Cloud Security SME (C&A, RMF, Zero Trust, cybersecurity, NIST)

Job Title: Cloud Security SME (C&A, RMF, Zero Trust, cybersecurity, NIST)

Location: Remote - ability to attend meetings in Fort Belvoir, VA and DC metro area as needed

Clearance Required: Secret or TS

Certification: CCSP - Certified Cloud Security Professional

Salary: $125K-$136K

Application Deadline: October 23, 2025

Visit: https://s2i2.isolvedhire.com/jobs/

• Select the position you are interested in
• Review the job details, then click Apply Now
• Complete and submit your application

S2i2 is seeking a highly qualified Cloud Computing Specialist – Subject Matter Expert (SME) to provide advanced technical expertise in cloud architecture, deployment, and cybersecurity compliance in accordance with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and Department of Defense (DoD) standards.

The CCS-SME will serve as the principal advisor on Certification and Accreditation (C&A) activities, cloud hosting design, and security control implementation across multiple platforms including AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI).

The role requires deep understanding of FedRAMP, Secure Cloud Computing Architecture (SCCA), and Zero Trust (ZT) frameworks to ensure secure, compliant, and efficient cloud solutions supporting DLA enterprise operations.

Responsibilities

• Serve as a subject matter expert (SME) for cloud security, Certification and Accreditation (C&A), and implementation of the NIST RMF as defined in NIST SP 800-53 and SP 800-37 (current versions).
• Maintain Certified Cloud Security Professional (CCSP) credentials and apply industry best practices to identify, manage, and mitigate cloud computing risks across multiple environments.
• Provide cloud hosting design and advisory support for deployments on Azure, AWS, Google Cloud, and Oracle Cloud Infrastructure.
• Collaborate with DLA engineers, cybersecurity teams, and vendors to develop and implement secure cloud architectures meeting DoD/DISA security requirements and guidance, including SCCA, FRD, and SRG.
• Conduct C&A reviews, security control assessments, and compliance evaluations for large-scale, complex information systems.
• Implement and maintain cloud security controls covering network security, tenant isolation, encryption, key management, vulnerability assessments, firewalls, and Zero Trust principles.
• Support deployment, troubleshooting, system testing, and validation activities related to cloud hosting environments.
• Author and maintain deployment specifications, configuration documentation, test plans, and cloud security reports to support Enterprise Hosting operations.
• Recommend innovative solutions to enhance automation, scalability, and process efficiency across multi-cloud environments.

Minimum Requirements

• Experience: Minimum five (5) years of Certification and Accreditation (C&A) experience.
• Experience: Minimum five (5) years of hands-on experience in cloud computing, including deployment, migration, and management of enterprise workloads.
• Demonstrated DoD Cybersecurity and RMF compliance experience.
• Experience in Zero Trust, SCCA FRD, and SRG implementation.
• Experience assessing cybersecurity controls for large, complex IT systems.
• Experience with hybrid, edge, and cloud-native computing architectures.

FedRAMP Expertise

Deep understanding of the six FedRAMP domain areas:

• Architectural Concepts & Design Requirements
• Cloud Data Security
• Cloud Platform & Infrastructure Security
• Cloud Application Security
• Operations
• Legal & Compliance

Education

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related discipline.

Certifications

• Certified Cloud Security Professional (CCSP) (required).
• DoD 8570 Baseline Certification: Category IAT Level II (e.g., Security+ CE, CCNA Security, CySA+).
• Computing Environment Certifications: At least 1 of the following cloud certifications: AWS Solutions Architect, Azure Solutions Architect Expert, Oracle Cloud Infrastructure Architect Foundations, Oracle Cloud Infrastructure Security Professional, Google Cloud Platform Cloud Architect.

Security Clearance

Must possess IT-II (Non-Critical Sensitive) or Tier 3 (T3) clearance.

Skills

Strong business and technical writing capability, communication skills, and ability to translate technical risk into operational guidance.

About S2i2

S2i2 is a growing company with a supportive and inclusive culture and many opportunities for professional development and growth. We have created a supportive, family-like work environment where contributions are recognized. Regular company updates and open lines of communication with leadership fosters collaboration within the company.

We are proud to include:

• Support to achieve professional certifications and degrees
• Leadership that is accessible to all employees
• Regular company updates
• Client networking social engagements
• Monthly team-building activities (past examples: Top Golf)
• Supporting our community - including veterans

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.