Tech Stack

Description

You will serve as the primary security authority for secure cloud platform implementations supporting government customers, ensuring continuous compliance with federal security standards while enabling agile delivery of cloud infrastructure solutions in classified and sensitive environments. You'll lead security oversight, develop security plans, conduct assessments, and integrate security controls into CI/CD pipelines and Infrastructure as Code.

Requirements

• 5 years cybersecurity experience with government systems and cloud environments
• 3 years direct ISSO experience supporting federal programs or systems
• 3 years’ experience with risk management frameworks (RMF) and security control implementation
• 6 months of eMASS experience
• Experience with FedRAMP, FISMA, and/or DoD security compliance requirements
• DoD 8570 IAT Level II certification required within 6 months of onboarding
• An active Secret level clearance is required; TS/SCI preferred

Responsibilities

• Serve as primary security authority for secure cloud platform implementations
• Develop and maintain Information System Security Plans (ISSP) for government systems
• Lead security control assessments and continuous monitoring programs
• Coordinate with government security officers, SCAs, ISSMs, and AOs for system authorization
• Implement and maintain Risk Management Framework (RMF) processes
• Conduct security control assessments using NIST 800-53 and DoD requirements
• Manage Plan of Action Milestones (POA M) and security remediation efforts
• Ensure continuous compliance with FedRAMP, FISMA, and DoD security standards and applicable overlays
• Design security controls for multi-cloud and hybrid government environments
• Implement cloud-native security solutions: encryption, IAM, network segmentation
• Configure security monitoring and incident response capabilities
• Validate security implementations against STIG and CIS benchmarks
• Integrate security controls into CI/CD pipelines and Infrastructure as Code
• Implement security automation and continuous compliance monitoring
• Collaborate with engineering teams to embed security throughout delivery lifecycle
• Conduct security reviews for cloud architecture and deployment patterns
• Maintain security documentation packages for government reviews and audits in defined systems including but not limited to eMass
• Prepare security deliverables: SSP, SAR, security briefings, and compliance reports
• Support security audits, assessments, and customer security reviews
• Create security standards, procedures, and training materials