דרושים Information Systems Security Officer Isso ב-Armis ב-United States, Boston

What you'll do

As the ISSO, you will serve as the delegated security lead with responsibility for the security integrity of Armis's most highly sensitive systems:

• Lead and support the security authorization process for cloud solutions seeking and maintaining FedRAMP and DoD Impact Level (IL) Authorized Unclassified ( IL-4, IL-5) and Classified (IL-6) cloud solutions.
• Serve as the primary ISSO for all designated systems under your purview, managing their security lifecycle from initial design through authorization and sustainment.
• Author and maintain all required security documentation, including System Security Plans (SSPs), ensuring controls are accurately documented and aligned with implementation.
• Manage all aspects of FedRAMP and DoD IL Continuous Monitoring (ConMon), including gathering, reviewing, and submitting monthly, quarterly, and annual security artifacts to the appropriate authorizing bodies.
• Support sustained customer communications and actively participate in Continuous Monitoring Review Meetings with government partners.
• Drive the process for all FedRAMP and DoD IL Significant Change Requests and minor change requests, ensuring security impact analyses and authorization updates are completed accurately and on schedule.
• Collaborate with engineering teams to ensure control implementations are technically sound, auditable, and maintain compliance across rapidly evolving cloud and containerized environments.
• Support the GRC team and provide guidance related to commercial compliance efforts.

What we expect

• Top Secret Security Clearance & US Citizenship
• 5+ years of direct experience supporting DoD and/or FedRAMP systems in an Information Security Officer, compliance, or security engineering capacity.
• Must currently reside in the greater Washington D.C. area or be willing to travel to the area on a regular basis to meet with government and authorization partners.
• Must be eligible for a Top Secret security clearance (current active clearance preferred) and must maintain DoD 8570 IAM Level III baseline certifications (e.g., CISSP, CISM, GSLC). IAM Level 3
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree.
• Detailed understanding of NIST 800-53 Revision 5 security controls, security requirement traceability matrices (SRTM), and continuous monitoring practices.
• Detailed understanding of the DISA and FedRAMP significant change request process and authorization lifecycles.
• Proven experience with AWS services management, security baseline enforcement, and compliance within cloud environments.
• Working experience with security incident response, event logging, alerting and the related tooling.
• Experience running Kubernetes in highly regulated environments.

Preferred Skills

• Experience managing security compliance efforts in DoD classified cloud environments.
• Demonstrated experience with AI implementations and automations specifically targeting federal compliance and evidence generation efforts.
• Administrator-level knowledge of AWS and Administrator-level knowledge of Linux operating systems.
• Experience taking a cloud information system through the entire FedRAMP and/or DoD IL authorization process and successfully obtaining an Authorization to Operate (ATO).
• Experience managing security packages and workflows within government GRC tools such as eMASS.
• Familiarity with FISMA and CMMC authorization processes.
• Ability to review Python and understand code as it relates to security controls and automation efforts, and demonstrated ability to write Python scripts to support compliance automation.
• Experience working with a global team where the majority of team members are remote.
• Experience working with task planning tools like JIRA and Asana.
• Experience managing content throughout its lifecycle in the Microsoft Office 365 ecosystem.
• Project management experience where the key stakeholders are at the executive level.