CYBERSECURITY CLOUD SUBJECT MATTER EXPERT (SME)

Toomey Technologies is seeking a Cybersecurity Cloud Subject Matter Expert (SME) to ensure cloud-hosted IT systems meet or exceed agency requirements. The SME will provide comprehensive security oversight throughout the system lifecycle, from initial design through deployment and ongoing operations.

Requirements

• Active Security Clearance
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related technical field
• Advanced cloud security certifications (CCSP, CISSP, SABSA, or equivalent)
• Experience with DoD Enterprise DevSecOps Reference Design
• Knowledge of containerization security (Docker, Kubernetes) and micro services security architecture
• Cloud ATO Experience: Two (2) years of hands-on experience achieving Authorization to Operate (ATO) in cloud environments
• DoD Systems ATO Experience: Five (5) years of experience achieving ATOs for compartmented DoD IT systems
• Cloud Certification: Current cloud security certification from major cloud providers
• DoD Approved 8140/8570 Baseline Certification
• FedRAMP Expertise: Extensive knowledge of FedRAMP assessment methodology
• OCI Experience: Demonstrated experience working with Oracle Cloud Infrastructure (OCI)
• Enterprise DoD IT Experience: Proven experience working with enterprise DoD IT systems
• Advanced expertise in cloud security architecture principles across multiple platforms
• Comprehensive knowledge of cloud security engineering best practices
• Proficiency in Infrastructure as Code (IaC) security, container security, serverless security, and cloud workload protection platforms
• Expert-level understanding of cloud security threats, attack vectors, and mitigation strategies
• Extensive experience with DoD Risk Management Framework (RMF) processes
• Deep knowledge of NIST cybersecurity frameworks, DISA Security Technical Implementation Guides (STIGs), and DoD cybersecurity policies and instructions
• Comprehensive understanding of FedRAMP assessment methodology
• Expertise in Authorization to Operate (ATO) processes for both cloud environments and compartmented DoD IT systems
• Advanced capabilities in conducting comprehensive cybersecurity vulnerability assessments
• Experience with security assessment tools and platforms
• Knowledge of threat modeling, security architecture review processes, and the ability to identify and mitigate security gaps in complex, distributed systems
• Proven ability to review existing cloud security policies and provide actionable recommendations for improvement
• Experience in developing security standards, procedures, and guidelines that balance security requirements with operational efficiency and mission effectiveness
• Knowledge of emerging cloud security technologies and methodologies
• Comprehensive understanding of enterprise DoD IT architecture
• Experience with DoD enterprise services, shared services, and the security considerations involved in connecting cloud-hosted applications to existing DoD infrastructure
• Knowledge of DoD cloud strategy and implementation approach
• Hands-on experience with cloud security tools and services
• Proficiency in security automation, orchestration, and response (SOAR) capabilities
• Knowledge of DevSecOps practices and the integration of security controls into continuous integration/continuous deployment (CI/CD) pipelines
• Understanding of backup and disaster recovery security considerations, business continuity planning, and the security implications of cloud-based recovery solutions
• Experience with Government cloud initiatives (milCloud, AWS GovCloud, Azure Government)
• Familiarity with AI/ML security considerations in cloud environments

Benefits

• 401k Matching
• Retirement Plan
• Visa Sponsorship
• Generous Paid Time Off
• Tuition Reimbursement
• Relocation Assistance