Braze is hiring an Information Systems Security Officer (ISSO) to lead the security authorization and continuous monitoring efforts for our cloud platforms, ensuring compliance with stringent security standards for the defense and intelligence community. You will serve as the primary ISSO and a key liaison to security offices and external authorizing bodies.
What You'll Do
- Lead and support the security authorization process for cloud solutions seeking and maintaining FedRAMP and DoD Impact Level (IL) Authorizations.
- Serve as the primary ISSO for all designated systems, managing their security lifecycle from initial design through authorization and sustainment.
- Author and maintain all required security documentation, including System Security Plans (SSPs).
- Manage all aspects of FedRAMP and DoD IL Continuous Monitoring (ConMon), including gathering, reviewing, and submitting security artifacts.
- Support sustained customer communications and participate in Continuous Monitoring Review Meetings with government partners.
- Drive the process for all FedRAMP and DoD IL Significant Change Requests and minor change requests.
- Collaborate with engineering teams to ensure control implementations are technically sound, auditable, and maintain compliance.
- Support the GRC team and provide guidance related to commercial compliance efforts.
What We're Looking For
- Top Secret Security Clearance & US Citizenship.
- 5+ years of direct experience supporting DoD and/or FedRAMP systems in an Information Security Officer, compliance, or security engineering capacity.
- Must currently reside in the greater Washington D.C. area or be willing to travel to the area regularly.
- Must be eligible for a Top Secret security clearance (current active clearance preferred) and maintain DoD 8570 IAM Level III baseline certifications (e.g., CISSP, CISM, GSLC).
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience considered.
- Detailed understanding of NIST 800-53 Revision 5 security controls, security requirement traceability matrices (SRTM), and continuous monitoring practices.
- Detailed understanding of the DISA and FedRAMP significant change request process and authorization lifecycles.
- Proven experience with AWS services management, security baseline enforcement, and compliance within cloud environments.
- Working experience with security incident response, event logging, alerting and the related tooling.
- Experience running Kubernetes in highly regulated environments.
Nice to Have
- Experience managing security compliance efforts in DoD classified cloud environments.
- Demonstrated experience with AI implementations and automations targeting federal compliance and evidence generation.
- Administrator-level knowledge of AWS and Administrator-level knowledge of Linux operating systems.
- Experience taking a cloud information system through the entire FedRAMP and/or DoD IL authorization process and successfully obtaining an Authorization to Operate (ATO).
- Experience managing security packages and workflows within government GRC tools such as eMASS.
- Familiarity with FISMA and CMMC authorization processes.
- Ability to review Python and understand code as it relates to security controls and automation, and demonstrated ability to write Python scripts to support compliance automation.
- Experience working with a global team where the majority of team members are remote.
- Experience working with task planning tools like JIRA and Asana.
- Experience managing content throughout its lifecycle in the Microsoft Office 365 ecosystem.
- Project management experience where the key stakeholders are at the executive level.
Technical Stack
- AWS
- Linux
- Kubernetes
- Python
- Microsoft Office 365
- JIRA
- Asana
Team & Environment
Join the Armis Governance, Compliance and Risk team and work closely with all engineering and product teams. You will be the primary liaison to the Office of the Chief Information Security Officer (OCISO) and external authorizing bodies.
Benefits & Compensation
- Comprehensive health benefits
- Discretionary time off
- Paid holidays including monthly me days
Work Mode
This is a hybrid position with locations in Boston, Massachusetts, United States; Dallas, Texas, United States; and the Washington DC - Baltimore Metro Area.
Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status.
