Information Systems Security Officer (ISSO)

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Armis is a privately held company headquartered in California.

Armis, the cyber exposure management and security company, protects the entire attack surface and manages an organization's cyber risk exposure in real time. As Armis rapidly scales its growth and commitment to government and regulated markets, we are seeking a highly experienced and technically proficient Information Systems Security Officer (ISSO) to lead the security authorization and continuous monitoring efforts for our cloud platforms. This leadership role is pivotal in ensuring Armis meets the stringent security standards required for the defense and intelligence community.

You will join the Armis Governance, Compliance and Risk team and work closely with all engineering and product teams, serving as the primary liaison to the Office of the Chief Information Security Officer (OCISO) and external authorizing bodies.

What you'll do

As the ISSO, you will serve as the delegated security lead with responsibility for the security integrity of Armis's most highly sensitive systems:

• Lead and support the security authorization process for cloud solutions seeking and maintaining FedRAMP and DoD Impact Level (IL) Authorized Unclassified ( IL-4, IL-5) and Classified (IL-6) cloud solutions.
• Serve as the primary ISSO for all designated systems under your purview, managing their security lifecycle from initial design through authorization and sustainment.
• Author and maintain all required security documentation, including System Security Plans (SSPs), ensuring controls are accurately documented and aligned with implementation.
• Manage all aspects of FedRAMP and DoD IL Continuous Monitoring (ConMon), including gathering, reviewing, and submitting monthly, quarterly, and annual security artifacts to the appropriate authorizing bodies.
• Support sustained customer communications and actively participate in Continuous Monitoring Review Meetings with government partners.
• Drive the process for all FedRAMP and DoD IL Significant Change Requests and minor change requests, ensuring security impact analyses and authorization updates are completed accurately and on schedule.
• Collaborate with engineering teams to ensure control implementations are technically sound, auditable, and maintain compliance across rapidly evolving cloud and containerized environments.
• Support the GRC team and provide guidance related to commercial compliance efforts.

What we expect

• Top Secret Security Clearance & US Citizenship
• 5+ years of direct experience supporting DoD and/or FedRAMP systems in an Information Security Officer, compliance, or security engineering capacity.
• Must currently reside in the greater Washington D.C. area or be willing to travel to the area on a regular basis to meet with government and authorization partners.
• Must be eligible for a Top Secret security clearance (current active clearance preferred) and must maintain DoD 8570 IAM Level III baseline certifications (e.g., CISSP, CISM, GSLC).  IAM Level 3 
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree.
• Detailed understanding of NIST 800-53 Revision 5 security controls, security requirement traceability matrices (SRTM), and continuous monitoring practices.
• Detailed understanding of the DISA and FedRAMP significant change request process and authorization lifecycles.
• Proven experience with AWS services management, security baseline enforcement, and compliance within cloud environments.
• Working experience with security incident response, event logging, alerting and the related tooling.
• Experience running Kubernetes in highly regulated environments.

Preferred Skills

• Experience managing security compliance efforts in DoD classified cloud environments.
• Demonstrated experience with AI implementations and automations specifically targeting federal compliance and evidence generation efforts.
• Administrator-level knowledge of AWS and Administrator-level knowledge of Linux operating systems.
• Experience taking a cloud information system through the entire FedRAMP and/or DoD IL authorization process and successfully obtaining an Authorization to Operate (ATO).
• Experience managing security packages and workflows within government GRC tools such as eMASS.
• Familiarity with FISMA and CMMC authorization processes.
• Ability to review Python and understand code as it relates to security controls and automation efforts, and demonstrated ability to write Python scripts to support compliance automation.
• Experience working with a global team where the majority of team members are remote.
• Experience working with task planning tools like JIRA and Asana.
• Experience managing content throughout its lifecycle in the Microsoft Office 365 ecosystem.
• Project management experience where the key stakeholders are at the executive level.

The choices you make in your career journey matter. You want to do interesting work in an important field while also having time to live your life, which is why we place so much value in your life-work balance. Armis sets you up for success with comprehensive health benefits, discretionary time off, paid holidays including monthly me days, and a highly inclusive and diverse workplace. Put your unique experiences and perspective to work in an environment where they will enable you to thrive, grow, and live your life with integrity.

Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.

Please click here to review our privacy practices.