C2 Labs is seeking a Cloud Architect with Azure Government experience to support FedRAMP authorization acceleration and continuous monitoring managed services. You’ll help define authorization boundaries, design secure reference architectures, and ensure the system architecture, evidence, and documentation all match—so audits are smoother and ConMon is sustainable.
What you will do
Role summary
Design and document the cloud architecture and authorization boundary for customer systems pursuing FedRAMP. The Cloud Architect ensures that what is built (network, identity, encryption, logging, segmentation, shared responsibility) matches what is written in the package and what can be evidenced continuously post-authorization.
Key responsibilities
• Lead boundary definition and architecture workshops; define trust boundaries, external connections, and shared responsibility model.
• Design secure reference architecture patterns for Azure Government (and customer-selected services) aligned to FedRAMP expectations.
• Produce and maintain architecture deliverables: high-level diagrams, network diagrams, data flow diagrams, and component inventories.
• Advise on identity, key management/encryption, logging/monitoring, vulnerability management, backup/recovery, and configuration baselines.
• Provide technical input to KSI summaries and/or SSP narratives; ensure diagrams and narratives remain consistent as the system evolves.
• Support remediation planning: recommend architecture or configuration changes to close gaps identified during assessment preparation.
• Participate in technical walkthroughs with assessors/sponsors as needed; explain architecture and boundary decisions clearly.
Key deliverables / outputs
• Authorization boundary definition and supporting diagrams (network/data flows/trust boundaries).
• Security services design decisions (logging/monitoring, IAM, encryption/KMS, vulnerability management).
• Architecture narratives and diagram packages aligned to FedRAMP artifacts and evidence sources.
• Updated inventories (components, interfaces, external services) needed for package completeness.
Required qualifications
• 7+ years cloud architecture experience with at least 3+ years hands-on Azure architecture (Azure Government preferred).
• Azure certifications (e.g., AZ-305, AZ-500) or security certifications (CCSP/CISSP).
• Strong understanding of cloud networking, identity, encryption/key management, logging/monitoring, and secure design patterns.
• Working familiarity with NIST 800-53 security concepts and how architecture decisions drive control/evidence outcomes.
• Ability to translate architecture into clear diagrams and written narratives for non-architect audiences.
• Comfort collaborating with security engineers and technical writers to keep implementation + documentation consistent.
Preferred / nice to have
• Bachelor’s degree (strongly preferred) in Computer Science, Engineering, IT, or related field
• Prior experience architecting or supporting FedRAMP Moderate (or higher) cloud environments.
• Azure certifications (e.g., AZ-305, AZ-500) or security certifications (CCSP/CISSP).
• Experience deploying and managing Azure infrastructure using Infrastructure as Code tools such as Azure Bicep and Azure Resource Manager, integrated with CI/CD pipelines for automated, repeatable provisioning. Experience supporting compliance automation / machine-readable artifacts (e.g., OSCAL) leveraging GRC platforms.
Tools & environment
• Azure Government services (customer-specific)
• Diagramming tools (Visio, Lucidchart, draw.io) and documentation tools (Word/Confluence)
• RegScale (for boundary mapping, evidence traceability, and control/KSI linkage)
Engagement details
• 1099 independent contractor (initial engagement); fractional/part-time with surge capacity.
• Remote-first; occasional workshops may be requested (0–10% travel).
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Engagements often support defense-focused startups deploying to Azure Government.
EEO Statement
We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
Practical AI Application