Architect and implement secure, zero trust, defense-in-depth solutions across infrastructure, platform, and application layers for cloud-hosted and DDIL environments; Develop and enforce cloud security baselines and automated policy guardrails using IaC tools (Terraform, Ansible, AWS Config Rules, Azure Policy); Engineer IAM solutions including RBAC, ABAC, MFA, least-privilege, and PAM across cloud and application environments; Secure containerized workloads (Kubernetes/OpenShift) including pod security policies, network policies, secrets management, and runtime threat detection (Falco, Prisma Cloud/Twistlock); Embed security into CI/CD pipelines per the DoD DevSecOps Reference Design, automating SAST, DAST, SCA, container image scanning, and STIG compliance validation; Integrate application security across the SDLC including secure code review, SAST, DAST, SCA, and API security testing; Design and implement cloud-native SIEM/monitoring capabilities (AWS Security Hub, CloudTrail, Azure Sentinel) supporting continuous monitoring and RMF compliance; Implement data protection strategies including encryption at rest/in transit and cryptographic key management (AWS KMS, Azure Key Vault); Lead threat modeling and security architecture reviews for new and evolving JOMIS capabilities; Evaluate and harden DDIL/edge security configurations for disconnected and bandwidth-constrained operational environments; RMF & Compliance. Serve as senior technical security advisor to program leadership, IPTs, and government stakeholders through engineering review boards and architecture working groups; Coordinate with ISSMs, system/network administrators, software engineers, and CIOs to validate and document control implementation; Submit Weekly Status Reports (WSRs) and lead/attend stakeholder meetings on RMF and security engineering status.