"Alerted.org

Tetrad Digital Integrity (TDI) is hiring a hands-on DoW Information Systems Security Officer / Cloud Security Engineer to lead RMF for modern, cloud-hosted systems and guide non-security engineers through the process. This role blends RMF leadership, practical cloud security, and knowledge of DISA STIG implementation. You will work directly with engineers who need clear direction and “hand holding,” while also spotting opportunities to automate repetitive security and compliance work. If you enjoy turning policy into real-world designs, coaching others, and improving how RMF is done, not just filling out templates, we’d like to talk.

RESPONSIBILITIES:

+ Own RMF and authorization work for Department of War (DOW) systems (including cloud and containerized workloads) from initial categorization through ongoing continuous monitoring, using tools such as eMASS.

+ Serve as the primary security advisor for engineering teams: interpret requirements, break them into concrete tasks, and ensure they are implemented correctly and on time.

+ Lead DISA STIG implementation and remediation (OS, application, database, and/or network), including running scans, interpreting results, and working with engineers to harden systems.

+ Review cloud and remote access architectures and recommend improvements that align with current DOW security expectations (e.g., strong identity, segmentation, and monitored admin access paths).

+ Develop and maintain clear, accurate RMF documentation (e.g., SSPs, POA&Ms, SARs) that reflects how systems are really built and operated.

+ Automate and streamline repetitive tasks (evidence collection, control checks, reporting) using scripting, templates, or tooling, and create reusable playbooks/checklists for the team.

+ Stay current on emerging DOW guidance around cloud, data protection, and AI/ML, and help TDI apply that guidance pragmatically to customer environments.

QUALIFICATIONS:

+ U.S. Citizenship and an active DOW Secret clearance (Top Secret preferred).

+ Approximately 5+ years of cybersecurity experience with significant time spent supporting DOW RMF for information systems.

+ DOW IAM/IAT Approved Certification

+ Demonstrated, practical experience with:

+ RMF execution in DOW environments (e.g., working in eMASS, interpreting control requirements, driving systems to authorization).

+ At least one major cloud platform (GCP preferred) and cloud-hosted applications or services to include familiarity with containerized workloads and orchestration (e.g., Docker, Kubernetes) and the security considerations that come with them.

+ DISA STIGs and related tools, and turning findings into specific configuration and design changes.

+ Experience working directly with software, infrastructure, or platform engineers, helping them understand what needs to be done and why, and tracking security work to closure.

+ An automation mindset, comfortable using scripting or existing tools to reduce manual, low-value security and compliance work.

+ Strong written and verbal communication skills, including the ability to:

+ Explain security concepts in plain language.

+ Document risk and decisions in a way that stands up to outside review.

+ A proactive, self-directed approach: you seek out gaps, propose solutions, and follow through without needing step-by-step instructions.

+ Preferred location is DC metro, then east coast, then CONUS.

Nice to Have

+ Experience supporting U.S. Navy programs (e.g., NAVWAR, NIWC, or Navy PEOs) or other major DOW mission environments.

+ Exposure to DevSecOps practices and integrating security into CI/CD pipelines.

+ Experience assessing or advising on AI/ML or data-intensive workloads from a security and compliance perspective.

+ Advanced certifications such as CISSP, CCSP, or relevant cloud security certifications.

TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.

•TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”

Powered by JazzHR