DoW Cloud Information Systems Security Officer (ISSO) jobs in United States
cer-icon
Apply on Employer Site
company-logo

TDI (Tetrad Digital Integrity) · 1 day ago

DoW Cloud Information Systems Security Officer (ISSO)

positionArlington, VA
timeFull-time
remoteOnsite
senioritySenior Level

Tetrad Digital Integrity (TDI) is a cybersecurity firm focused on high-consequence environments. They are seeking a DoW Cloud Information Systems Security Officer (ISSO) to support RMF and security execution for a mission-critical cloud-hosted defense system, requiring expertise in cloud security and compliance management.

Cyber SecurityNetwork SecuritySecurity
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Own the RMF “engine room”: maintain day-to-day RMF execution across all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for modern cloud-hosted systems
Apply DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as the Cloud Computing SRG and applicable AI-related guidance
Develop and maintain RMF artifacts including SSPs, SARs, POA&Ms, control implementation details, evidence mappings, and assessor-ready supporting documentation with strict traceability from control → implementation → evidence
Execute POA&M management with discipline: validate substantiation, track owners/dates, drive remediation follow-through, and ensure closure evidence is real and audit-ready (no “paper POA&Ms”)
Support security change governance activities (CCB inputs, impact analyses, drift detection) and ensure artifacts/evidence stay aligned to reality after each approved change
Conduct security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP), including baseline validation for Kubernetes/Docker environments and control-implementation verification
Assist with threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and (as applicable) AI/ML and LLM components
Partner with system architects, developers, DevSecOps, and platform teams to integrate security throughout the SDLC and translate requirements into actionable implementation steps and measurable evidence outputs
Support SCAs and coordinate with third-party assessors by preparing artifacts, evidence packages, interview prep, and timely responses to RFIs including managing RFI intake, tracking, and closure
Monitor, track, and report security compliance posture through Continuous Monitoring (ConMon) processes and recurring metrics/dashboards including vulnerability and configuration compliance trends, control health, and evidence freshness
Optimize and automate compliance operations: develop repeatable workflows (scripts/automation; responsible AI-enabled methods where appropriate) to reduce manual evidence collection, improve quality, and shorten cycle time

Qualification

DoD RMF experienceNIST 800-53 knowledgeCloud security experienceSecurity certificationAutomation skillsSTIG implementationComfort in high-change environmentsCommunication skillsWriting skillsTeam player

Required

Active Top-secret clearance
Required security certification: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO. (More standard for IAM II / ISSO-type role)
Demonstrated experience supporting or leading DoD RMF for modern systems, including authorization package contributions and post-ATO sustainment activities
Strong working knowledge of NIST 800-53 and practical RMF execution (inheritance strategy, evidence planning, assessor/AO engagement support, and risk tradeoffs)
Hands-on cloud security experience (AWS/Azure/GCP) including IAM, logging/monitoring, networking, encryption/KMS, and secure architecture patterns
Experience with STIG implementation/validation in production environments
Strong writing and communication skills: able to produce assessor- and customer-ready deliverables with minimal oversight in a high-change environment
Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce manual compliance effort and improve quality
Comfort operating in high-change environments with CCBs, shifting priorities, and competing stakeholder demands

Preferred

GCP experience preferred
Cloud certification (e.g., CCSP or cloud provider security/professional certs such as Google's Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer)

Company

TDI (Tetrad Digital Integrity)

twittertwittertwitter
company-logo
For over 20 years, TDI’s one and only passion has been delivering cybersecurity solutions to effectively manage the business of cyber.
dateFounded in 2001
location
Washington, District of Columbia, USA
people-size51-200 employees
web-link
http://www.tdisecurity.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Paul Innella
CEO
linkedin
Company data provided by crunchbase