DoW Cloud Security Information Systems Security Manager
Hybrid · Washington, District of Columbia, United States
Job Summary
Lead and support DoD RMF activities across the full lifecycle with a focus on real security outcomes in cloud-native, containerized environments. Provide guidance on DoD cloud security policy, NIST 800-53 controls, CNSS policy, Cloud Computing SRG, and AI risk; translate requirements into practical engineering and risk decisions. Conduct security architecture reviews for cloud-native workloads in Google Cloud Platform (GCP); evaluate security controls for Kubernetes, Docker, and GKE; develop and maintain RMF artifacts (SSP, SARs, POA&Ms); perform threat modeling, vulnerability assessment, and risk analysis; collaborate with system architects, developers, and DevSecOps to integrate security into the SDLC; coordinate with third-party assessors and stakeholders; monitor compliance and risk posture through Continuous Monitoring. Qualifications include U.S. citizenship with an active DoD clearance, a bachelor’s degree, security certifications (CISSP or CISM), 12+ years of cybersecurity experience with RMF activities, and strong knowledge of cloud and container technologies; preferred advanced cloud security certifications and automation experience for RMF documentation and evidence collection.
Required Qualifications
- U.S. Citizenship
- active DoD Secret clearance; Top Secret preferred
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field
- Security certification such as CISSP or CISM
- 12+ years of cybersecurity experience with DoD RMF activities
- Working knowledge of cloud platforms, preferably Google Cloud Platform (GCP) including IAM, VPC, GKE
- Strong knowledge of containerized environments (Docker, Kubernetes)
- Familiarity with Generative AI technologies and AI/ML security considerations
- Deep understanding of NIST SP 800-53, DoD RMF, FedRAMP
- Experience writing and maintaining RMF artifacts (SSP, POA&Ms, SARs)
- Strong communication skills with technical and non-technical stakeholders
- Experience conducting security risk assessments in DoD or federal cloud environments
- Ability to defend recommendations with technical and risk-based reasoning
Additional Requirements
- TDI does business with the federal government
- employment restricted to US citizens or lawful permanent residents
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.