Cloud Infrastructure Engineer

ABOUT DEFCON AI

RESILIENCE IN THE FACE OF DISRUPTION. DEFCON AI is an insights company that leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems.
In today’s dynamically changing world, DEFCON AI’s technology aligns outcomes with operational goals, better decision making, and empowers customers to anticipate assess, and mitigate the impacts of disruptions.

About the Role 

We are seeking an experienced Cloud Infrastructure Engineer to design, deploy, and administer cloud environments with a strong emphasis on virtualization, automation, and security. 

 This role owns the full lifecycle of cloud infrastructure — from virtual machine provisioning and network architecture to Infrastructure as Code (IaC) deployments and continuous monitoring.  

The ideal candidate brings hands-on experience managing AWS and/or Azure environments, operating container platforms, and translating operational complexity into scalable, secure solutions. Experience working in regulated or compliance-driven industries (e.g., healthcare, defense, finance) is a strong plus. 

Key Responsibilities 

Cloud Infrastructure & Virtual Systems Administration 

• Administer and maintain AWS and/or Azure environments, including day-to-day operations of virtual machines, networking, and storage.
• Manage VPCs, subnets, routing tables, security groups, NACLs, and private networking constructs
• Deploy, maintain, and optimize EC2 instances, RDS, S3, IAM, KMS, Secrets Manager, and CloudTrail
• Build and manage hardened VM images (AMIs / golden images) for consistent, repeatable deployments
• Implement and support high availability, auto-scaling, and disaster recovery configurations
• Support multi-account or multi-subscription cloud governance structures (e.g., AWS Organizations, Azure Management Groups) 

Infrastructure as Code (IaC) 

• Design and maintain infrastructure using Terraform, including modular design, remote state management, and workspace strategies
• Lead or support migrations from legacy IaC tooling (e.g., CloudFormation) to modern frameworks
• Enforce policy-as-code guardrails and maintain version-controlled infrastructure repositories
• Build reusable, secure baseline modules for VPC architecture, IAM roles, logging, monitoring, and encryption 

Virtualization & Containerization 

• Administer virtualized workloads across cloud environments, including sizing, patching, lifecycle management, and cost optimization
• Support container-based workloads in ECS and/or EKS, including cluster management, networking, and image security
• Assist with transitions from legacy compute paradigms (e.g., EBS-backed instances) to modern container or serverless architectures
• Implement automated drift detection and remediation for both VMs and containerized environments 

Automation & DevSecOps Integration 

• Identify and implement automation opportunities to reduce manual operational overhead and improve team velocity
• Integrate infrastructure provisioning and security controls into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent)
• Implement and maintain secure secrets management practices
• Collaborate with DevSecOps and application engineering teams to enforce least-privilege IAM policies and secure-by-default configurations 

Security, Compliance & Monitoring 

• Apply and maintain security hardening baselines (CIS Benchmarks, DISA STIGs) for Linux and Windows virtual systems
• Configure and monitor AWS CloudTrail, GuardDuty, Security Hub, Config, and centralized logging pipelines
• Support SIEM integration (e.g., Splunk, Microsoft Sentinel) and assist with incident response
• Maintain vulnerability management lifecycle including patching, remediation tracking, and reporting
• Support compliance efforts aligned with relevant frameworks (NIST 800-171, CMMC, HIPAA, SOC 2, or FedRAMP as applicable) 

Cross-Functional Collaboration & Documentation 

• Partner with development, security, and IT operations teams to deliver reliable, scalable services
• Produce and maintain thorough documentation — architecture diagrams, runbooks, SOPs, and evidence artifacts for audits or assessments
• Contribute to budget management, resource planning, and capacity forecasting for cloud environments 

Required Qualifications 

• 5+ years of experience in systems administration, cloud operations, or infrastructure engineering
• 3+ years of hands-on experience managing AWS and/or Azure environments, including virtual machine administration
• Strong Terraform experience, including modular design and state management; experience leading IaC migrations is a plus
• Demonstrated ability to automate operational workflows and reduce manual effort at scale
• Strong understanding of IAM, encryption (KMS, TLS), and network segmentation
• Experience with Linux (RHEL/Amazon Linux) and/or Windows Server in a cloud context
• Familiarity with containerization technologies (Docker, ECS, EKS, or Kubernetes)
• Solid understanding of CI/CD pipelines and DevSecOps practices 

Preferred Qualifications 

• Multi-cloud experience spanning AWS and Azure
• Experience in regulated industries such as healthcare (HIPAA), defense (CMMC/NIST 800-171), or financial services (SOC 2)
• AWS certifications (Solutions Architect, SysOps Administrator, Security Specialty) or Azure equivalents
• CompTIA Security+ or equivalent security certification
• Experience with AWS Control Tower, Landing Zones, or equivalent governance tooling
• Familiarity with SIEM platforms (Splunk, Microsoft Sentinel)
• Experience managing or mentoring distributed technical teams
• PMP, CSM, or similar project/program management certification
• Active DoD security clearance (Secret or above) or ability to obtain and maintain one 

Core Competencies 

• Infrastructure Ownership — takes end-to-end accountability for cloud environment health, security, and performance
• Automation Mindset — proactively identifies manual processes and replaces them with scalable, repeatable solutions
• Security-First Thinking — embeds security practices into every layer of infrastructure design and operations
• Cross-Functional Communication — translates technical complexity for business and compliance stakeholders
• Disciplined Documentation — produces clear, audit-ready artifacts without being asked
• Adaptability — comfortable operating across cloud providers, toolchains, and evolving compliance landscapes 

What Success Looks Like 

• Cloud environments (AWS/Azure + EKS) are stable, secure, observable, and documented
• Infrastructure changes are repeatable through IaC with clear review and rollback paths
• Monitoring/logging and vulnerability remediation are routine—not scramble-driven
• Audit support artifacts (diagrams/runbooks/evidence) are kept current and usable 

Salary Range: $140,000-$180,000. This represents the typical salary range for this position based on experience, skills, and other factors.