IA/Cyber/Cloud Admin

About the role

We are seeking an IA/Cyber/Cloud Administrator to support client IT systems development and operations. This role requires knowledge and understanding of client IT processes and technology stack, includingDevSecOpsCI/CD pipelines, Cloud One environments, Oracle-based systems, and Java application stacks. Client systems are deployed in both classified and unclassified DISA and cloud environments, requiring strict adherence to client cybersecurity, configuration, and compliance standards.

The IA/Cyber/Cloud Administrator provides critical security, cloud administration, and compliance support to modernize and enhance client systems by ensuring environments are secure, resilient, and continuouslymonitored. This role serves as a key interface with the customer and the Program Management Office (PMO), ensuring that security controls, system configurations, and operational practices align with program requirements, RMF standards, and mission needs.

The IA/Cyber/Cloud Administrator works across capability delivery teams—including development Scrums, Cloud Engineering, andDevSecOpsplatform resources—to integrate security into system design, CI/CD pipelines, and cloud environments. The role supports the implementation and maintenance of security controls, vulnerability management processes, identity and access management, and continuous monitoring, ensuring systemsremaincompliant and operational within client environments.

What you'll do

• Administer and secure cloud environments, including client Cloud One, AWS, and hybrid infrastructures supporting REMIS

• Implement andmaintainsecurity controls across CI/CD pipelines, ensuring secure code integration, build, and deployment processes

• Support RMF (Risk Management Framework) activities, including control implementation, assessment support, and ATO sustainment

• Configure andmaintainSTIG-compliant systems, ensuring alignment with client hardening and configuration standards

• Integrate and manage automated security tools withinDevSecOpspipelines (SAST, DAST, container scanning, dependency scanning)

• Monitor system security posture using continuous monitoring tools, log aggregation, and alerting platforms

• Conduct vulnerability assessments, remediation tracking, and security reporting

• CI/CDDevSecOpsIntegration: Implement security analysis tools (SAST, DAST, SCA) into CI/CD pipelines toidentifyvulnerabilities early.

• Cybersecurity Compliance (RMF): Ensure cloud systems meet Risk Management Framework (RMF) standards (NIST 800-53), including ATO (Authority to Operate) support and documentation.

• Vulnerability Management: Perform automated cybersecurity testing and manage STIG compliance, conducting scan evaluations using ACAS (Assured Compliance Assessment Solution).

• Automation: Develop andmaintainautomation scripts for patching, configuration management, and evidence collection to support continuous authorization. 

• Cloud Infrastructure Admin: Provision, configure, andmaintain client cloud infrastructure (AWS GovCloud, Azure Government, IL2-IL6) using Infrastructure as Code (IaC) tools like Terraform or CloudFormation.

• Maintain secure configurations for cloud, virtualized, and hybrid environments, ensuring availability and resilience

• Collaborate with development,DevSecOps, and cloud engineering teams to embed security into system design and deployment workflows

• Maintaindocumentation including security plans, SSPs, POA&Ms, and configuration baselines

• Support incident response activities, including investigation, containment, and corrective action implementation

• Collaborating with agile software teams to remediate application risks.

• Managing Cloud Service Provider (CSP) security tools (AWS Security Hub, Azure Defender).

• Troubleshooting cloud-based application performance and security issues.

• Applying security patches and managing IAVAs (Information Assurance Vulnerability Alerts).

Qualifications

• Secret – Fully Cleared Only, must confirm clearance is active

• Client 8140 intermediate certification or client 8570 IAM Level II certifications or higher

• US Citizens Only

• Bachelor’s degree in IT, Engineering, Computer Science, or a related field; master’s degree preferred.

• 5-7 years in Cloud Engineering/Admin or Cybersecurity.

• Experience with cloud platforms (Cloud One, AWS, Azure Government)

• Experience securing CI/CD pipelines andDevSecOpsenvironments

• Experience with Kubernetes/Docker containerization, CI/CD tools (Jenkins, GitLab CI), AWS/Azure Services, andIaC(Terraform).

• Familiarity with client cybersecurity mandates (RMF, STIGs).

• Familiarity with container security (Docker, Kubernetes security practices)

• Experience with vulnerability scanning and security tools (e.g., Nessus, Fortify, SonarQube,Anchore)

Preferred

• Experience working with Agile development teams of 20+ FTEs andbefamiliar with Agile methodologies.

• DoD 8570/8140 compliance (e.g., CISSP, Security+ CE, CASP+ CE).

• Experience supporting Air Force maintenance/logisticsplatforms

• Familiarity with Platform One / DoD software factory ecosystem

Concept Plus is an Equal Opportunity Employer. As such, we will give your application full consideration without regard to your race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other classification protected by federal, state, or local law.

About Concept Plus

Concept Plus is a mission-focused technology solutions provider that transforms IT concepts into impactful solutions for federal agencies.