Senior Cloud Infrastructure Engineer - Remote
Company: By Light Professional IT Services
Location: San Diego
Posted on: January 26, 2026
|
|
|
Job Description:
By Light Professional IT Services LLC readies warfighters and
federal agencies with technology and systems engineered to connect,
protect, and prepare individuals and teams for whatever comes next.
Headquartered in McLean, VA, By Light supports defense, civilian,
and commercial IT customers worldwide. Cole Engineering Services
(CESI), a By Light company, is recognized as a premier provider of
modeling and simulation (M&S) training solutions to the Federal
Government and industry. Since 2004, CESI has been at the forefront
of developing, maintaining, and integrating simulation-based
training, serious gaming, technical services, training and other
support in live, virtual, constructive, and gaming (LVCG) domains.
CESI also designs, builds and runs infrastructure, platforms,
applications and processes that enable cyber training for the
integrated multi-domain force. Our vision is to become a worldwide
full spectrum LVCG and cyber training/analysis developer,
integrator and services provider. Position Overview Cole
Engineering Services, Inc. is seeking a highly qualified Senior
Cloud Infrastructure Engineer to lead implementation, security, and
operations of mission-critical cloud environments that power DoD
cyber training capabilities and applications. You will manage and
develop resilient, compliant, and cost-optimized cloud platforms
supporting cyber ranges, training orchestration, and multi-tenant
applications in FedRamp approved cloud environments. You will
partner closely with cybersecurity, DevSecOps, networking, and
training operations teams to deliver secure, scalable capabilities
aligned to DoD RMF, DISA STIGs, and the DoD Cloud Computing SRG
(Impact Levels IL2–IL6). In this role, you will be a key technical
leader ensuring the DoD’s cyber training enterprise platforms are
secure, resilient, and efficient, enabling cyber operators to
execute complex cyber exercises at scale while meeting stringent
compliance and mission requirements. Responsibilities Primary
Position Functions: Support the design and maintain landing zones
using cloud applications such as AWS Organizations, Control Tower,
SCP guardrails, Identity and Access Management (IAM) multi-account
patterns, and VPC architectures (Transit Gateway, PrivateLink, NAT,
IGW) for enclave isolation and cross-domain needs. Engineer
high-availability, multi-Region solutions leveraging cloud tools
such as EC2, EKS/ECS Fargate, RDS/Aurora, DynamoDB, S3/EFS/FSx,
Load Balancers, Route 53, and API Gateway. Implement Zero
Trust-aligned patterns (micro-segmentation, strong identity,
continuous verification) consistent with DoD Zero Trust guidance.
Implement security controls and evidence generation for RMF ATO
packages (SSP, SAR, POA&M) in coordination with cybersecurity
teams. Apply DISA STIGs (OS, DB, Kubernetes, Container) and SRG
requirements for workloads at IL2–IL6 Tailor and automate STIG
application using IaC and configuration management. Integrate
encryption and key management with cloud tools such as AWS KMS/HSM;
enforce IAM least privilege, SCPs, permission boundaries, ABAC, and
robust secrets management. Implement cloud logging and metrics
tools such as CloudTrail/CloudWatch/GuardDuty/Config for
comprehensive audit and detection. Align architectures with FedRAMP
Moderate/High baselines when required and ensure boundary
compliance for controlled workloads. Networking and Connectivity
Develop secure connectivity (AWS Direct Connect/VPN), hybrid
routing, and segmentation; implement TLS mutual auth, certificate
management, and private service endpoints. Design logging and
telemetry pipelines (CloudWatch, OpenTelemetry, Kinesis, S3, SIEM
integration such as Splunk/ELK) with retention, metadata/tagging,
and data lifecycle policies. Own SLOs/SLAs for platform services.
Implement autoscaling, health checks, and proactive capacity
management. Lead cost management and alerting practices of cloud
environments in coordination with project leads. Provide Tier 3
support, on-call rotations during exercises, and incident response
coordination with cybersecurity and training operations. Program
and Stakeholder Engagement Collaborate with agile teams and product
owners to translate training requirements into platform
capabilities. Provide mentorship for junior engineers. Establish
standards, design reviews, and repeatable processes. Present cloud
solutions to project leadership and accreditation authorities.
Required Experience/Qualifications 8–12 years of experience in
cloud/platform engineering with at least 5 years focused on Amazon
Web Services (AWS) with a demonstrated leadership delivering
secure, scalable, production-grade cloud-based systems. DoD
8570/8140 compliance: IAT II (Security) required; IAT III/CISSP or
CASP preferred Associate or bachelor’s degree in a related
technical discipline such as computer science or information
technology from an accredited college or university. Preferred
Experience/Qualifications AWS Certifications: Certified Solutions
Architect – Professional, Security – Specialty, and/or DevOps
Engineer – Professional. Special Requirements/Security Clearance
Please note that pursuant to a government contract, this specific
position requires U. S. Citizenship status with ability to obtain a
SECRET to TOP SECRET security clearance. Security Clearance
requirements will be specified in the Governments Task Order.
Active DoD Secret clearance preferred; If not already cleared,
candidate will be required to obtain and maintain a Top Secret/SCI
clearance as a condition of employment. This job description is not
designed to cover or contain a comprehensive listing of activities,
duties or responsibilities that are required of the employee. The
above is intended to describe the general contents of and
requirements for the performance of this job. Benefits Overview
CESI recognizes that our strength is our people. We support every
employee as an individual to build strong teams across the
enterprise. Our benefit package includes: Medical, Dental & Vision
Coverage Wellness Program 401(k) Matching Disability (Short Term &
Long Term) Employee Assistance Program Life Insurance Education &
Training Generous Leave Policy (11 Federal Holidays, PTO, Military
Leave, Bereavement and Jury Duty) CESI is committed to principles
of inclusion and equal employment opportunity. We foster a
non-discriminatory, professional work environment for all our
teams. We do not discriminate based on race, color, religion, sex,
pregnancy, sexual orientation, gender identity, genetic
information, national origin, age, marital status, disability, or
veteran status. By Light recognizes that our strength is our
people. We support every employee as an individual to build strong
teams across the enterprise. Our benefit package includes: Medical,
Dental & Vision Coverage Wellness Program 401(k) Matching
Disability (Short Term & Long Term) Employee Assistance Program
Life Insurance Education & Training Generous Leave Policy (11
Federal Holidays, PTO, and Military Leave) By Light is an Equal
Opportunity and Affirmative Action Employer. All qualified
candidates will receive consideration regardless of gender, race,
veteran status, disability, and any other protected class in
accordance with federal, state and local laws.
Keywords: By Light Professional IT Services, Downey , Senior Cloud Infrastructure Engineer - Remote, IT / Software / Systems , San Diego, California
