Information Systems Security Officer

Swoop
Washington DC - Baltimore Area, US
On-site

Who this role is best for

Best suited to mid-level ISSO professionals with DoD or IC experience who thrive in a hands-on, compliance-driven environment requiring in-office presence.

Best fit for

  • Candidates with active clearance and deep RMF lifecycle expertise will align well with this role.
    — “Active Secret or TS/SCI clearance
  • Those who prefer security work with direct mission impact over purely administrative compliance.
    — “feel consequential rather than administrative
  • Professionals experienced in interfacing with government assessment teams and AOs.
    — “interface directly with government AOs and SCA teams

Things to consider

  • Hybrid work arrangement mandates 3+ days per week in-office in specified locations.
    — “work in-office 3+ days per week
  • Requires maintaining current DoD 8570/8140 IAM Level II or III certification.
    — “DoD 8570/8140 IAM Level II or III certification

How to stand out

  • Demonstrate technical writing ability by preparing sample control implementation statements.
    — “write SSP control implementation statements that satisfy assessors
  • Highlight any experience with service-specific overlays like AFI 17-101 or JSIG.
    — “service-specific overlays and supplemental directives
  • Showcase hands-on technical background beyond compliance work if applicable.
    — “Background as a sysadmin, network engineer, or security engineer
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • maintain RMF Body of Evidence artifacts
  • coordinate with government stakeholders
  • execute continuous monitoring activities
Typical background
information systems securityDoD or IC environment

Skills & requirements

Required

RMF Lifecycle ManagementEmass ProficiencyNIST SP 800-53 Rev 5Continuous Monitoring

Preferred

JSIGDCSA

Stack & domain

RmfEmassNist Sp 800-53 Rev 5Dodi 8510.01Acas/nessusStig Viewer/scapSecurity Log AuditingSecurity Impact AnalysesPoa&mJsigDcsaDod ScaAdversary TtpsSecurityComplianceAuthorizationHardeningAuditContinuous MonitoringVulnerability Scan AnalysisStig ReviewConfiguration ControlSecurity GuidanceDefense TechCybersecurityMilitaryInfrastructure

About the role

Original posting from Swoop via Ashby

About Swoop:

Swoop Technologies has a mission to organize and make accessible the world’s military and critical infrastructure. We are building a distributed operating system, SwoopOS, that decomposes the world’s equipment into a distributed robotic embodiment upon which a new generation of distributed systems, autonomous systems, and agentic AI can be built and deployed using our SDK, Valhalla, and operated via our browser, Surf. Imagine the world’s equipment - consisting of the electrical grid, communications architectures, manufacturing facilities, and militaries as a trapped supply of inputs possessing the potential to ensure Western military advantage, sovereign control of economically competitive manufacturing capacity, or the creation of a grid that fosters energy dominance. Swoop is liberating these trapped assets, allowing them to contribute to the world’s future as a series of building blocks to be combined at the speed of software, limited by only the hard constraints of physics and the soft constraints of safety. That is what Swoop is building. Not in the data center or cloud or edge on-premise computing node. In the physical world. This is a hybrid position that requires someone based in Minneapolis/St. Paul OR Washington DC who can work in-office 3+ days per week

Your Impact:

As our ISSO, you won't be maintaining compliance for its own sake — you'll be the person who keeps classified and CUI-adjacent systems authorized, hardened, and audit-ready so our engineers can do the work that matters. You'll own the RMF lifecycle end-to-end, interface directly with government AOs and SCA teams, and help build a security program that scales with a fast-moving defense tech company. If you want your ISSO work to feel consequential rather than administrative, this is the role.

What You’ll Do:

  • Own end-to-end eMASS package lifecycle for one or more information systems — from initial system categorization through ATO maintenance and continuous monitoring
  • Develop, maintain, and update all RMF Body of Evidence artifacts: SSPs, SARs, RAR, POA&Ms, ConMon plans, and control implementation statements aligned to NIST SP 800-53 Rev 5
  • Coordinate with System Owners, ISSMs, SAs, and government stakeholders (AOs, SCAs, CORs) to ensure authorization packages remain current and accurate
  • Execute continuous monitoring activities including vulnerability scan analysis (ACAS/Nessus), STIG review and validation via STIG Viewer/SCAP, and security log auditing
  • Conduct and document security impact analyses (SIAs) for proposed system changes; represent security equities at Configuration Control Board (CCB) proceedings
  • Track POA&M findings through remediation closure, providing fix actions and compensating controls where applicable
  • Support JSIG, DCSA, and/or DoD SCA assessment activities including artifact readiness reviews, evidence collection, and assessor coordination
  • Provide cybersecurity guidance to system administrators, developers, and program staff to promote compliant, secure operations throughout the system lifecycle

You Should Have:

  • Active Secret or TS/SCI clearance
  • 4+ years of hands-on ISSO or IA experience in a DoD or IC environment
  • Demonstrated eMASS proficiency — end-to-end package management including artifact upload, milestone tracking, control inheritance documentation, and ATO submission
  • Deep working knowledge of NIST SP 800-53 Rev 5, DoDI 8510.01, and the seven-step RMF process
  • Experience preparing and defending authorization packages through government assessment and authorization cycles
  • Hands-on familiarity with ACAS (Tenable/Nessus), STIG Viewer, and SCAP Compliance Checker
  • DoD 8570/8140 IAM Level II or III certification (CISSP, CISM, CASP+, or equivalent)
  • Strong technical writing skills — you write SSP control implementation statements that satisfy assessors, not just fill boxes

Bonus if you have:

  • Experience with Air Force, Army, or SOCOM RMF programs including service-specific overlays and supplemental directives (AFI 17-101, AR 25-2, JSIG)
  • Familiarity with cATO or Fast Track ATO processes
  • Cloud security experience (AWS GovCloud, Azure Government) and FedRAMP control mapping
  • Experience with CMMC Level 2/3 compliance in a DIB environment
  • Working knowledge of Xacta, ServiceNow GRC, or other RMF automation platforms as eMASS adjacents
  • Background as a sysadmin, network engineer, or security engineer — people who've touched the technical layer write better controls
  • Offensive security background or familiarity with adversary TTPs (enhances risk-based thinking in control selection and POA&M prioritization)

Swoop Technologies is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity or any other factor protected by applicable federal, state, or local laws.

Source: Swoop careers (Ashby)

Similar roles