Information Systems Security Officer (Remote)

About The Position

Requirements

• Bachelor's degree (or equivalent experience) in a relevant technical field (Engineering, Computer Science, Cybersecurity, IT); advanced degree preferred.
• Must hold a DoD 8140/8570 IAM Level II Baseline Certification (CGRC, CASP+, CISM, CISSP/Associate, or CCISO).
• U.S. Citizenship and residency required for work on sensitive government systems.
• Expert knowledge of NIST SP 800-53, RMF, FedRAMP, and FISMA, with significant hands-on experience implementing and assessing controls in cloud environments (e.g., AWS GovCloud).
• Proven success managing 3PAO audits and maintaining a sophisticated Continuous Monitoring (ConMon) program in federal settings.
• Advanced technical familiarity with modern cloud infrastructure and security tools (e.g., SIEM, Endpoint Security, CI/CD, vulnerability management).
• Exceptional analytical, communication, and documentation skills essential for a highly regulated environment.
• Experience performing comprehensive cyber architecture reviews, identifying weaknesses, and recommending improvements.

Nice To Haves

• Current professional-level AWS Certification (e.g., Solutions Architect, Security Specialist).
• Proficiency in Python, JavaScript, C, or C++ for developing security automation.
• Proven liaison experience with government customers regarding their security requirements.
• Experience with FedRAMP or Agency authorization processes and package preparation.
• Experience with CMMC, IRAP, TxRAMP, GovRAMP processes and package preparation

Responsibilities

• Utilize deep proficiency in Python, JavaScript, C, or C++ to architect and implement advanced AI automation pipelines, optimizing critical GRC functions such as control assessments, POA&M management, and compliance reporting across federal authorization frameworks.
• Leverage professional-level cloud architecture expertise and experience in FedRAMP and IL-5 environments to engineer secure, GRC automation tools within GovCloud and high-security boundaries.
• Translate complex agency security requirements into automated solutions, employing LLM assistance for the rigorous drafting and versioning of SSPs and security narratives to meet evolving FedRAMP 20x mandates.
• Operationalize AI compliance frameworks and correlate vulnerability intelligence with NIST SP 800-53 controls, providing real-time audit readiness metrics and accelerating the ATO lifecycle.
• Design and deploy autonomous AI agents capable of executing multi-step GRC workflows — including control validation, evidence gathering, risk analysis, and remediation tracking — reducing manual compliance overhead and enabling continuous, intelligent oversight of federal security environments.
• Establish, automate, and maintain the Continuous Monitoring (ConMon) strategy from the System Security Plan (SSP), including scanning, assessment, reporting, and automated remediation of compliance checks and Plan of Action and Milestones (POA&M) activities.
• Participate in the vulnerability intelligence on-call rotation for 24/7 expert analysis and rapid response.
• Manage the full Authorization to Operate (ATO) lifecycle, including preparing documentation for initial and continuous security authorizations and acting as the primary point of contact for external compliance.
• Coordinate annual Third-Party Assessment Organization (3PAO) audits for successful outcomes.
• Manage the POA&M process, perform risk-based security impact analyses, and track vulnerability remediation to verified closure.
• Execute security control analyses, recommending infrastructure enhancements based on threat landscape changes.
• Serve as the expert authority on cloud security architecture, providing guidance and implementing defense-in-depth strategies for federal workloads across various cloud configurations (FedRAMP, DISA, agency requirements).
• Develop and maintain cloud security architecture documentation (diagrams, data flows, controls).
• Evaluate architectural changes for security impact and guide secure DevSecOps practices in federal clouds.
• Manage the Change Control Board (CCB) and Significant Change Request (SCR) process, providing authoritative security guidance, coordinating stakeholder reviews, and implementing automated workflows.
• Perform quality assurance and support quarterly audits of SCRs.
• Generate detailed security impact analyses for FedRAMP and DISA change requests.
• Maintain the System Security Plan (SSP) and all security authorization packages, ensuring all security artifacts are accurate and align with FedRAMP and EMASS templates.
• Support governance activities, including policy development and system sponsorship.
• Coordinate compliance matters with authorizing officials, acting as the primary security advocate.
• Serve as the primary security point-of-contact for incident response, managing resolution from initial detection through root cause analysis and implementing preventative measures.
• Strategically coordinate and lead incident response, business continuity, and disaster recovery exercises.
• Manage annual security audit evidence collection and coordination.
• Rigorously audit account management, enforce least privilege through monthly access reviews, and oversee DISA whitelisting requests.
• Process system deviation requests, including risk assessments and determination of compensating controls.

Benefits

• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays for recharge
• Paid parental and adoption leaves
• Professional development opportunities for all employees regardless of level or role
• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
• Vibrant office culture with world class amenities
• Great Place to Work Certified™ across the globe
• health insurance
• 401k
• paid time off