Tetrad Digital Integrity - TDI
Remote Jobs
6 Jobs
Title: Expert Software Engineer Location: Springfield, VA Full Time Intelligence Community Experienced Tetrad Digital Integrity (TDI) is a cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. Our single focus has been delivering cyber solutions to effectively manage risk & the business of cyber for 25 years! The Geospatial Enterprise Open Data Store (GEODS) contract provides integration, design, development, and sustainment for data services in support of the Federal Government. TDI is looking for a Lead Software Engineer on our GEODS program to be involved in designing and implementing new custom features that solve unique problems as well as updating and optimizing legacy features. This position requires a TS/SCI government clearance and hybrid commute to the Springfield, VA area. RESPONSIBILITIES: - Design software solutions to meet technical and business needs by leveraging knowledge of architecture, software engineering, DevSecOps, and mission Serve as technical delivery leader, planning and managing application development activities - Provide technical leadership and mentorship to project team members, with an emphasis on supporting junior and mid-level developers, including conducting code reviews - Ensure designs align with customer-approved specifications and adhere to established software quality standards - Contribute to Program planning and prioritization; collaborate with product management on solution design, requirements decomposition, and estimation - Participate in all phases of the software development lifecycle (SDLC) - Develop well-designed, testable, efficient, and maintainable code - Recommend improvements to applications and organizational processes to enhance performance and efficiency - Prepare and manage releases of software components - Support formal testing efforts and drive timely resolution of defects - Provide technical support and consultation for application and infrastructure issues, including troubleshooting defects and responding to inquiries QUALIFICATIONS: - TS/SCI clearance is required - Bachelor’s degree with 6+ years of relevant experience in software development using SAFe or similar Agile methodologies, including working with Scrum Masters and Product Owners to decompose high-level requirements into user stories, or 15+ years of relevant experience in lieu of a degree - 6+ years of experience in Python (or similar programming languages), DevSecOps and CI/CD (e.g., GitLab), Infrastructure as Code (e.g., Terraform), and containerization/orchestration technologies (e.g., Docker, Kubernetes, OpenShift) - Strong experience with AWS services, including EC2, DynamoDB, ECS, SQS/SNS, IAM, Lambda, and CDK - Proven ability to clearly communicate complex technical concepts both verbally and in writing - Prior experience leading development teams, workstreams, or major technical efforts PREFERRED QUALIFICATIONS: - Experience with front-end development in React - Database experience, specifically with Apache Solr TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. “TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”
Cryptographic Systems Expert Remote Full Time Department: Intelligence Community Job Description: Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age. We are seeking a highly skilled and knowledgeable Post-Quantum Cryptography (PQC) Evaluation Expert to join our team. The successful candidate will be responsible for creating and evaluating question-answer pairs to assess the understanding and application of post-quantum cryptography concepts by test subjects. This role requires a deep understanding of cryptographic principles, particularly in the context of quantum computing, and the ability to craft scenarios that test the test subject's ability to provide accurate and forward-thinking cryptographic advice. This is a remote role. RESPONSIBILITIES: - Develop comprehensive question and answer pairs that assess the test subject’s understanding of post-quantum cryptography concepts. - Evaluate the quantum resistance of classical and post-quantum algorithms presented by the test subject. - Suggest appropriate quantum-safe alternatives for various cryptographic scenarios. - Analyze and explain the implications of quantum computing on current cryptographic standards. - Assess the test subject’s ability to reason about future attack scenarios and the trade-offs involved in PQC implementations. QUALIFICATIONS: - Advanced degree in Mathematics, Cryptography, Computer Science or a related field. - 5+ years in applied cryptography with a specific focus on the theoretical vulnerabilities of public-key infrastructure in the context of quantum computing. - Knowledge of cryptographic libraries and tools such as OpenSSL, Libsodium, or similar. - Familiarity with programming languages commonly used in cryptography, such as Python, C/C++, or Java. - Understanding of quantum computing principles and their impact on cryptography. PREFERRED QUALIFICATIONS: - Extensive knowledge of cryptographic principles, with a focus on post-quantum cryptography. - Familiarity with quantum-resistant algorithms such as lattice-based, hash-based, code-based, and multivariate polynomial cryptography. - Experience with cryptographic standards and protocols, including NIST's post-quantum cryptography standardization efforts. - Ability to reason about and articulate the trade-offs and implications of different cryptographic approaches in a post-quantum world. - Strong analytical and problem-solving skills, with the ability to evaluate complex cryptographic scenarios. - Excellent written and verbal communication skills, with the ability to clearly explain technical concepts. - Familiarity with cryptographic software and tools used in the evaluation and implementation of PQC. - Participation in cryptographic research or contributions to academic publications in the field of post-quantum cryptography. TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. “TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.”
• Develop open-ended questions and answers based on hypothetical cyber incident scenarios to evaluate test subjects, focusing on coherence, justification, and technical soundness.
• Operate at both strategic and tactical levels, translating high-level architecture and business objectives into actionable technical tasks, with end-to-end ownership from design through delivery • Design scalable, enterprise-level ITSI architectures aligned to business services and outcomes, with experience across full lifecycle ITSI implementations • Apply deep Splunk ITSI expertise in service modeling, KPI design, event analytics, Episode Review, glass tables, and visualization • Leverage strong AIOps and event correlation knowledge, with experience integrating with OBM, ServiceNow, or similar platforms • Utilize strong Splunk platform fundamentals, including SPL, data strategy, and performance considerations
• Comply with currently mandated national and DoD-approved policies, directives, architectures, programs, standards, and guidelines. • Design, implement, and sustain security telemetry/logging architecture in GCP, ensuring high-fidelity signals are collected, normalized, and delivered to the VDSS/SIEM/SOAR stack. • Own logging coverage and quality for cloud and platform signals, including: Cloud Audit Logs (Admin Activity, Data Access, System Event) • IAM/service account activity and privileged actions • VPC Flow Logs, load balancer/WAF/proxy signals • GKE audit logs and Kubernetes control-plane events • Security-relevant application/service logs • Build detection engineering content: queries, correlation logic, alert rules, and dashboards aligned to cloud threat scenarios (IAM abuse, suspicious API usage, workload compromise, data access anomalies, lateral movement paths). • Develop automation and guardrails to reduce toil and accelerate investigations/response: API-driven enrichment and evidence capture (e.g., asset inventory, IAM bindings, network path/context, log exports) • Repeatable runbooks/workflows and integration into ticketing/notification pipelines • Partner with teams to implement and validate security controls that improve defensibility: Secure configuration baselines and drift detection • Identity and access telemetry improvements • Network segmentation signals and policy validation • Container/GKE security instrumentation and runtime visibility • Execute continuous control-health checks and instrumentation validation (telemetry completeness, parsing quality, alert fidelity, logging pipeline reliability). • Coordinate cleanly with the CSSP: provide engineered signals, detection content, and automation that improves downstream monitoring and response outcomes. • Produce clear technical deliverables (engineering notes, detection documentation, dashboards/coverage maps, stakeholder-ready updates) with minimal editing.
• Own the RMF 'engine room' • Apply DoD cloud security policies and NIST SP 800-53 controls • Develop and maintain RMF artifacts • Execute POA&M management with discipline • Support security change governance activities • Conduct security engineering analysis for cloud-native workloads • Engineer evidence and control health • Integrate security into delivery pipelines • Assist with threat modeling and vulnerability assessments • Partner with system architects and developers to integrate security • Monitor, track, and report security compliance posture • Optimize and automate compliance operations