Cloud Infrastructure Engineer

ABOUT DEFCON AI

RESILIENCE IN THE FACE OF DISRUPTION. DEFCON AI is an insights company that leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems.

In today’s dynamically changing world, DEFCON AI’s technology aligns outcomes with operational goals, better decision making, and empowers customers to anticipate assess, and mitigate the impacts of disruptions.

About the Role

We are seeking an experienced Cloud Infrastructure Engineer to design, deploy, and administer cloud environments with a strong emphasis on virtualization, automation, and security.

This role owns the full lifecycle of cloud infrastructure — from virtual machine provisioning and network architecture to Infrastructure as Code (IaC) deployments and continuous monitoring.

The ideal candidate brings hands-on experience managing AWS and/or Azure environments, operating container platforms, and translating operational complexity into scalable, secure solutions. Experience working in regulated or compliance-driven industries (e.g., healthcare, defense, finance) is a strong plus.

Key Responsibilities

Cloud Infrastructure & Virtual Systems Administration

Administer and maintain AWS and/or Azure environments, including day-to-day operations of virtual machines, networking, and storage.

Manage VPCs, subnets, routing tables, security groups, NACLs, and private networking constructs

Deploy, maintain, and optimize EC2 instances, RDS, S3, IAM, KMS, Secrets Manager, and CloudTrail

Build and manage hardened VM images (AMIs / golden images) for consistent, repeatable deployments

Implement and support high availability, auto-scaling, and disaster recovery configurations

Support multi-account or multi-subscription cloud governance structures (e.g., AWS Organizations, Azure Management Groups)

Infrastructure as Code (IaC)

Design and maintain infrastructure using Terraform, including modular design, remote state management, and workspace strategies

Lead or support migrations from legacy IaC tooling (e.g., CloudFormation) to modern frameworks

Enforce policy-as-code guardrails and maintain version-controlled infrastructure repositories

Build reusable, secure baseline modules for VPC architecture, IAM roles, logging, monitoring, and encryption

Virtualization & Containerization

Administer virtualized workloads across cloud environments, including sizing, patching, lifecycle management, and cost optimization

Support container-based workloads in ECS and/or EKS, including cluster management, networking, and image security

Assist with transitions from legacy compute paradigms (e.g., EBS-backed instances) to modern container or serverless architectures

Implement automated drift detection and remediation for both VMs and containerized environments

Automation & DevSecOps Integration

Identify and implement automation opportunities to reduce manual operational overhead and improve team velocity

Integrate infrastructure provisioning and security controls into CI/CD pipelines (GitHub Actions, GitLab CI, or equivalent)

Implement and maintain secure secrets management practices

Collaborate with DevSecOps and application engineering teams to enforce least-privilege IAM policies and secure-by-default configurations

Security, Compliance & Monitoring

Apply and maintain security hardening baselines (CIS Benchmarks, DISA STIGs) for Linux and Windows virtual systems

Configure and monitor AWS CloudTrail, GuardDuty, Security Hub, Config, and centralized logging pipelines

Support SIEM integration (e.g., Splunk, Microsoft Sentinel) and assist with incident response

Maintain vulnerability management lifecycle including patching, remediation tracking, and reporting

Support compliance efforts aligned with relevant frameworks (NIST 800-171, CMMC, HIPAA, SOC 2, or FedRAMP as applicable)

Cross-Functional Collaboration & Documentation

Partner with development, security, and IT operations teams to deliver reliable, scalable services

Produce and maintain thorough documentation — architecture diagrams, runbooks, SOPs, and evidence artifacts for audits or assessments

Contribute to budget management, resource planning, and capacity forecasting for cloud environments

Required Qualifications

5+ years of experience in systems administration, cloud operations, or infrastructure engineering

3+ years of hands-on experience managing AWS and/or Azure environments, including virtual machine administration

Strong Terraform experience, including modular design and state management; experience leading IaC migrations is a plus

Demonstrated ability to automate operational workflows and reduce manual effort at scale

Strong understanding of IAM, encryption (KMS, TLS), and network segmentation

Experience with Linux (RHEL/Amazon Linux) and/or Windows Server in a cloud context

Familiarity with containerization technologies (Docker, ECS, EKS, or Kubernetes)

Solid understanding of CI/CD pipelines and DevSecOps practices

Preferred Qualifications

Multi-cloud experience spanning AWS and Azure

Experience in regulated industries such as healthcare (HIPAA), defense (CMMC/NIST 800-171), or financial services (SOC 2)

AWS certifications (Solutions Architect, SysOps Administrator, Security Specialty) or Azure equivalents

CompTIA Security+ or equivalent security certification

Experience with AWS Control Tower, Landing Zones, or equivalent governance tooling

Familiarity with SIEM platforms (Splunk, Microsoft Sentinel)

Experience managing or mentoring distributed technical teams

PMP, CSM, or similar project/program management certification

Active DoD security clearance (Secret or above) or ability to obtain and maintain one

Core Competencies

Infrastructure Ownership — takes end-to-end accountability for cloud environment health, security, and performance

Automation Mindset — proactively identifies manual processes and replaces them with scalable, repeatable solutions

Security-First Thinking — embeds security practices into every layer of infrastructure design and operations

Cross-Functional Communication — translates technical complexity for business and compliance stakeholders

Disciplined Documentation — produces clear, audit-ready artifacts without being asked

Adaptability — comfortable operating across cloud providers, toolchains, and evolving compliance landscapes

What Success Looks Like

Cloud environments (AWS/Azure + EKS) are stable, secure, observable, and documented

Infrastructure changes are repeatable through IaC with clear review and rollback paths

Monitoring/logging and vulnerability remediation are routine—not scramble-driven

Audit support artifacts (diagrams/runbooks/evidence) are kept current and usable

What We Offer:

A fully remote, results-based environment

Competitive salary, bonus, and equity package

100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family

Unlimited PTO, with your manager’s approval

Flexible work environment where you manage your work day

14 weeks of fully-paid parental leave

Salary Range: $140,000-$180,000. This represents the typical salary range for this position based on experience, skills, and other factors.

We’re an Equal Opportunity Employer: You’ll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Applicant Data Disclosure

By submitting an application, you acknowledge that Defcon AI uses third-party service providers to facilitate its recruitment and hiring processes. These providers include applicant tracking systems, candidate verification platforms, and fraud detection tools (collectively, "Hiring Platforms"). Your application materials, including your résumé, cover letter, work samples, responses to application questions, and any other information you submit, may be transmitted to and processed by these Hiring Platforms for the following purposes:

Managing and administering your application throughout the hiring process;

Verifying the accuracy and authenticity of application materials, including by cross-referencing information you provide against publicly available sources and proprietary databases;

Identifying indicators of potentially fraudulent, fabricated, or materially misleading application content, including but not limited to discrepancies between submitted materials and publicly available professional profiles, geographic anomalies, and fabricated work histories.

Applications that are flagged through this process as containing indicators of fraud or material misrepresentation may be declined from further consideration. If you have questions about the status of your application or the evaluation process, please contact .

Defcon AI requires its Hiring Platform providers to process your information solely for the purposes described above and in accordance with applicable law. Your information will be retained only for as long as necessary to fulfill these purposes and any applicable legal obligations, after which it will be deleted in accordance with Defcon AI's data retention policies.

For more information about how your data is used, please refer to our Privacy Policy and Applicant Privacy Notice.