DoW Cloud Security Information Systems Security Manager

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.

Tetrad Digital Integrity (TDI) is seeking a DoW Cloud Security ISSM who thrives in the arena—hands-on, technically deep, and ready to engage credibly with senior government cyber leaders, engineers, and assessors. This is not a traditional ISSM role and it is not a paperwork-driven RMF seat. We are looking for a top-tier security operator who can make controls real in cloud-first, containerized systems with integrated Generative AI, drive ATO outcomes, and maintain traceability from control to implementation to evidence. If you are a roll-up-your-sleeves security leader who can speak RMF, NIST 800-53, Cloud SRG, Kubernetes/GKE, and AI risk in the same conversation—and turn that knowledge into measurable, continuously verifiable security outcomes—this is your platform to lead from the front. Join TDI’s Solutions team to help set the standard for modern DoW cloud security and deliver mission-critical impact from day one.

This role is for a security professional who is equally comfortable discussing policy, architecture, control implementation, evidence, and risk tradeoffs. It is not for seeking a template-driven RMF job. The right candidate is proactive, technically credible, disciplined, curious, and able to turn security requirements into real, measurable outcomes in modern cloud environments.

This role requires full-time onsite support in the Northern Virginia area. An active TS/SCI security clearance is required.

RESPONSIBILITIES:

• Lead and support DoW RMF activities across the full lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring, with a focus on real security outcomes, not administrative throughput.
• Provide expert guidance on DoW cloud security policy, NIST SP 800-53 controls, CNSS policy, Cloud Computing SRG, and emerging AI-related guidance, translating requirements into practical engineering and risk decisions.
• Conduct security architecture reviews and security engineering analysis for cloud-native, containerized workloads hosted in Google Cloud Platform.
• Evaluate the design, implementation, and effectiveness of security controls for Kubernetes, Docker, GKE, and related orchestration environments.
• Develop, maintain, and improve SSPs, SARs, POA&Ms, and related RMF artifacts with a focus on accuracy, evidence quality, and operational relevance.
• Perform threat modeling, vulnerability assessment, and risk analysis tailored to cloud and AI-enabled environments.
• Partner directly with system architects, developers, platform engineers, and DevSecOps teams to integrate security into the SDLC rather than applying it after the fact.
• Support security control assessments and coordinate effectively with third-party assessors, Authorizing Officials, and other stakeholders.
• Monitor, track, and report compliance and risk posture through Continuous Monitoring processes using current data, measurable control health, and defensible evidence.
• Help drive repeatable, scalable approaches to control validation, evidence collection, and compliance reporting to reduce manual effort and improve consistency.

QUALIFICATIONS:

• Candidates must possess active TS/SCI security clearance.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• Relevant security certification such as CISSP or CISM.
• 12+ years of cybersecurity experience, including significant experience supporting RMF activities for DoW systems.
• Demonstrated working knowledge of cloud platforms, preferably Google Cloud Platform, including IAM, VPC, GKE, and security-relevant native services.
• Strong knowledge of containerized environments, including Docker, Kubernetes, and container security best practices.
• Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations in regulated or mission-sensitive environments.
• Deep understanding of NIST SP 800-53, DoW RMF, FedRAMP, and related cybersecurity frameworks.
• Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
• Strong communication skills, including the ability to communicate clearly with both technical and non-technical stakeholders.
• Experience conducting security risk assessments in DoW or federal cloud environments.
• Ability to distinguish between documented compliance and actual control effectiveness, and to defend recommendations with sound technical and risk-based reasoning.

PREFERRED QUALIFICATIONS:

• Advanced cloud security certifications such as Google Professional Cloud Security Engineer or CCSP.
• Experience integrating DevSecOps pipelines with RMF or compliance workflows.
• Familiarity with automation tools or approaches for RMF documentation, control validation, or control testing, such as Xacta, eMASS, or OpenRMF.
• Experience building or improving repeatable evidence collection, control traceability, or continuous monitoring practices in cloud environments.
• Experience working in high-visibility programs where speed, precision, and defensible judgment matter.

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”