ZipRecruiter
Senior DoD Information Systems Security Manager- RMF/Cloud SME
ZipRecruiter, Washington, District of Columbia, us, 20022
Overview
Tetrad Digital Integrity (TDI) is seeking a Senior DoD Information Systems Security Manager (ISSM) / RMF & Cloud SME who thrives in a hands-on, technically deep environment and is ready to engage with senior government cyber experts. This role is not a typical ISSM position; top-tier candidates who can lead from the front on cloud-first, containerized systems with integrated Generative AI, drive ATO outcomes, and defend decisions with authority will excel. The ideal candidate speaks RMF, NIST 800-53, Cloud SRG, Kubernetes/GKE, and AI risk in the same sentence and can craft rock-solid policies and compliance statements. Join TDI’s Solutions team to set the bar for DoD cloud security and deliver mission-critical impact from day one.
Responsibilities
High-Profile, out-front leadership and support of DoD RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
Conduct security architecture reviews and security engineering analysis for cloud- and containerized workloads hosted in Google Cloud Platform.
Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
Assess security risks related to generative AI components, including large models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
Support security control assessments (SCAs) and coordinate with third-party assessors.
Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes.
Minimal travel will be required.
Qualifications
U.S. Citizenship with an active DoD Secret clearance (Top Secret).
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
Security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
15+ years of cybersecurity experience, with demonstrated experience supporting RMF activities for DoD systems.
Working knowledge and application of concepts with cloud platforms. Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services are preferable.
Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices.
Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations.
Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks.
Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders.
Experience with security risk assessments in DoD or federal cloud environments.
Advanced cloud security certifications such as Google Professional Cloud Security Engineer and Cloud Certified Security Professional.
Experience integrating DevSecOps pipelines with RMF compliance processes.
Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF).
TDI does business with the federal government, which restricts employment to individuals who are either U.S. citizens or lawful permanent residents of the United States.
“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, national origin, age, disability, or other protected status, in accordance with applicable federal laws.”
#J-18808-Ljbffr
Responsibilities
High-Profile, out-front leadership and support of DoD RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
Conduct security architecture reviews and security engineering analysis for cloud- and containerized workloads hosted in Google Cloud Platform.
Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
Assess security risks related to generative AI components, including large models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
Support security control assessments (SCAs) and coordinate with third-party assessors.
Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes.
Minimal travel will be required.
Qualifications
U.S. Citizenship with an active DoD Secret clearance (Top Secret).
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
Security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
15+ years of cybersecurity experience, with demonstrated experience supporting RMF activities for DoD systems.
Working knowledge and application of concepts with cloud platforms. Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services are preferable.
Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices.
Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations.
Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks.
Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders.
Experience with security risk assessments in DoD or federal cloud environments.
Advanced cloud security certifications such as Google Professional Cloud Security Engineer and Cloud Certified Security Professional.
Experience integrating DevSecOps pipelines with RMF compliance processes.
Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF).
TDI does business with the federal government, which restricts employment to individuals who are either U.S. citizens or lawful permanent residents of the United States.
“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, national origin, age, disability, or other protected status, in accordance with applicable federal laws.”
#J-18808-Ljbffr