Cybersecurity Program Lead

Tetrad Digital Integrity LLC•Washington, DC

19h

About The Position

Tetrad Digital Integrity (TDI) is hiring a Cybersecurity Program Lead to drive the RMF and security execution for a mission-critical, cloud-hosted defense system. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system treated as a high-value target. This is not a template ISSM role. We need a mission focused decisive operator who can run security like a program, drive outcomes through ambiguity, and deliver customer excellence without hand-holding.

Requirements

Demonstrated success leading DoD RMF for complex modern systems (authorization package delivery and post-ATO sustainment).
Strong command of NIST 800-53, inheritance strategy, evidence planning, assessor/AO engagement, and practical risk decisions.
Hands-on cloud security engineering (AWS/Azure/GCP): IAM, logging/monitoring, networking, encryption/KMS, secure architecture patterns.
Experience with STIG implementation/validation in production environments.
Adoption and of automated methods to increase scale and quality.
Experience operating in high-change environments with CCBs and competing stakeholder priorities.
Executive-ready writing and briefings: no peer review/tech editor—your work product is final.

Nice To Haves

Direct experience interfacing or operating alongside a CSSP/CNDSP/SOC.
IL4/IL5+ style environments or other high-adversary-interest systems.
Proven, measurable automation outcomes (e.g., faster evidence cycles, fewer audit findings, reduced manual effort).
Prior people leadership in high-tempo programs.

Responsibilities

High-Profile, out-front leadership and support of DoD RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform.
Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
Support security control assessments (SCAs) and coordinate with third-party assessors.
Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes