Information Systems Security Officer (Remote) at CrowdStrike

You are an experienced cybersecurity professional with a strong background in federal compliance and cloud security architecture. You must hold a DoD 8140/8570

Work type: remote

Location: USA - Remote

Salary: $125,000 – $180,000/yr

Type: Full-time

Summary

You are an experienced cybersecurity professional with a strong background in federal compliance and cloud security architecture. You must hold a DoD 8140/8570 IAM Level II certification and possess deep expertise in NIST 800-53 and FedRAMP frameworks to manage government-facing systems. **What makes it worth a look...** CrowdStrike offers a remote position for U.S. citizens paying between $125,000 and $180,000 per year. You will manage the full Authorization to Operate lifecycle for federal cloud environments while working for an industry leader in cybersecurity. **You might be a good fit if you...** * Have direct, hands-on experience managing 3PAO audits and continuous monitoring for federal workloads. * Possess expert knowledge of AWS GovCloud or similar secure cloud infrastructures. * Can navigate the entire RMF and FISMA compliance landscape with ease. * Manage complex vulnerability remediation and security documentation for high-stakes government projects.

Job Description

As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

CrowdStrike seeks an exceptionally qualified Information Systems Security Officer (ISSO) to establish, maintain, and enhance the security and compliance of our Federal cloud environments. This critical role ensures business continuity with government clients by implementing stringent federal security requirements. The ideal candidate will focus on managing security controls to achieve and sustain Authorization to Operate (ATO) status across multiple federal systems. This position requires a security professional expert in navigating the entire compliance lifecycle, from continuous monitoring to external audits, while maintaining the highest security standards in a highly regulated environment.

What You'll Do:

Continuous Monitoring (ConMon) & Remediation

• Establish, automate, and maintain the Continuous Monitoring (ConMon) strategy from the System Security Plan (SSP), including scanning, assessment, reporting, and automated remediation of compliance checks and Plan of Action and Milestones (POA&M) activities.

• Participate in the vulnerability intelligence on-call rotation for 24/7 expert analysis and rapid response.

• Manage the full Authorization to Operate (ATO) lifecycle, including preparing documentation for initial and continuous security authorizations and acting as the primary point of contact for external compliance.

• Coordinate annual Third-Party Assessment Organization (3PAO) audits for successful outcomes.

• Manage the POA&M process, perform risk-based security impact analyses, and track vulnerability remediation to verified closure.

• Execute security control analyses, recommending infrastructure enhancements based on threat landscape changes.

• Serve as the expert authority on cloud security architecture, providing guidance and implementing defense-in-depth strategies for federal workloads across various cloud configurations (FedRAMP, DISA, agency requirements).

• Develop and maintain cloud security architecture documentation (diagrams, data flows, controls).

• Evaluate architectural changes for security impact and guide secure DevSecOps practices in federal clouds.

• Manage the Change Control Board (CCB) and Significant Change Request (SCR) process, providing authoritative security guidance, coordinating stakeholder reviews, and implementing automated workflows.

• Perform quality assurance and support quarterly audits of SCRs.

• Generate detailed security impact analyses for FedRAMP and DISA change requests.

• Maintain the System Security Plan (SSP) and all security authorization packages, ensuring all security artifacts are accurate and align with FedRAMP and EMASS templates.

• Support governance activities, including policy development and system sponsorship.

• Coordinate compliance matters with authorizing officials, acting as the primary security advocate.

• Serve as the primary security point-of-contact for incident response, managing resolution from initial detection through root cause analysis and implementing preventative measures.

• Strategically coordinate and lead incident response, business continuity, and disaster recovery exercises.

• Manage annual security audit evidence collection and coordination.

• Rigorously audit account management, enforce least privilege through monthly access reviews, and oversee DISA whitelisting requests.

• Process system deviation requests, including risk assessments and determination of compensating controls.

• Education: Bachelor's degree (or equivalent experience) in a relevant technical field (Engineering, Computer Science, Cybersecurity, IT); advanced degree preferred.

• Certification: Must hold a DoD 8140/8570 IAM Level II Baseline Certification (CGRC, CASP+, CISM, CISSP/Associate, or CCISO).

• Eligibility: U.S. Citizenship and residency required for work on sensitive government systems.

• Expertise: Expert knowledge of NIST SP 800-53, RMF, FedRAMP, and FISMA, with significant hands-on experience implementing and assessing controls in cloud environments (e.g., AWS GovCloud).

• Experience: Proven success managing 3PAO audits and maintaining a sophisticated Continuous Monitoring (ConMon) program in federal settings.

• Technical Familiarity: Advanced technical familiarity with modern cloud infrastructure and security tools (e.g., SIEM, Endpoint Security, CI/CD, vulnerability management).

• Skills: Exceptional analytical, communication, and documentation skills essential for a highly regulated environment.

• Architecture: Experience performing comprehensive cyber architecture reviews, identifying weaknesses, and recommending improvements.

• Extensive security experience in classified/air-gapped environments (e.g., C2S, Azure Government Secret).

• Current professional-level AWS Certification (e.g., Solutions Architect, Security Specialist).

• Active Secret or higher U.S. Government clearance eligibility.

• Proficiency in Python, JavaScript, C, or C++ for developing security automation.

• Proven liaison experience with government customers regarding their security requirements.

• Experience with FedRAMP or Agency authorization processes and package preparation.

#LI-RC1

#LI-Remote

This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

View this job on nocollar jobs