DoD Information Systems Security Officer/Engineer – RMF/Cloud

Job Description

Company: TDI (Tetrad Digital Integrity)

Location: Great Falls, US

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.

Tetrad Digital Integrity is seeking a DoD Information Systems Security Officer / RMF & Cloud Engineer who is hands-on, technically sharp, and ready to hit the ground running. We need an operator who can support ATO efforts and turn RMF, NIST 800-53, and Cloud SRG guidance into clear, defensible deliverables. This is not a typical ISSO role; only top-tier candidates will be considered. If you’re eager to build credibility fast, sharpen your Kubernetes/GKE and AI-risk chops, and make a visible impact on mission systems—including cloud-native, containerized workloads—you’ll fit right in. Join TDI’s Solutions team to raise and maintain a high bar for DoD cloud security and accelerate your career from day one.

This role requires full-time onsite support in Falls Church, VA. An active Secret security clearance is required; Top Secret clearance is preferred.

RESPONSIBILITIES:
• Lead and support RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring)
• Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance
• Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform
• Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP
• Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use
• Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation
• Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies
• Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC)
• Support security control assessments (SCAs) and coordinate with third-party assessors
• Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes
• Minimal travel will be required
QUALIFICATIONS:
• Active DoD Secret clearance (Top Secret preferred)
• Bachelor’s degree in Cybersecurity, Computer Science, or Information Technology, and 5+ years of cybersecurity experience, including demonstrated experience supporting Risk Management Framework (RMF) activities for Department of Defense (DoD) systems
• Security certifications such as CompTIA Security+, Certified Information System Security Professional (CISSP) or Certified Information System Manager (CISM)
• Practical knowledge and application of concepts with cloud platforms. Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services are preferable
• Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices
• Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations
• Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks
• Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs
• Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders
• Experience with security risk assessments in DoD environments
PREFERRED QUALIFICATIONS:
• Advanced cloud security certifications, such as Google Professional Cloud Security Engineer, Cloud Certified Security Professional
• Experience integrating DevSecOps pipelines with RMF compliance processes
• Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF)

Source: LinkedIn