CrowdStrike is hiring an Information Systems Security Officer (Remote)

CrowdStrike is looking for an Information Systems Security Officer (ISSO) to establish, maintain, and enhance the security and compliance of Federal cloud environments. This role is critical for ensuring business continuity with government clients by implementing stringent federal security requirements and managing the full Authorization to Operate (ATO) lifecycle.

What You'll Do

• Establish, automate, and maintain the Continuous Monitoring (ConMon) strategy from the System Security Plan (SSP).
• Participate in the vulnerability intelligence on-call rotation for 24/7 expert analysis and rapid response.
• Manage the full Authorization to Operate (ATO) lifecycle, including preparing documentation for initial and continuous security authorizations.
• Coordinate annual Third-Party Assessment Organization (3PAO) audits for successful outcomes.
• Manage the POA&M process, perform risk-based security impact analyses, and track vulnerability remediation.
• Execute security control analyses, recommending infrastructure enhancements based on threat landscape changes.
• Serve as the expert authority on cloud security architecture, providing guidance and implementing defense-in-depth strategies for federal workloads.
• Develop and maintain cloud security architecture documentation (diagrams, data flows, controls).
• Evaluate architectural changes for security impact and guide secure DevSecOps practices in federal clouds.
• Manage the Change Control Board (CCB) and Significant Change Request (SCR) process, providing authoritative security guidance.
• Perform quality assurance and support quarterly audits of SCRs.
• Generate detailed security impact analyses for FedRAMP and DISA change requests.
• Maintain the System Security Plan (SSP) and all security authorization packages.
• Support governance activities, including policy development and system sponsorship.
• Serve as the primary security point-of-contact for incident response, managing resolution from detection through root cause analysis.
• Strategically coordinate and lead incident response, business continuity, and disaster recovery exercises.
• Manage annual security audit evidence collection and coordination.
• Rigorously audit account management, enforce least privilege through monthly access reviews, and oversee DISA whitelisting requests.
• Process system deviation requests, including risk assessments and determination of compensating controls.

What We're Looking For

• Bachelor's degree (or equivalent experience) in a relevant technical field (Engineering, Computer Science, Cybersecurity, IT).
• Must hold a DoD 8140/8570 IAM Level II Baseline Certification (CGRC, CASP+, CISM, CISSP/Associate, or CCISO).
• U.S. Citizenship and residency required for work on sensitive government systems.
• Expert knowledge of NIST SP 800-53, RMF, FedRAMP, and FISMA.
• Significant hands-on experience implementing and assessing controls in cloud environments (e.g., AWS GovCloud).
• Proven success managing 3PAO audits and maintaining a sophisticated Continuous Monitoring (ConMon) program in federal settings.
• Advanced technical familiarity with modern cloud infrastructure and security tools (e.g., SIEM, Endpoint Security, CI/CD, vulnerability management).
• Exceptional analytical, communication, and documentation skills essential for a highly regulated environment.
• Experience performing comprehensive cyber architecture reviews, identifying weaknesses, and recommending improvements.

Nice to Have

• Advanced degree preferred.
• Extensive security experience in classified/air-gapped environments (e.g., C2S, Azure Government Secret).
• Current professional-level AWS Certification (e.g., Solutions Architect, Security Specialist).
• Active Secret or higher U.S. Government clearance eligibility.
• Proficiency in Python, JavaScript, C, or C++ for developing security automation.
• Proven liaison experience with government customers regarding their security requirements.
• Experience with FedRAMP or Agency authorization processes and package preparation.

Technical Stack

• AWS GovCloud
• SIEM
• Endpoint Security
• CI/CD
• Vulnerability Management

Benefits & Compensation

• Market leader in compensation and equity awards
• Comprehensive physical and mental wellness programs
• Competitive vacation and holidays
• Paid parental and adoption leaves
• Professional development opportunities
• Employee Networks, geographic neighborhood groups, and volunteer opportunities
• Vibrant office culture with world class amenities
• Compensation: $125,000 - $180,000 per year + equity grants

Work Mode

This is a remote position open to candidates located within the United States.

CrowdStrike is proud to be an equal opportunity employer committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed.