Cloud Cybersecurity Manager

JST•Alexandria, VA

1d•Onsite

About The Position

JST is currently seeking a Cloud Cybersecurity Manager who will serve as the program's senior cybersecurity lead for IT, Cybersecurity, and Data Operations, responsible for security architecture, RMF compliance, Zero Trust Architecture (ZTA) alignment, continuous monitoring, and secure DevSecOps across MC&FP's AWS GovCloud estate. Partner with the PM and Digital/Platform leads to enable rapid, secure change that supports O&E mission outcomes. This is a full-time on-site position in Alexandira, VA. JST offers a full benefit package, a collaborative work environment and strong company culture. Veterans and military spouses are encouraged to apply. This position is contingent upon contract award.

Requirements

8–10 years leading cybersecurity for Federal cloud programs; hands-on with AWS GovCloud and DoD IL2/IL4/IL5 workloads.
CISSP (required) or CISM (acceptable); CAP and/or CCSP strongly preferred.
CompTIA Security+ (baseline), AWS Security Specialty (preferred).
Meets DoD 8140/8570 IAM-II/III baseline.
BA/BS in Cybersecurity, Information Assurance, Computer Science, or related field; advanced degree a plus.
Proven RMF lifecycle leadership (from categorization to continuous monitoring) and successful ATO sustainment.
Experience implementing ZTA controls, SIEM/SOAR integration, vulnerability and patch management at scale, and identity/SSO/MFA governance.
Strong collaboration with product/O&E, platform, and SRE/operations teams; excellent executive communication.
MUST possess a Public Trust clearance (Secret elgibility preferred).
MUST be able to successfully pass a drug screen and background check

Responsibilities

Security Governance & RMF: Own SSP, control inheritance, POA&Ms, audits, and ATO sustainment; lead continuous monitoring and Plan of Action closure.
Zero Trust & Architecture: Define/prioritize ZTA controls (identity, device, network, application, data); implement policy-as-code, SBOM/provenance, and least-privilege patterns.
Threat, Vulnerability, & Configuration Management: Direct scanning, penetration testing coordination, vulnerability remediation SLAs, and secure configuration baselines; oversee CM and privileged access.
Incident Readiness & Resilience: Coordinate with SOC/IR; validate alerting, runbooks, tabletop exercises, and post-incident reviews; assure HA/DR objectives.
Secure DevSecOps: Embed security gates in CI/CD (SAST/DAST/IAST/Secrets); champion feature flags/canaries and change control to minimize risk to availability.
Compliance & Reporting: Align with DoD, DISA, and USCYBERCOM directives; deliver security metrics (vuln aging, patch compliance, MFA/privilege, config drift, audit readiness).
Collaboration & Training: Advise O&E and engineering teams on secure design, data protection, and privacy; lead awareness and secure-coding practices.