DoW/Cloud ISSM

Job Description

Company: Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.

We are looking for a DoW Cloud Security ISSM who thrives in the arena—hands-on, technically deep, and ready to engage credibly with senior government cyber leaders, engineers, and assessors. This is not a traditional ISSM role and it is not a paperwork-driven RMF seat. We are looking for a top-tier security operator who can make controls real in cloud-first, containerized systems with integrated Generative AI, drive ATO outcomes, and maintain traceability from control to implementation to evidence. If you are a roll-up-your-sleeves security leader who can speak RMF, NIST 800-53, Cloud SRG, Kubernetes/GKE, and AI risk in the same conversation—and turn that knowledge into measurable, continuously verifiable security outcomes—this is your platform to lead from the front. Join TDI’s Solutions team to help set the standard for modern DoD cloud security and deliver mission-critical impact from day one.

This role is for a security professional who is equally comfortable discussing policy, architecture, control implementation, evidence, and risk tradeoffs. It is not for seeking a template-driven RMF job. The right candidate is proactive, technically credible, disciplined, curious, and able to turn security requirements into real, measurable outcomes in modern cloud environments.

We can offer a remote opportunity for candidates not living in the DC area and a hybrid commute to the Pentagon in VA for anyone local to DC metro area. We have two (2) positions to fill, one MUST be local.

RESPONSIBILITIES:

Lead and support DoD RMF activities across the full lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring, with a focus on real security outcomes, not administrative throughput.
Provide expert guidance on DoD cloud security policy, NIST SP 800-53 controls, CNSS policy, Cloud Computing SRG, and emerging AI-related guidance, translating requirements into practical engineering and risk decisions.
Conduct security architecture reviews and security engineering analysis for cloud-native, containerized workloads hosted in Google Cloud Platform.
Evaluate the design, implementation, and effectiveness of security controls for Kubernetes, Docker, GKE, and related orchestration environments.
Develop, maintain, and improve SSPs, SARs, POA&Ms, and related RMF artifacts with a focus on accuracy, evidence quality, and operational relevance.
Perform threat modeling, vulnerability assessment, and risk analysis tailored to cloud and AI-enabled environments.
Partner directly with system architects, developers, platform engineers, and DevSecOps teams to integrate security into the SDLC rather than applying it after the fact.
Support security control assessments and coordinate effectively with third-party assessors, Authorizing Officials, and other stakeholders.
Monitor, track, and report compliance and risk posture through Continuous Monitoring processes using current data, measurable control health, and defensible evidence.
Help drive repeatable, scalable approaches to control validation, evidence collection, and compliance reporting to reduce manual effort and improve consistency.

Source: Cybersecurity Jobs