Information System Security Manager (ISSM)-Cloud Security

Information System Security Manager (ISSM) – Cloud Security Architect

Mission & Impact

AETC recruits, trains, and educates Airmen to deliver 21st‑century airpower. AWAKEN is AETC’s enterprise‑managed, accredited wireless/network service spanning flight lines, classrooms, dorms, and administrative facilities across the U.S. As ISSM – Senior Cloud Security Architect, you will lead cybersecurity for AWAKEN’s cloud‑native, software‑defined, Zero‑Trust transformation, ensuring secure, reliable connectivity that advances the training mission at scale.

Position Summary

This role is ideal for a hands‑on cloud security engineer first, policy‑aware second. You will actively engineer and enforce security controls across cloud and hybrid environments while maintaining RMF/ATO governance, continuous monitoring, and compliance. Expect roughly 66% platform engineering (secure design/implementation, automation, remediation) and 33% governance/policy enforcement (RMF artifacts, POA&Ms, attestations, board cadence).

Core Responsibilities

Governance, RMF & Compliance

• Lead RMF/ATO/ATC activities: develop and maintain SSP, control implementations, evidence, POA&Ms, and continuous monitoring strategy; coordinate with Government ISSO, SCV, AO; sustain ATO per USAF guidance.
• Enforce DISA STIG/SRG configurations across enterprise hardware/software; ensure timely patching/bug‑fix deployment and flaw remediation with documented procedures.
• Enable and manage ACAS/Nessus vulnerability scanning (external and internal), deliver bi‑weekly/30‑day reports, and drive remediation to closure.
• Support incident response: immediate notification (phone/email) within six hours of discovery; 30‑day follow‑up reporting; maintain secure audit logs and event evidence.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (topologies, inventories, rack elevations, ports/protocols) and read‑only visibility to Government tools/portals.

Cloud Security Architecture

• Implement secure configurations in AWS, Azure, GCP (or comparable platforms).
• Engineer IAM: RBAC, least‑privilege, multi‑account strategy, federation (IdP integration).
• Configure cloud‑native logging/monitoring/alerting for security visibility (e.g., provider equivalents to CloudWatch).
• Apply Zero‑Trust principles across cloud networking and service‑to‑service comms (authN/authZ, encryption, segmentation).
• Develop IaC security baselines; codify guardrails/policies; enforce drift detection.

Vulnerability Management & Compliance

• Operate ACAS and vulnerability scanners; analyze findings; prioritize remediation; validate fixes; sustain POA&Ms and compliance dashboards (NIST SP 800‑53, DISA STIGs, CMMC as applicable).
• Produce traceability mapping of technical controls to required frameworks; prepare audit evidence and assessor packages.

Platform Security (Linux, Windows, Virtualization)

• Linux (≈70%): hardening, auditing, patching, secure configuration, STIG application/validation.
• Windows (≈30%): server security configuration, patch management, policy baselines.
• Virtualization: secure VMs and management planes (e.g., VMware), including isolation, logging, and role segmentation.

Kubernetes & Container Security

• Secure clusters: RBAC, network policies, secrets management, pod security standards; image signing and vulnerability scanning; protect service meshes and encrypted service communication.

Networking & Zero Trust

• Apply TCP/IP, firewalls, VLANs, VPNs, routing, micro‑segmentation to enforce least‑privilege access across hybrid environments; integrate CoS/QoS and performance KPIs where applicable.

Automation & DevSecOps

• Bash/Python automation for remediation and control validation.
• Terraform/Ansible (or equivalent) for enforcing baselines, policy‑as‑code, and repeatable secure deployments.
• CI/CD security integration, pre‑deployment testing, and lab validation prior to production changes.

Collaboration & Leadership

• Serve as trusted advisor to COR and Government Technical Leads; brief diverse stakeholders in clear, mission‑focused terms.
• Coordinate with PM, architects, network engineers, helpdesk/T3, and cybersecurity analysts; maintain cadence with PMRs and escalation SOPs.

Customer: Air Education and Training Command (AETC), United States Air Force
Location: San Antonio area; located within 25 miles of JBSA‑Randolph, TX
Clearance: Ability to obtain and maintain Secret; USAF CAC eligibility; U.S. citizen with required background screening

Required Qualifications

• U.S. citizenship; Security clearance level: Must have Secret clearance to start and ability to obtain and maintain a Top Secret and USAF CAC; comply with base access requirements.

• Meets DoDM 8140.03 cyberspace workforce qualifications for the role (documentation upon request).
• 5–8+ years in cybersecurity/CloudSec; significant experience in hybrid cloud architecture, IAM, Zero‑Trust, Kubernetes/container security, and Linux hardening.
• Demonstrated experience enforcing DISA STIGs/SRGs, executing ACAS/Nessus scans, and delivering RMF/ATO artifacts and continuous monitoring.
• Proficiency with cloud logging/monitoring, IaC, automation (Bash/Python, Terraform/Ansible), and CI/CD security integration.
• Excellent communication skills; ability to brief senior Government stakeholders and translate complex risks into actionable plans.
• Participate in PMRs and CCBs; maintain enterprise baseline and CM Plan; provide artifacts (Scan results/ATO/RMF information) to Government tools/portals

Preferred Qualifications

• Experience supporting Air Force or DoW enterprise environments (e.g., USAREUR‑AF).
• DoDM 8140.03‑aligned cyber workforce qualification or willingness to obtain
• Contributions to ATO/RMF packages and control documentation.
• Cloud security certifications (AWS Security Specialty, Azure Security Engineer, GCP Professional Cloud Security Engineer).
• Security+ (IAT II) required; CASP/CISSP/CISA preferred.

• Willingness to co‑locate near JBSA‑Randolph, TX for key personnel collaboration, and to engage with Government stakeholders regularly.
• Availability to support after‑hours incident response or critical events as needed; adherence to AWAKEN governance, reporting, and board cadence.
• Experience with SAFe practices, Jira/Confluence, and ServiceNow in DoD environments.

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
● Growth: AI-powered career tool that identifies career steps and learning opportunities
● Support: An internal mobility team focused on helping you achieve your career goals
● Rewards: Comprehensive benefits and wellness packages, 401K with company match, and competitive pay and paid time off
● Flexibility: Full-flex work week to own your priorities at work and at home
● Community: Award-winning culture of innovation and a military-friendly workplace