, Security Compliance

Experience:

10+ years of related experience

Job Description:

The Cloud Hosting SME is the technical lead for designing, building, and operating secure, reliable, and cost‑effective hybrid/multi‑cloud platforms for mission systems. You will own the enterprise design patterns, landing zones, identity and network baselines, observability, automation, and disaster recovery that let teams deploy quickly and safely across AWS, Azure, and on‑prem environments. You’ll partner with the engineering and delivery teams on a clear service catalog, and with finance on unit economics and optimization, while leading the product life cycle for hosting platforms that meet federal standards (NIST, RMF, TIC 3.0, Zero Trust) and ATO sustainment.

Timeline: This is a contingent posting, expected to start in August, 2026

You will turn current hosting platforms from a collection of projects into a standardized, auditable platform that accelerates delivery and reduces risk. By codifying landing zones and guardrails as reusable templates, you’ll cut environment build times from weeks to minutes and prevent configuration drift. Your identity‑centric designs andدة‑as‑code controls will raise security without slowing teams down, while SRE practices and progressive delivery will reduce incidents and shorten time to restore.

You’ll right‑size capacity, apply commitments effectively, and tier storage so cost per unit trends down even as usage grows. The result is visible to executives and end users alike: faster launches, higher availability, cleaner audits, and predictable spend.

• Education: Bachelor's Degree. In lieu of a degree, an additional four years of related experience required.
• Experience:
• 10+ years in cloud/platform engineering or cloud architecture with hands‑on delivery at enterprise scale; at least 3 years leading hybrid/multi‑cloud (AWS/Azure) in regulated or federal environments.
• Demonstrated ownership of secure landing zones, network/identity patterns, and CI/CD/IaC pipelines; track record reducing MTTR, change failure rate, and cost per unit.
• Experience aligning to NIST SP
  -playing, Zero Trust/TIC 3.0, FedRAMP services, and ATO sustainment; evidence of successful audits or compliance assessments.
• Proven delivery of container platforms (Kubernetes/Open Shift) and platform services (databases, messaging, caches) with DR/RTO/RPO objectives.
• Leadership in multi‑vendor/SIAM settings with shared KPIs, cross‑domain change coordination, and incident “swarming.”
• Technical skills:
• Cloud Platforms:
  Deep expertise in AWS and Azure (GCP, OCI a plus):
  Organizations/Entra /IAM, Control Tower/Landing Zone, Transit Gateway/vWAN, Private Link/Private Endpoints, Key Management, security and monitoring services.
• Networking & Identity: VPC/VNet design, hub‑and‑spoke, SD‑WAN integration, DNS, NAT, firewalling, service mesh, SSO (SAML/OIDC), PIV/FIDO2, JIT/PIM/PAM.
• Automation & Delivery:
  Terraform, Cloud Formation/Bicep, Ansible, Packer, Helm;
  Git Ops (Argo CD/Flux); policy‑as‑code (OPA/Conftest/Cloud Custodian); progressive delivery (blue/green, canary).
• Containers & Platform Engineering:
  Kubernetes/Open Shift operations, cluster lifecycle, admission control, image signing/provenance, supply‑chain security (SBOM, attestations).
• Observability & SRE:
  Open Telemetry (traces/metrics/logs), Prometheus/Grafana, log analytics/SIEM; SLOs/error budgets; synthetic and RUM monitoring.
• Data & Storage:
  Managed databases (e.g., RDS/Aurora, SQL MI, Cosmos/Spanner), backup/restore with immutability/object lock, cross‑region replication, tiering and lifecycle management.
• Security & Compliance:
  Baseline hardening (CIS/STIGs), vulnerability/patch orchestration, encryption in transit/at rest, secrets management (Vault/KMS), least‑privilege patterns; evidence generation for RMF Con Mon.
• Cost &…