IA/Cyber/Cloud Admin

About the role

We are seeking an IA/Cyber/Cloud Administrator to support client IT systems development and operations. This role requires knowledge and understanding of client IT processes and technology stack, including DevSecOps CI/CD pipelines, Cloud One environments, Oracle-based systems, and Java application stacks. Client systems are deployed in both classified and unclassified DISA and cloud environments, requiring strict adherence to client cybersecurity, configuration, and compliance standards. 

The IA/Cyber/Cloud Administrator provides critical security, cloud administration, and compliance support to modernize and enhance client systems by ensuring environments are secure, resilient, and continuously monitored. This role serves as a key interface with the customer and the Program Management Office (PMO), ensuring that security controls, system configurations, and operational practices align with program requirements, RMF standards, and mission needs. 

The IA/Cyber/Cloud Administrator works across capability delivery teams—including development Scrums, Cloud Engineering, and DevSecOps platform resources—to integrate security into system design, CI/CD pipelines, and cloud environments. The role supports the implementation and maintenance of security controls, vulnerability management processes, identity and access management, and continuous monitoring, ensuring systems remain compliant and operational within client environments. 

What you'll do

• Administer and secure cloud environments, including client Cloud One, AWS, and hybrid infrastructures supporting REMIS  

• Implement and maintain security controls across CI/CD pipelines, ensuring secure code integration, build, and deployment processes  

• Support RMF (Risk Management Framework) activities, including control implementation, assessment support, and ATO sustainment  

• Configure and maintain STIG-compliant systems, ensuring alignment with client hardening and configuration standards  

• Integrate and manage automated security tools within DevSecOps pipelines (SAST, DAST, container scanning, dependency scanning)  

• Monitor system security posture using continuous monitoring tools, log aggregation, and alerting platforms  

• Conduct vulnerability assessments, remediation tracking, and security reporting  

• CI/CD DevSecOps Integration: Implement security analysis tools (SAST, DAST, SCA) into CI/CD pipelines to identify vulnerabilities early. 

• Cybersecurity Compliance (RMF): Ensure cloud systems meet Risk Management Framework (RMF) standards (NIST 800-53), including ATO (Authority to Operate) support and documentation. 

• Vulnerability Management: Perform automated cybersecurity testing and manage STIG compliance, conducting scan evaluations using ACAS (Assured Compliance Assessment Solution). 

• Automation: Develop and maintain automation scripts for patching, configuration management, and evidence collection to support continuous authorization.  

• Cloud Infrastructure Admin: Provision, configure, and maintain client cloud infrastructure (AWS GovCloud, Azure Government, IL2-IL6) using Infrastructure as Code (IaC) tools like Terraform or CloudFormation. 

• Maintain secure configurations for cloud, virtualized, and hybrid environments, ensuring availability and resilience  

• Collaborate with development, DevSecOps, and cloud engineering teams to embed security into system design and deployment workflows  

• Maintain documentation including security plans, SSPs, POA&Ms, and configuration baselines 

• Support incident response activities, including investigation, containment, and corrective action implementation 

• Collaborating with agile software teams to remediate application risks. 

• Managing Cloud Service Provider (CSP) security tools (AWS Security Hub, Azure Defender). 

• Troubleshooting cloud-based application performance and security issues. 

• Applying security patches and managing IAVAs (Information Assurance Vulnerability Alerts). 

Qualifications

• Secret – Fully Cleared Only, must confirm clearance is active  

• Client 8140 intermediate certification or client 8570 IAM Level II certifications or higher  

• US Citizens Only 

• Bachelor’s degree in IT, Engineering, Computer Science, or a related field; master’s degree preferred. 

• 5-7 years in Cloud Engineering/Admin or Cybersecurity. 

• Experience with cloud platforms (Cloud One, AWS, Azure Government) 

• Experience securing CI/CD pipelines and DevSecOps environments  

• Experience with Kubernetes/Docker containerization, CI/CD tools (Jenkins, GitLab CI), AWS/Azure Services, and IaC (Terraform). 

• Familiarity with client cybersecurity mandates (RMF, STIGs). 

• Familiarity with container security (Docker, Kubernetes security practices)  

• Experience with vulnerability scanning and security tools (e.g., Nessus, Fortify, SonarQube, Anchore)

Preferred

• Experience working with Agile development teams of 20+ FTEs and be familiar with Agile methodologies. 

• DoD 8570/8140 compliance (e.g., CISSP, Security+ CE, CASP+ CE). 

• Experience supporting Air Force maintenance/logistics platforms 

• Familiarity with Platform One / DoD software factory ecosystem  

Concept Plus is an Equal Opportunity Employer. As such, we will give your application full consideration without regard to your race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other classification protected by federal, state, or local law.