Cybersecurity Program Lead
Washington, DC
Full Time
Corporate
Senior Manager/Supervisor
Tetrad Digital Integrity (TDI) is hiring a Cybersecurity Program Lead to drive the RMF and security execution for a mission-critical, cloud-hosted defense system. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system treated as a high-value target. This is not a template ISSM role. We need a mission focused decisive operator who can run security like a program, drive outcomes through ambiguity, and deliver customer excellence without hand-holding.
RESPONSIBILITIES:
RESPONSIBILITIES:
- High-Profile, out-front leadership and support of DoD RMF activities throughout all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring).
- Provide expert guidance on DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as Cloud Computing SRG and AI-specific guidance.
- Conduct security architecture reviews and security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform.
- Evaluate security controls associated with Kubernetes, Docker, and container orchestration platforms within GCP.
- Assess security risks related to generative AI components, including large language models (LLMs) and AI/ML workloads, ensuring responsible and compliant use.
- Develop and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and related RMF documentation.
- Perform threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and AI technologies.
- Interface with system architects, developers, and DevSecOps teams to integrate security throughout the Software Development Lifecycle (SDLC).
- Support security control assessments (SCAs) and coordinate with third-party assessors.
- Monitor, track, and report on security compliance posture through Continuous Monitoring (ConMon) processes
- Demonstrated success leading DoD RMF for complex modern systems (authorization package delivery and post-ATO sustainment).
- Advanced certifications such as CISSP, CCSP, or relevant cloud security certifications.
- Strong command of NIST 800-53, inheritance strategy, evidence planning, assessor/AO engagement, and practical risk decisions.
- Hands-on cloud security engineering (AWS/Azure/GCP): IAM, logging/monitoring, networking, encryption/KMS, secure architecture patterns.
- Experience with STIG implementation/validation in production environments.
- Adoption and of automated methods to increase scale and quality.
- Experience operating in high-change environments with CCBs and competing stakeholder priorities.
- Executive-ready writing and briefings: no peer review/tech editor—your work product is final.
PREFERRED QUALIFICATIONS:
- Direct experience interfacing or operating alongside a CSSP/CNDSP/SOC.
- IL4/IL5+ style environments or other high-adversary-interest systems.
- Proven, measurable automation outcomes (e.g., faster evidence cycles, fewer audit findings, reduced manual effort).
- Prior people leadership in high-tempo programs.
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”
Apply for this position
Required*