DoW Cloud Security Information Systems Security Manager (ISSM)

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age. Tetrad Digital Integrity (TDI) is seeking a DoW Cloud Security ISSM who thrives in the arena—hands-on, technically deep, and ready to engage credibly with senior government cyber leaders, engineers, and assessors. This is not a traditional ISSM role and it is not a paperwork-driven RMF seat. We are looking for a top-tier security operator who can make controls real in cloud-first, containerized systems with integrated Generative AI, drive ATO outcomes, and maintain traceability from control to implementation to evidence. If you are a roll-up-your-sleeves security leader who can speak RMF, NIST 800-53, Cloud SRG, Kubernetes/GKE, and AI risk in the same conversation—and turn that knowledge into measurable, continuously verifiable security outcomes—this is your platform to lead from the front. Join TDI’s Solutions team to help set the standard for modern DoD cloud security and deliver mission-critical impact from day one.This role is for a security professional who is equally comfortable discussing policy, architecture, control implementation, evidence, and risk tradeoffs. It is not for seeking a template-driven RMF job. The right candidate is proactive, technically credible, disciplined, curious, and able to turn security requirements into real, measurable outcomes in modern cloud environments.We have several ISSM job opportunities offering either a remote or hybrid commute around the Washington, DC area including the Pentagon and Fort Belvoir.RESPONSIBILITIES:

• Lead and support DoD RMF activities across the full lifecycle, including categorization, control selection, implementation, assessment, authorization, and continuous monitoring, with a focus on real security outcomes, not administrative throughput.
• Provide expert guidance on DoD cloud security policy, NIST SP 800-53 controls, CNSS policy, Cloud Computing SRG, and emerging AI-related guidance, translating requirements into practical engineering and risk decisions.
• Conduct security architecture reviews and security engineering analysis for cloud-native, containerized workloads hosted in Google Cloud Platform.
• Evaluate the design, implementation, and effectiveness of security controls for Kubernetes, Docker, GKE, and related orchestration environments.
• Develop, maintain, and improve SSPs, SARs, POA&Ms, and related RMF artifacts with a focus on accuracy, evidence quality, and operational relevance.
• Perform threat modeling, vulnerability assessment, and risk analysis tailored to cloud and AI-enabled environments.
• Partner directly with system architects, developers, platform engineers, and DevSecOps teams to integrate security into the SDLC rather than applying it after the fact.
• Support security control assessments and coordinate effectively with third-party assessors, Authorizing Officials, and other stakeholders.
• Monitor, track, and report compliance and risk posture through Continuous Monitoring processes using current data, measurable control health, and defensible evidence.
• Help drive repeatable, scalable approaches to control validation, evidence collection, and compliance reporting to reduce manual effort and improve consistency.

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”

Powered by JazzHR