DoW Junior Cloud RMF Analyst

TDI (Tetrad Digital Integrity) • Washington, DC, US • 1d geleden

Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!

TDI is seeking a Junior Cloud RMF Analyst to support RMF and security execution for a mission-critical cloud-hosted defense system. This is a growth role for an early-career cybersecurity professional who is organized, coachable, mission-focused, and ready to build real-world experience in DoD cloud security and RMF operations. The role is designed for candidates with a solid foundation in cybersecurity, an active clearance, and the discipline to operate in a high-visibility environment where accuracy, follow-through, and customer trust matter.
This is not a passive documentation role, but it is also not a sink-or-swim senior ISSO position. You will work alongside experienced ISSOs, ISSMs, and engineering teams to support the RMF engine room: maintaining artifact quality, tracking POA&Ms, collecting and organizing evidence, supporting Continuous Monitoring, and helping ensure that documentation stays aligned to system reality as the environment evolves. If you are the kind of person who learns quickly, writes clearly, stays organized under pressure, and wants to grow into a cloud-savvy ISSO role supporting consequential national security systems, we want to meet you.
This position will require hybrid commute to the DC area.
RESPONSIBILITIES:

Support day-to-day RMF execution across the system lifecycle under the guidance of senior cybersecurity staff
Assist with development and maintenance of RMF artifacts including SSPs, SAR support materials, POA&Ms, control implementation details, evidence mappings, and supporting documentation
Collect, organize, and maintain evidence needed to support assessments, audits, Continuous Monitoring, and authorization activities
Support POA&M management with discipline: track remediation items, owners, due dates, status updates, and closure evidence
Help ensure documentation, evidence, and system reality remain aligned as approved changes occur through normal governance and configuration management processes
Support Continuous Monitoring activities by maintaining artifact freshness, tracking recurring deliverables, and helping prepare metrics and status updates
Review vulnerability scan outputs, STIG findings, and remediation documentation to support compliance tracking and risk reduction efforts
Coordinate with engineering, platform, and DevSecOps teams to gather evidence and confirm implementation details for security controls
Support security documentation and control traceability for cloud-hosted environments, including systems using modern platforms and managed cloud services
Contribute to process improvement efforts that reduce manual compliance work and improve quality, consistency, and audit readiness
Build practical knowledge of DoD RMF, NIST SP 800-53, cloud security concepts, and real-world control implementation in operational environments

QUALIFICATIONS:

Active Secret clearance
Bachelor’s degree in cybersecurity, information systems, computer science, engineering, or a related field, or equivalent relevant experience
1–2 years of experience in cybersecurity, cloud security, compliance, risk management, IT operations, or related technical work
Security+ certification
Foundational knowledge of RMF, NIST SP 800-53, FedRAMP, or related cybersecurity/compliance frameworks
Basic familiarity with one or more cloud platforms such as AWS, Azure, or GCP, active path to obtain professional-level Google certification within a defined period after hire, is preferred
Familiarity with core security concepts such as access control, logging and monitoring, vulnerability management, configuration management, encryption, and incident response
Strong writing and communication skills with the ability to produce clear, professional, customer-ready documentation with guidance
Strong organizational skills, attention to detail, and follow-through across multiple tasks in a fast-moving environment
Ability to learn quickly, accept coaching, and work effectively with both technical and non-technical stakeholders

PREFERRED QUALIFICATIONS:

Exposure to cybersecurity internships, academic research, lab work, cloud coursework, or compliance documentation
Familiarity with SSPs, POA&Ms, STIGs, Nessus/ACAS, or audit/evidence collection is preferred

OVERALL MATCH:
We are seeking early-career professionals who have already demonstrated a track record of excellence through academics, military service, internships, research, certifications, or hands-on technical work. The ideal candidate brings discipline, intellectual curiosity, strong writing, and a genuine drive to master cybersecurity, cloud, RMF, and emerging technologies. This is a true entry point into mission-critical defense work, but it is intended for high-potential performers who are ready to learn quickly, execute with rigor, and grow into larger responsibility over time.