Information Systems Security Officer / Cloud Security Engineer
TDI (Tetrad Digital Integrity)
full-time
Posted on:
Location Type: Remote
Location: Remote • Virginia • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
CloudCyber SecurityDockerGoogle Cloud PlatformKubernetes
About the role
- Own RMF and authorization work for Department of War (DOW) systems (including cloud and containerized workloads) from initial categorization through ongoing continuous monitoring, using tools such as eMASS
- Serve as the primary security advisor for engineering teams: interpret requirements, break them into concrete tasks, and ensure they are implemented correctly and on time
- Lead DISA STIG implementation and remediation (OS, application, database, and/or network), including running scans, interpreting results, and working with engineers to harden systems
- Review cloud and remote access architectures and recommend improvements that align with current DOW security expectations (e.g., strong identity, segmentation, and monitored admin access paths)
- Develop and maintain clear, accurate RMF documentation (e.g., SSPs, POA&Ms, SARs) that reflects how systems are really built and operated
- Automate and streamline repetitive tasks (evidence collection, control checks, reporting) using scripting, templates, or tooling, and create reusable playbooks/checklists for the team
- Stay current on emerging DOW guidance around cloud, data protection, and AI/ML, and help TDI apply that guidance pragmatically to customer environments
Requirements
- U.S. Citizenship and an active DOW Secret clearance (Top Secret preferred)
- Approximately 5+ years of cybersecurity experience with significant time spent supporting DOW RMF for information systems
- DOW IAM/IAT Approved Certification
- Demonstrated, practical experience with: RMF execution in DOW environments (e.g., working in eMASS, interpreting control requirements, driving systems to authorization)
- At least one major cloud platform (GCP preferred) and cloud-hosted applications or services to include familiarity with containerized workloads and orchestration (e.g., Docker, Kubernetes) and the security considerations that come with them
- DISA STIGs and related tools, and turning findings into specific configuration and design changes
- Experience working directly with software, infrastructure, or platform engineers, helping them understand what needs to be done and why, and tracking security work to closure
- An automation mindset, comfortable using scripting or existing tools to reduce manual, low-value security and compliance work
- Strong written and verbal communication skills, including the ability to: Explain security concepts in plain language. Document risk and decisions in a way that stands up to outside review
- A proactive, self-directed approach: you seek out gaps, propose solutions, and follow through without needing step-by-step instructions
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Professional development opportunities
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurityRMF executioncloud securitycontainer orchestrationscriptingDISA STIG implementationeMASSevidence collectioncontrol checksreporting
Soft skills
strong written communicationstrong verbal communicationproactive approachself-directedproblem-solvingcollaborationtask managementinterpretation of requirementsdocumentationtracking security work
Certifications
DOW Secret clearanceDOW Top Secret clearanceDOW IAM/IAT Approved Certification