Information Systems Security Officer
Crowdstrike
4h ago
0$125k - $180kOtherUnited Stateshimalayas
Information-Systems-Security-OfficerCybersecuritySecurity-ComplianceCloud-SecurityFederal-CybersecurityRisk-Management-FrameworkInformation-System-Security-OfficerInformation-Systems-Security-Officer-(ISSO)Information-System-Security-Officer-(ISSO)IT-Security-OfficerInformation-Systems-Security-ManagerSenior
Job Description
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're proud to work for a mission-driven company leveraging AI to transform the way we work. CrowdStrikers drive their careers through flexibility and autonomy while also being expected to contribute to a culture of responsible AI adoption, experimentation, and innovation. We use an AI-first mindset as a force multiplier to proactively and continuously accelerate execution, build expertise, uncover insights, and solve complex problems. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.
About the Role:CrowdStrike seeks an exceptionally qualified Information Systems Security Officer (ISSO) to establish, maintain, and enhance the security and compliance of our Federal cloud environments. This critical role ensures business continuity with government clients by implementing stringent federal security requirements. The ideal candidate will focus on managing security controls to achieve and sustain Authorization to Operate (ATO) status across multiple federal systems. This position requires a security professional expert in navigating the entire compliance lifecycle, from continuous monitoring to external audits, while maintaining the highest security standards in a highly regulated environment.What You'll Do:AI-Powered GRC Automation & EngineeringUtilize deep proficiency in Python, JavaScript, C, or C++ to architect and implement advanced AI automation pipelines, optimizing critical GRC functions such as control assessments, POA&M management, and compliance reporting across federal authorization frameworks.Leverage professional-level cloud architecture expertise and experience in FedRAMP and IL-5 environments to engineer secure, GRC automation tools within GovCloud and high-security boundaries.Translate complex agency security requirements into automated solutions, employing LLM assistance for the rigorous drafting and versioning of SSPs and security narratives to meet evolving FedRAMP 20x mandates.Operationalize AI compliance frameworks and correlate vulnerability intelligence with NIST SP 800-53 controls, providing real-time audit readiness metrics and accelerating the ATO lifecycle.Design and deploy autonomous AI agents capable of executing multi-step GRC workflows — including control validation, evidence gathering, risk analysis, and remediation tracking — reducing manual compliance overhead and enabling continuous, intelligent oversight of federal security environments.Continuous Monitoring (ConMon) & RemediationEstablish, automate, and maintain the Continuous Monitoring (ConMon) strategy from the System Security Plan (SSP), including scanning, assessment, reporting, and automated remediation of compliance checks and Plan of Action and Milestones (POA&M) activities.Participate in the vulnerability intelligence on-call rotation for 24/7 expert analysis and rapid response.Security Authorization & Risk ManagementManage the full Authorization to Operate (ATO) lifecycle, including preparing documentation for initial and continuous security authorizations and acting as the primary point of contact for external compliance.Coordinate annual Third-Party Assessment Organization (3PAO) audits for successful outcomes.Manage the POA&M process, perform risk-based security impact analyses, and track vulnerability remediation to verified closure.Execute security control analyses, recommending infrastructure enhancements based on threat landscape changes.Cloud Security ArchitectureServe as the expert authority on cloud security architecture, providing guidance and implementing defense-in-depth strategies for federal workloads across various cloud configurations (FedRAMP, DISA, agency requirements).Develop and maintain cloud security architecture documentation (diagrams, data flows, controls).Evaluate architectural changes for security impact and guide secure DevSecOps practices in federal clouds.Change Control & SCR ManagementManage the Change Control Board (CCB) and Significant Change Request (SCR) process, providing authoritative security guidance, coordinating stakeholder reviews, and implementing automated workflows.Perform quality assurance and support quarterly audits of SCRs.Generate detailed security impact analyses for FedRAMP and DISA
