DevSecOps Engineer (TS/SCI Clearance Required)
***Active TS clearance required; must be eligible for CI Polygraph. Applicants without an active TS clearance will not be considered.. ***
North Point Technology is looking to hire a Security / IAM Architect to design and implement identity and security architecture across AWS GovCloud and ADC (C2S/SC2S) environments. The qualified candidate must have an active TS/SCI security clearance and will build least-privilege access models, encryption strategies, and security guardrails that meet federal and Intelligence Community standards in air-gapped, classified environments. The ideal candidate combines deep AWS security expertise with hands-on experience navigating ATO and accreditation processes in a DoD/IC setting.
Responsibilities:
This position centers on architecting and implementing identity and access management across AWS GovCloud and ADC (C2S/SC2S) environments, including IAM policies, roles, and permission boundaries. The architect will design identity federation, CAC/PIV authentication, and least-privilege access models, and stand up security guardrails using Service Control Policies, AWS Config, and Security Hub within isolated regions. Additional work includes designing encryption and data-protection strategies, architecting network security for classified environments, and supporting ATO processes - preparing SSP documentation, remediating POA&M items, and activating continuous monitoring - to maintain a strong security and compliance posture.
Required Skills/Experience::
AM policy, role, and permission boundary design in AWS GovCloud and ADC (C2S/SC2S) environments
Identity federation, CAC/PIV authentication, and least-privilege access models aligned with NIST 800-53 and ICD 503
Security guardrails using Service Control Policies (SCPs), AWS Config, and Security Hub in air-gapped/isolated regions
Encryption strategy using AWS KMS with FIPS 140-2/3 validated modules, secrets management, and data-at-rest and in-transit protection
ATO processes, including SSP documentation, POA&M remediation, and continuous monitoring
Network security in classified environments, including VPC segmentation, cross-domain solutions, PrivateLink, and security groups
Qualifications:
Active Top Secret/SCI security clearance