Cloud Architect - Azure Government / FedRAMP Boundary & Architecture
Job Description
Job Description
C2 Labs is seeking a Cloud Architect with Azure Government experience to support FedRAMP authorization acceleration and continuous monitoring managed services. You’ll help define authorization boundaries, design secure reference architectures, and ensure the system architecture, evidence, and documentation all match—so audits are smoother and ConMon is sustainable.
What you will do
- Lead boundary definition and architecture workshops for FedRAMP-target systems.
- Produce architecture diagrams and narratives that align to FedRAMP package expectations.
- Advise on secure patterns for identity, encryption, logging/monitoring, vulnerability management, and recovery.
- Support remediation planning and technical walkthroughs with assessors/sponsors when needed.
Role summary
Design and document the cloud architecture and authorization boundary for customer systems pursuing FedRAMP. The Cloud Architect ensures that what is built (network, identity, encryption, logging, segmentation, shared responsibility) matches what is written in the package and what can be evidenced continuously post-authorization.
Key responsibilities
• Lead boundary definition and architecture workshops; define trust boundaries, external connections, and shared responsibility model.
• Design secure reference architecture patterns for Azure Government (and customer-selected services) aligned to FedRAMP expectations.
• Produce and maintain architecture deliverables: high-level diagrams, network diagrams, data flow diagrams, and component inventories.
• Advise on identity, key management/encryption, logging/monitoring, vulnerability management, backup/recovery, and configuration baselines.
• Provide technical input to KSI summaries and/or SSP narratives; ensure diagrams and narratives remain consistent as the system evolves.
• Support remediation planning: recommend architecture or configuration changes to close gaps identified during assessment preparation.
• Participate in technical walkthroughs with assessors/sponsors as needed; explain architecture and boundary decisions clearly.
Key deliverables / outputs
• Authorization boundary definition and supporting diagrams (network/data flows/trust boundaries).
• Security services design decisions (logging/monitoring, IAM, encryption/KMS, vulnerability management).
• Architecture narratives and diagram packages aligned to FedRAMP artifacts and evidence sources.
• Updated inventories (components, interfaces, external services) needed for package completeness.
Required qualifications
• 7+ years cloud architecture experience with at least 3+ years hands-on Azure architecture (Azure Government preferred).
• Azure certifications (e.g., AZ-305, AZ-500) or security certifications (CCSP/CISSP).
• Strong understanding of cloud networking, identity, encryption/key management, logging/monitoring, and secure design patterns.
• Working familiarity with NIST 800-53 security concepts and how architecture decisions drive control/evidence outcomes.
• Ability to translate architecture into clear diagrams and written narratives for non-architect audiences.
• Comfort collaborating with security engineers and technical writers to keep implementation + documentation consistent.
Preferred / nice to have
• Bachelor’s degree (strongly preferred) in Computer Science, Engineering, IT, or related field
• Prior experience architecting or supporting FedRAMP Moderate (or higher) cloud environments.
• Azure certifications (e.g., AZ-305, AZ-500) or security certifications (CCSP/CISSP).
• Experience deploying and managing Azure infrastructure using Infrastructure as Code tools such as Azure Bicep and Azure Resource Manager, integrated with CI/CD pipelines for automated, repeatable provisioning. Experience supporting compliance automation / machine-readable artifacts (e.g., OSCAL) leveraging GRC platforms.
Tools & environment
• Azure Government services (customer-specific)
• Diagramming tools (Visio, Lucidchart, draw.io) and documentation tools (Word/Confluence)
• RegScale (for boundary mapping, evidence traceability, and control/KSI linkage)
Engagement details
• 1099 independent contractor (initial engagement); fractional/part-time with surge capacity.
• Remote-first; occasional workshops may be requested (0–10% travel).
• No clearance required; must be able to pass a standard background check and sign NDA/SOW.
• Engagements often support defense-focused startups deploying to Azure Government.
EEO Statement
We are an equal opportunity employer. All qualified applicants will be considered without discrimination based on race, color, religion, sex, national origin, age, disability, or protected veteran status. Employment offers will be contingent on passing a pre-employment drug screen.
Practical AI Application
- Applies AI tools to streamline workflows, enhance decision-making, and improve outcomes
- Understands the strengths and limitations of AI systems and exercises sound judgment in their use
- Continuously explores new AI capabilities and integrates them into day-to-day work where appropriate
- Uses AI in alignment with company and customer-specific policies, data privacy standards, and ethical guidelines
- Exercises discretion when using AI with sensitive or proprietary information
- Demonstrates awareness of bias, accuracy, and risk considerations when leveraging AI tools
