Posted today
Secret
Senior Level Career (10+ yrs experience)
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Tetrad Digital Integrity (TDI) is hiring an exceptional DoW Cloud (GCP) Information Systems Security Engineer (ISSE) to support security engineering execution for a mission-critical, cloud-hosted defense system. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system treated as a high-value target. This is not a “paper security” role. We need a team player who is a mission-focused operator, who can translate security requirements into real implementations, drive engineering outcomes under pressure, and deliver customer-ready technical work with minimal oversight.
KEY RESPONSIBILITIES / WHAT YOU’LL DO
• Design, implement, and validate security controls for cloud-hosted and hybrid systems in support of DoD RMF objectives and continuous monitoring needs.
• Translate security requirements (NIST SP 800-53, CNSS policy, DoD Cloud Computing SRG, applicable AI guidance) into actionable engineering tasks and secure architecture patterns.
Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP).
• Engineer and validate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP (e.g., identity, network segmentation, secrets, supply chain controls, logging/auditing).
• Implement and operationalize cloud security fundamentals including IAM design, encryption/KMS, network controls, secure service configuration, and centralized logging/monitoring.
• Support secure SDLC/DevSecOps practices: CI/CD security controls, artifact integrity, configuration-as-code, vulnerability scanning integration, and secure release gating.
Perform threat modeling, vulnerability assessments, and risk analysis; produce clear mitigation plans and validate corrective actions.
• Support DISA STIG implementation/validation and hardening baselines, partnering with platform and DevSecOps teams to ensure sustainable compliance.
• Partner with ISSM/ISSO and CND stakeholders to ensure engineering work produces audit-ready evidence and strengthens operational defense (telemetry, detection hooks, response readiness).
• Optimize delivery through automation: build scripts, policy-as-code, validation checks, and responsible AI-enabled workflows to reduce repetitive work and improve quality.
• Document designs, decisions, and implementations clearly; provide customer-ready technical briefings and written outputs with minimal editing.
REQUIRED
• Active Secret or Top-secret clearance.
• Role required security certification such as: CISSP-ISSAP, CISSP-ISSEP.
• Demonstrated experience as an ISSE/security engineer supporting modern systems in regulated cloud or hybrid environments.
• Strong working knowledge of NIST 800-53 control intent and how to implement controls technically (not just document them).
• Hands-on cloud engineering experience (GCP strongly preferred; AWS/Azure acceptable) including IAM, networking, encryption/KMS, logging/monitoring, and secure configuration patterns.
• Experience securing containerized platforms (Kubernetes/Docker) and implementing practical controls for workload isolation, admission controls/policy, secrets management, and audit logging.
• Experience integrating security into CI/CD and infrastructure-as-code workflows (e.g., automated checks, scanning, gated releases).
• Strong writing and communication skills: able to produce precise, stakeholder-ready technical outputs with minimal oversight.
• Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to increase scale, speed, and quality.
• Comfort operating in a high-change environment with competing priorities and time-sensitive delivery needs.
• Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).
If you prefer slow-moving architecture work, stable requirements, or a role limited to documentation and reviews, this will not be a fit. If you are a hands-on builder who can translate NIST/DoD requirements into implemented controls in cloud and Kubernetes environments, automate repeatable validation, and deliver customer-ready technical outputs under pressure with minimal oversight, we want to meet you.
KEY RESPONSIBILITIES / WHAT YOU’LL DO
• Design, implement, and validate security controls for cloud-hosted and hybrid systems in support of DoD RMF objectives and continuous monitoring needs.
• Translate security requirements (NIST SP 800-53, CNSS policy, DoD Cloud Computing SRG, applicable AI guidance) into actionable engineering tasks and secure architecture patterns.
Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP).
• Engineer and validate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP (e.g., identity, network segmentation, secrets, supply chain controls, logging/auditing).
• Implement and operationalize cloud security fundamentals including IAM design, encryption/KMS, network controls, secure service configuration, and centralized logging/monitoring.
• Support secure SDLC/DevSecOps practices: CI/CD security controls, artifact integrity, configuration-as-code, vulnerability scanning integration, and secure release gating.
Perform threat modeling, vulnerability assessments, and risk analysis; produce clear mitigation plans and validate corrective actions.
• Support DISA STIG implementation/validation and hardening baselines, partnering with platform and DevSecOps teams to ensure sustainable compliance.
• Partner with ISSM/ISSO and CND stakeholders to ensure engineering work produces audit-ready evidence and strengthens operational defense (telemetry, detection hooks, response readiness).
• Optimize delivery through automation: build scripts, policy-as-code, validation checks, and responsible AI-enabled workflows to reduce repetitive work and improve quality.
• Document designs, decisions, and implementations clearly; provide customer-ready technical briefings and written outputs with minimal editing.
REQUIRED
• Active Secret or Top-secret clearance.
• Role required security certification such as: CISSP-ISSAP, CISSP-ISSEP.
• Demonstrated experience as an ISSE/security engineer supporting modern systems in regulated cloud or hybrid environments.
• Strong working knowledge of NIST 800-53 control intent and how to implement controls technically (not just document them).
• Hands-on cloud engineering experience (GCP strongly preferred; AWS/Azure acceptable) including IAM, networking, encryption/KMS, logging/monitoring, and secure configuration patterns.
• Experience securing containerized platforms (Kubernetes/Docker) and implementing practical controls for workload isolation, admission controls/policy, secrets management, and audit logging.
• Experience integrating security into CI/CD and infrastructure-as-code workflows (e.g., automated checks, scanning, gated releases).
• Strong writing and communication skills: able to produce precise, stakeholder-ready technical outputs with minimal oversight.
• Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to increase scale, speed, and quality.
• Comfort operating in a high-change environment with competing priorities and time-sensitive delivery needs.
• Cloud certification (e.g., CCSP or cloud provider security / professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer).
If you prefer slow-moving architecture work, stable requirements, or a role limited to documentation and reviews, this will not be a fit. If you are a hands-on builder who can translate NIST/DoD requirements into implemented controls in cloud and Kubernetes environments, automate repeatable validation, and deliver customer-ready technical outputs under pressure with minimal oversight, we want to meet you.
group id: 90723267
