Apply on Employer Site

TDI (Tetrad Digital Integrity) · 1 day ago

DoW Cloud Information Systems Security Manager (ISSM)

Washington, DC

Full-time

Onsite

Senior Level

Tetrad Digital Integrity (TDI) is a cybersecurity firm focused on delivering cyber solutions for high-consequence environments. They are seeking a DoW Cloud ISSM to support RMF and security execution for a mission-critical, cloud-hosted defense system, requiring a proactive and collaborative approach to manage security compliance and engineering analysis.

Cyber SecurityNetwork SecuritySecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Own high-tempo DoD RMF execution across all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for modern cloud-hosted systems

Apply DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as the Cloud Computing SRG and applicable AI-related guidance

Develop and maintain RMF artifacts including SSPs, SARs, POA&Ms, control implementation details, evidence mappings, and assessor-ready supporting documentation

Execute POA&M management with discipline: validate substantiation, track owners/dates, drive remediation follow-through, and ensure closure evidence is real and audit-ready

Support security change governance activities (CCB inputs, impact analyses, drift detection) to keep authorization posture aligned with frequent system changes

Conduct security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP), including baseline validation for Kubernetes/Docker environments

Assist with threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and (as applicable) AI/ML and LLM components

Partner with system architects, developers, DevSecOps, and platform teams to integrate security throughout the SDLC and translate requirements into actionable implementation steps

Support SCAs and coordinate with third-party assessors by preparing artifacts, evidence packages, interview prep, and timely responses to requests for information (RFIs)

Monitor, track, and report security compliance posture through Continuous Monitoring (ConMon) processes and recurring metrics/dashboards

Qualification

DoD RMF executionNIST 800-53Cloud security experienceSecurity certificationSTIG implementationAutomation adoptionComfort in high-change environmentsCloud certificationWriting skillsCommunication skills

Required

Active Secret or Top-secret clearance

Role required security certification such as: ISM, CISSP (or Associate), GSLC, CCISO

Demonstrated experience supporting or leading DoD RMF for modern systems, including authorization package contributions and post-ATO sustainment activities

Strong working knowledge of NIST 800-53 and practical RMF execution (inheritance strategy, evidence planning, assessor/AO engagement support, and risk tradeoffs)

Hands-on cloud security experience (AWS/Azure/GCP) including IAM, logging/monitoring, networking, encryption/KMS, and secure architecture patterns; GCP experience preferred

Experience with STIG implementation/validation in production environments

Strong writing and communication skills: able to produce assessor- and customer-ready deliverables with minimal oversight in a high-change environment

Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce manual compliance effort and improve quality

Comfort operating in high-change environments with CCBs, shifting priorities, and competing stakeholder demands

Preferred

Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google's Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer)