DoW Cloud Security Information Systems Security Manager (ISSM)

Tetrad Digital Integrity LLC•Washington, DC

1d•Hybrid

About The Position

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age. Tetrad Digital Integrity (TDI) is seeking a DoW Cloud Security ISSM who thrives in the arena—hands-on, technically deep, and ready to engage credibly with senior government cyber leaders, engineers, and assessors. This is not a traditional ISSM role and it is not a paperwork-driven RMF seat. We are looking for a top-tier security operator who can make controls real in cloud-first, containerized systems with integrated Generative AI, drive ATO outcomes, and maintain traceability from control to implementation to evidence. If you are a roll-up-your-sleeves security leader who can speak RMF, NIST 800-53, Cloud SRG, Kubernetes/GKE, and AI risk in the same conversation—and turn that knowledge into measurable, continuously verifiable security outcomes—this is your platform to lead from the front. Join TDI’s Solutions team to help set the standard for modern DoD cloud security and deliver mission-critical impact from day one. This role is for a security professional who is equally comfortable discussing policy, architecture, control implementation, evidence, and risk tradeoffs. It is not for seeking a template-driven RMF job. The right candidate is proactive, technically credible, disciplined, curious, and able to turn security requirements into real, measurable outcomes in modern cloud environments. We have several ISSM job opportunities offering either a remote or hybrid commute around the Washington, DC area including the Pentagon and Fort Belvoir.

Requirements

U.S. Citizenship with an active DoD Secret clearance; Top Secret preferred.
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
Relevant security certification such as CISSP or CISM.
12+ years of cybersecurity experience, including significant experience supporting RMF activities for DoD systems.
Demonstrated working knowledge of cloud platforms, preferably Google Cloud Platform, including IAM, VPC, GKE, and security-relevant native services.
Strong knowledge of containerized environments, including Docker, Kubernetes, and container security best practices.
Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations in regulated or mission-sensitive environments.
Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and related cybersecurity frameworks.
Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
Strong communication skills, including the ability to communicate clearly with both technical and non-technical stakeholders.
Experience conducting security risk assessments in DoD or federal cloud environments.
Ability to distinguish between documented compliance and actual control effectiveness, and to defend recommendations with sound technical and risk-based reasoning.

Nice To Haves

Advanced cloud security certifications such as Google Professional Cloud Security Engineer or CCSP.
Experience integrating DevSecOps pipelines with RMF or compliance workflows.
Familiarity with automation tools or approaches for RMF documentation, control validation, or control testing, such as Xacta, eMASS, or OpenRMF.
Experience building or improving repeatable evidence collection, control traceability, or continuous monitoring practices in cloud environments.
Experience working in high-visibility programs where speed, precision, and defensible judgment matter.

Responsibilities

Lead and support DoD RMF activities across the full lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring, with a focus on real security outcomes, not administrative throughput.
Provide expert guidance on DoD cloud security policy, NIST SP 800-53 controls, CNSS policy, Cloud Computing SRG, and emerging AI-related guidance, translating requirements into practical engineering and risk decisions.
Conduct security architecture reviews and security engineering analysis for cloud-native, containerized workloads hosted in Google Cloud Platform.
Evaluate the design, implementation, and effectiveness of security controls for Kubernetes, Docker, GKE, and related orchestration environments.
Develop, maintain, and improve SSPs, SARs, POA&Ms, and related RMF artifacts with a focus on accuracy, evidence quality, and operational relevance.
Perform threat modeling, vulnerability assessment, and risk analysis tailored to cloud and AI-enabled environments.
Partner directly with system architects, developers, platform engineers, and DevSecOps teams to integrate security into the SDLC rather than applying it after the fact.
Support security control assessments and coordinate effectively with third-party assessors, Authorizing Officials, and other stakeholders.
Monitor, track, and report compliance and risk posture through Continuous Monitoring processes using current data, measurable control health, and defensible evidence.
Help drive repeatable, scalable approaches to control validation, evidence collection, and compliance reporting to reduce manual effort and improve consistency.