Offer summary

Qualifications:

Bachelor's degree in Cybersecurity, Computer Science, or related field., At least 5 years of cybersecurity experience, including 3 years supporting RMF for DoD systems., Active DoD Secret clearance, with Top Secret preferred., Hands-on experience with Google Cloud Platform (GCP), container security, and cybersecurity frameworks like NIST SP 800-53..

Key responsibilities:

Lead and support RMF activities across all phases for cloud-based systems.

Conduct security architecture reviews and assess security controls in GCP environments.

Evaluate security risks associated with generative AI and AI/ML workloads.

Develop and maintain RMF documentation such as SSPs, SARs, and POA&Ms.

Job description

Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.

TDI is looking for an experienced top-secret or secret cleared, Senior Information Systems Security Engineer (ISSE) to provide Risk Management Framework (RMF) support for a Department of Defense (DoD) program operating within Google Cloud Platform (GCP). This position involves direct support of cloud-based systems with containerized applications and an integrated Generative AI component.

The Sr. ISSE will have a strong work ethic and the ability to deliver in a fast-paced environment. This will be a key role in securing complex cloud environments, ensuring compliance with DoD cybersecurity policies, and guiding the system through the RMF lifecycle from initiation to Authorization to Operate (ATO) and beyond.

Preference is for a local candidate to the DMV metro area with the ability to travel to an office on occasion, otherwise we will consider a fully remote candidate with the proper government clearance level.

RESPONSIBILITIES:

Lead and support RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform.
Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
Support security control assessments (SCAs) and coordinate with third-party assessors.
Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes.
Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.

QUALIFICATIONS:

U.S. Citizenship with an active DoD Secret clearance (Top Secret preferred).
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
5+ years of cybersecurity experience, with at least 3 years supporting RMF activities for DoD systems.
CISSP, CISM, CAP, CCSP, or GCP Professional Cloud Security Engineer.
Hands-on experience with Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services.
Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices.
Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations.
Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks.
Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders.

PREFERRED QUALIFICATIONS:

Experience with AI/ML security risk assessments in DoD or federal cloud environments.
Experience integrating DevSecOps pipelines with RMF compliance processes.
Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF).

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”