Cloud

Tetrad Digital Integrity LLC•Falls Church, VA

13d•Onsite

About The Position

Tetrad Digital Integrity (TDI) is seeking a hands-on, technically sharp Information Systems Security Officer / RMF & Cloud Engineer to support ATO efforts. This role involves translating RMF, NIST 800-53, and Cloud SRG guidance into clear, defensible deliverables. The position focuses on cloud-native, containerized workloads, including Kubernetes/GKE and AI-risk. This is a full-time onsite role in Falls Church, VA.

Requirements

Active DoD Secret clearance (Top Secret preferred).
Bachelor’s degree in Cybersecurity, Computer Science, or Information Technology.
5+ years of cybersecurity experience, including demonstrated experience supporting Risk Management Framework (RMF) activities for Department of War (DoW) systems.
Security certifications such as CompTIA Security+, Certified Information System Security Professional (CISSP) or Certified Information System Manager (CISM).
Practical knowledge and application of concepts with cloud platforms.
Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices.
Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations.
Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks.
Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders.
Experience with security risk assessments in DoW environments.

Nice To Haves

Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services are preferable.
Advanced cloud security certifications, such as Google Professional Cloud Security Engineer, Cloud Certified Security Professional.
Experience integrating DevSecOps pipelines with RMF compliance processes.
Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF).

Responsibilities

Lead and support RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
Provide expert guidance on DoW cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform.
Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
Support security control assessments (SCAs) and coordinate with third-party assessors.
Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes.