Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years!
TDI is hiring an exceptional DoW Cloud Security Engineer to strengthen the security engineering posture of a mission-critical, cloud-hosted defense system treated as a high-value target. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system operating under elevated adversary interest. This is not a “watch-the-console” role. We need a hands-on engineer who can build and mature cloud security telemetry, logging pipelines, detections, and automation, enabling faster, higher-confidence response by the CSSP while measurably improving the system’s defensibility (hardening, control validation, and security signal quality).
ARE YOU A FIT?
If you prefer narrow scope, low stakeholder interaction, or purely operational monitoring, this will not be a fit. If you’re a builder who can design cloud logging/telemetry end-to-end, integrate with a VDSS/SIEM stack, automate enrichment and evidence capture via APIs, and partner with DevSecOps/platform teams to improve hardening and control effectiveness, we want to talk.
RESPONSIBILITIES:
- Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines.
- Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack.
- Own logging coverage and quality for cloud and platform signals, including:
- Cloud Audit Logs (Admin Activity, Data Access, System Event)
- IAM/service account activity and privileged actions
- VPC Flow Logs, load balancer/WAF/proxy signals
- GKE audit logs and Kubernetes control-plane events
- Security-relevant application/service logs
- Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths).
- Develop automation and guardrails to reduce toil and accelerate investigations/response:
- API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports)
- Repeatable runbooks/workflows and integration into ticketing/notification pipelines
- Partner with teams to implement and validate security controls that improve defensibility:
- Secure configuration baselines and drift detection
- Identity and access telemetry improvements
- Network segmentation signals and policy validation
- Container/GKE security instrumentation and runtime visibility
- Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability).
- Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes.
- Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.
QUALIFICATIONS:
- Active DoD Secret secret clearance.
- Role-required security certification such as: CFR, CCNA Cyber Ops, CCNA-Security, CHFI, CySA+, GCFA, GCIH, SCYBER.
- Demonstrated experience in cloud security engineering or security-focused platform engineering in enterprise/mission environments.
- GCP strongly preferred (AWS/Azure acceptable with ability to ramp quickly in GCP).
- Strong proficiency in cloud logging/telemetry design, including integration into VDSS/SIEM/SOAR platforms.
- Hands-on experience with automation and APIs (Python/Go/Bash, REST/JSON, gcloud/SDKs) to build repeatable security workflows.
- Experience with Kubernetes/container security concepts; ability to instrument and operationalize GKE audit/runtime telemetry.
- Practical incident-response awareness (evidence preservation and containment guidance) — not a primary duty, but able to support when needed.
- Strong writing/briefing skills; can deliver precise, customer-ready outputs with minimal oversight.
- Comfort operating in a high-change environment with competing priorities and frequent stakeholder engagement.
- Cloud certification preferred (e.g., CCSP or Google Professional Cloud Security Engineer, Professional Cloud DevOps Engineer, Professional Cloud Network Engineer).
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.“TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”
