DevSecOps Engineer (TS/SCI Clearance Required)

Northpointtechnology · Washington, District of Columbia, United States · Engineering

Posted 2026-07-15

Apply for this role →

***Active TS clearance required; must be eligible for CI Polygraph. Applicants without an active TS clearance will not be considered.. ***

North Point Technology is looking to hire a Security / IAM Architect to design and implement identity and security architecture across AWS GovCloud and ADC (C2S/SC2S) environments. The qualified candidate must have an active TS/SCI security clearance and will build least-privilege access models, encryption strategies, and security guardrails that meet federal and Intelligence Community standards in air-gapped, classified environments. The ideal candidate combines deep AWS security expertise with hands-on experience navigating ATO and accreditation processes in a DoD/IC setting.

Responsibilities:

This position centers on architecting and implementing identity and access management across AWS GovCloud and ADC (C2S/SC2S) environments, including IAM policies, roles, and permission boundaries. The architect will design identity federation, CAC/PIV authentication, and least-privilege access models, and stand up security guardrails using Service Control Policies, AWS Config, and Security Hub within isolated regions. Additional work includes designing encryption and data-protection strategies, architecting network security for classified environments, and supporting ATO processes - preparing SSP documentation, remediating POA&M items, and activating continuous monitoring - to maintain a strong security and compliance posture.

Required Skills/Experience::

AM policy, role, and permission boundary design in AWS GovCloud and ADC (C2S/SC2S) environments

Identity federation, CAC/PIV authentication, and least-privilege access models aligned with NIST 800-53 and ICD 503

Security guardrails using Service Control Policies (SCPs), AWS Config, and Security Hub in air-gapped/isolated regions

Encryption strategy using AWS KMS with FIPS 140-2/3 validated modules, secrets management, and data-at-rest and in-transit protection

ATO processes, including SSP documentation, POA&M remediation, and continuous monitoring

Network security in classified environments, including VPC segmentation, cross-domain solutions, PrivateLink, and security groups

Qualifications:

Active Top Secret/SCI security clearance

Apply for this role →

← Back to all crypto jobs