Information Systems Security Officer
Swoop Technologies•Minneapolis, MN
•Hybrid
About The Position
As our ISSO, you won't be maintaining compliance for its own sake — you'll be the person who keeps classified and CUI-adjacent systems authorized, hardened, and audit-ready so our engineers can do the work that matters. You'll own the RMF lifecycle end-to-end, interface directly with government AOs and SCA teams, and help build a security program that scales with a fast-moving defense tech company. If you want your ISSO work to feel consequential rather than administrative, this is the role.
Requirements
- Active Secret or TS/SCI clearance
- 4+ years of hands-on ISSO or IA experience in a DoD or IC environment
- Demonstrated eMASS proficiency — end-to-end package management including artifact upload, milestone tracking, control inheritance documentation, and ATO submission
- Deep working knowledge of NIST SP 800-53 Rev 5, DoDI 8510.01, and the seven-step RMF process
- Experience preparing and defending authorization packages through government assessment and authorization cycles
- Hands-on familiarity with ACAS (Tenable/Nessus), STIG Viewer, and SCAP Compliance Checker
- DoD 8570/8140 IAM Level II or III certification (CISSP, CISM, CASP+, or equivalent)
- Strong technical writing skills — you write SSP control implementation statements that satisfy assessors, not just fill boxes
Nice To Haves
- Experience with Air Force, Army, or SOCOM RMF programs including service-specific overlays and supplemental directives (AFI 17-101, AR 25-2, JSIG)
- Familiarity with cATO or Fast Track ATO processes
- Cloud security experience (AWS GovCloud, Azure Government) and FedRAMP control mapping
- Experience with CMMC Level 2/3 compliance in a DIB environment
- Working knowledge of Xacta, ServiceNow GRC, or other RMF automation platforms as eMASS adjacents
- Background as a sysadmin, network engineer, or security engineer — people who've touched the technical layer write better controls
- Offensive security background or familiarity with adversary TTPs (enhances risk-based thinking in control selection and POA&M prioritization)
Responsibilities
- Own end-to-end eMASS package lifecycle for one or more information systems — from initial system categorization through ATO maintenance and continuous monitoring
- Develop, maintain, and update all RMF Body of Evidence artifacts: SSPs, SARs, RAR, POA&Ms, ConMon plans, and control implementation statements aligned to NIST SP 800-53 Rev 5
- Coordinate with System Owners, ISSMs, SAs, and government stakeholders (AOs, SCAs, CORs) to ensure authorization packages remain current and accurate
- Execute continuous monitoring activities including vulnerability scan analysis (ACAS/Nessus), STIG review and validation via STIG Viewer/SCAP, and security log auditing
- Conduct and document security impact analyses (SIAs) for proposed system changes; represent security equities at Configuration Control Board (CCB) proceedings
- Track POA&M findings through remediation closure, providing fix actions and compensating controls where applicable
- Support JSIG, DCSA, and/or DoD SCA assessment activities including artifact readiness reviews, evidence collection, and assessor coordination
- Provide cybersecurity guidance to system administrators, developers, and program staff to promote compliant, secure operations throughout the system lifecycle
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
