Dragonfli Group is a leading cybersecurity and IT consulting firm headquartered in Washington, DC, supporting high-profile federal agencies and large commercial enterprises. We specialize in secure enterprise infrastructure, multi-cloud security architecture, and advanced cyber defense strategies. We are seeking a Senior Cloud Security Architect & Cybersecurity Engineer to lead a mission-critical federal cybersecurity program. In this senior-level SME role, you will design, implement, and optimize secure architectures across complex enterprise networks and multi-cloud environments (Azure, AWS, GCP), integrating AI-driven monitoring and automation to detect and mitigate threats in real time.
The ideal candidate will bring at least 7+ years of security architecture experience, 7+ years in cloud architecture, and 9+ years in cybersecurity, with a proven ability to lead complex initiatives in large-scale environments. You’ll work collaboratively with cross-functional teams to assess, design, and enhance security architectures, incorporating advanced analytics and automation—including AI-driven monitoring—to detect and mitigate threats in real time.
General Responsibilities:
- Advise leadership and technical teams on secure enterprise infrastructure and cloud architecture strategies, ensuring compliance with federal cybersecurity standards and frameworks (e.g., DISA STIGs, NIST 800 series, CIS Benchmarks).
- Lead the design, documentation, and implementation of enterprise-level security architectures for hybrid data center and cloud environments (Azure, AWS, GCP).
- Collaborate with cross-functional teams—including SOC, networking, and application development—to identify, assess, and remediate security risks.
- Develop and present conceptual and detailed architecture diagrams, security posture assessments, and technology roadmaps to both technical and non-technical stakeholders.
- Conduct regular security posture reviews and recommend improvements to strengthen enterprise defense-in-depth strategies.
- Support security policy development, including change management processes to minimize unintended operational impact.
- Mentor and train junior engineers and administrators on enterprise network, cloud, and security best practices.
Technical Responsibilities:
- Design, implement, and optimize secure enterprise infrastructures spanning:
- Data Center Security – segmentation, access control, and physical/virtual system hardening.
- Cloud Security – architecture and security controls for Azure, AWS, GCP; including IaaS, PaaS, and SaaS deployments.
- Software-Defined Networking/SASE – secure configuration and management of SDWAN/SSE solutions, applying consistent enterprise security policies across all locations.
- Trusted Internet Connections (TIC) – implementation and optimization for federal compliance, including routing, firewalling, and monitoring.
- Enterprise Certificate Authority/PKI – configuration, operations, and lifecycle management of enterprise PKI.
- DNS/DHCP Security – secure configuration and monitoring for name resolution and IP address management services.
- DDoS/WAF – deployment and tuning of distributed denial-of-service protections and web application firewalls.
- Network Access Control – policy creation and enforcement across wired and wireless networks.
- Wireless Network Security – design and implementation of secure wireless infrastructure.
- Integrate security monitoring and analytics using SOC processes, SIEM, NDR, and EDR/XDR technologies to detect, analyze, and respond to threats.
- Apply AI and automation for:
- Dynamic resource allocation and scaling in cloud environments.
- Network traffic anomaly detection and behavior-based intrusion prevention.
- Vendor research aggregation and prioritization for security solutions.
- Deploy and manage physical, virtual, and cloud-hosted enterprise applications on both Windows and Linux platforms.
- Utilize scripting and automation (PowerShell, Python, APIs) to streamline security operations and configuration management.
- Conduct market research on emerging security technologies and provide recommendations for adoption.
- Provide on-call support for network-impacting or outage scenarios outside of standard business hours.
Required Skills
Knowledge of security standards and best practices, including but not limited to:
- DISA STIGs,
- NIST 800, Cybersecurity Framework
- CIS Benchmarks
- Experience with security architecture and cloud development.
Experience in cybersecurity technology solution planning, engineering, and deployment, including EDR/XDR, FW, NGIPS, SIEM, NDR.
Knowledge of enterprise infrastructure design requirements: Data center, Cloud (Azure, GCP, AWS, PaaS/IaaS/SaaS), Software defined networks/SASE, Trusted Internet Connections (TIC), Enterprise certificate authority/PKI operations, DNS/DHCP security, DDoS/WAF, Network access control, Wireless network security.
Ability to work well in a strong collaborative team-oriented environment.
Ability to effectively present technical information to many different levels of the organization.
Demonstrated strong communication skills (written/spoken).
Demonstrated strong organizational skills
Proficiency in Microsoft Office tools: i.e., PowerPoint
Experience working with cloud security technologies of Microsoft, Google, or Amazon
Serving as a subject matter expert in the configuration and operation of the security consoles and controls within the Cloud environment
Experience deploying physical, virtual and cloud hosted enterprise applications on Windows and/or Linux
Knowledge and understanding of SDWAN/SSE design and security policies.
Knowledge and understanding of TLS traffic analysis and TLS intercept.
Experience with Security Operations Center (SOC) Processes
Desired Skills
Experience working in a fast-paced complex system
Experience in a very large enterprise environment
Experience with Cisco networking and equipment
Experience automating process using PowerShell or Python, including use of remote APIs
- Health, dental, and vision insurance
- PTO and 11 Federal Holidays
- 401(k) with employer match