Jobs · Information Technology · Virginia

DoW Information Systems Security Officer/Engineer - RMF/Cloud

TDI (Tetrad Digital Integrity) · Arlington, VA · 1 mo ago
On-siteInformation TechnologyFull-time

Responsibilities

  • Lead and support RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
  • Provide expert guidance on DoW cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
  • Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform.
  • Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
  • Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
  • Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
  • Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
  • Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
  • Support security control assessments (SCAs) and coordinate with third-party assessors.
  • Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes.

Qualifications

  • Full-time onsite support in the Northern Virginia area.
  • An active Secret OR TS/SCI security clearance.
  • Bachelor’s degree in Cybersecurity, Computer Science, or Information Technology, and 5+ years of cybersecurity experience, including demonstrated experience supporting Risk Management Framework (RMF) activities for Department of War (DoW) systems.
  • Security certifications such as CompTIA Security+, Certified Information System Security Professional (CISSP) or Certified Information System Manager (CISM).
  • Practical knowledge and application of concepts with cloud platforms. Google Cloud Platform (GCP), including IAM, VPC, Kubernetes Engine (GKE), and security-related services are preferable.
  • Strong knowledge of containerized environments (e.g., Docker, Kubernetes) and container security best practices.
  • Familiarity with Generative AI technologies, including LLMs and AI/ML security considerations.
  • Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP, and other relevant cybersecurity frameworks.
  • Experience writing and maintaining RMF artifacts such as SSPs, POA&Ms, and SARs.
  • Strong communication skills and ability to collaborate effectively with technical and non-technical stakeholders.
  • Experience with security risk assessments in DoW environments

PREFERRED QUALIFICATIONS

  • Advanced cloud security certifications, such as Google Professional Cloud Security Engineer, Cloud Certified Security Professional.
  • Experience integrating DevSecOps pipelines with RMF compliance processes.
  • Familiarity with automation tools for RMF documentation and control testing (e.g., Xacta, eMASS, OpenRMF).

Similar jobs