Dedicated cloud security engineer role to be championed — dual-purpose JD covering cloud + STIG/FIPS

May 21, 2026 at 10:36 PMpeoplemedium

Situation

Committed in Steve 1:1 5/21 to champion a new dedicated cloud security engineer role. Steve will work with TJ to draft the JD; Peter will champion it to budget owners (Bjorn/Greg). Triggered by TJ flagging current cloud security as bare minimum and the proactive supply-chain projects (TJ on GitHub workflow SHA pinning, CeeLo on NPM package securing) needing a dedicated owner. Dual-purpose JD: also serves Nathans STIG/FIPS security expertise needs — one hire, two demand surfaces.

Reasoning

TJ as de-facto security person but with cloud security as additive scope beyond his primary ops job — supply-chain projects expand his scope without expanding his headroom; without dedicated hire, the new initiatives starve TJs actual ops work or die outright. Why staffed internally vs partner (contrast with Atomicorp pattern): security is DIFFERENTIATING at CIQ because (1) RLC Pro Hardened is a product line, (2) FIPS/STIG/CUI is on the active roadmap with government deadlines, (3) Yesh-style external disclosure response (D6 this week) is a CIQ-trust-and-reputation surface. Partners cannot carry that load. Dual-purpose JD is the efficiency move — two demand surfaces sharing one supply is the math that gets approved by Bjorn/Greg. Steve drafts but Peter champions because Steve does not have the political capital with Bjorn/Greg for a net-new role; Peter does. Champion is an intentional verb — not a quiet headcount add, a budget-cycle fight Peter is committing to lead. Timing matters: security-salient week (Yesh bounty same day, supply-chain projects ramping) means budget conversation happens while security is fresh in everyones mind.

Additional Context

Same week as Yesh bounty (D6), Ascender app eng JD finalization (D2-adjacent), and the security supply-chain projects (TJ GitHub SHA pinning, CeeLo NPM securing). Multiple JD/role decisions moving in parallel — Peter is in role-design mode this week.

Observed Evidence

Direct Fathom summary of Peters champion commitment + dual-purpose framing. Action item assigned to Steve (draft JD; send to Peter).

Matching Patterns

40%
Proactive Talent Pipeline Investment(JD-named-before-budget-secured)
35%
Three-Lever Talent Management(upgrade lever applied to structural gap)
22%
Route Non-Differentiating FTE Classes to Partners(CONTRAST case — security is differentiating so staffed internally not partnered)

Confidence Breakdown

28/35
Evidence
14/30
Pattern
18/20
Source
7/15
Corroboration

Reasoning Depth Analysis

Org Signal:Security is differentiating at CIQ — staffed internally, not partnered. Dual-purpose roles serving multiple demand surfaces are favored. When a current-IC is operating as the de-facto X without the title, name the role.
Who Affected:TJ (gets dedicated owner; de-facto role acknowledged), CeeLo (supply-chain project continuity), Nathan (STIG/FIPS partner), Bjorn/Greg (budget approval needed), future external disclosers (better response capability).
Precedent:When a current-IC is filling a structural role part-time, create the JD that names the role. Not expand-current-IC-plate. Future similar gaps (e.g., Ryan-tooling-team if it grows) should expect the same shape.
Consequences:New headcount budget hit. Recruiting cycle. Integration risk if dual-purpose JD attracts a generalist serving neither well.
Timing:Security-salient week + active RLCH/ISO 42001/NIST 800-171 deliveries surface the gap. JD now means hire arrives summer when capacity matters.

Related Context

🎥
Steve <> Peter 1:1 5/21

fathom

A dedicated security engineer is needed to move beyond bare minimum cloud security. Peter requested a job description to champion the role. Potential Synergy: This role could also support Nathans need for security expertise in STIG and FIPS.

Outcome

No outcome recorded yet.

Decision ID: 45e3df44-30cc-4c87-8958-db0b5ef5777b