Skip to main content
Back to jobs

Information Systems Security Officer

External
Swoop Technologies logoSwoop Technologies · Minneapolis-st. Paul
Full-timeRemote4w ago
AuditingAWSAzureCloud SecurityComplianceDocumentation
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Own end-to-end eMASS package lifecycle for one or more information systems - from initial system categorization through ATO maintenance and continuous monitoring
  • Develop, maintain, and update all RMF Body of Evidence artifacts: SSPs, SARs, RAR, POA&Ms, ConMon plans, and control implementation statements aligned to NIST SP 800-53 Rev 5
  • Coordinate with System Owners, ISSMs, SAs, and government stakeholders (AOs, SCAs, CORs) to ensure authorization packages remain current and accurate
  • Execute continuous monitoring activities including vulnerability scan analysis (ACAS/Nessus), STIG review and validation via STIG Viewer/SCAP, and security log auditing
  • Conduct and document security impact analyses (SIAs) for proposed system changes; represent security equities at Configuration Control Board (CCB) proceedings
  • Track POA&M findings through remediation closure, providing fix actions and compensating controls where applicable
  • Support JSIG, DCSA, and/or DoD SCA assessment activities including artifact readiness reviews, evidence collection, and assessor coordination
  • Provide cybersecurity guidance to system administrators, developers, and program staff to promote compliant, secure operations throughout the system lifecycle

Requirements

  • Active Secret or TS/SCI clearance
  • 4+ years of hands-on ISSO or IA experience in a DoD or IC environment
  • Demonstrated eMASS proficiency - end-to-end package management including artifact upload, milestone tracking, control inheritance documentation, and ATO submission
  • Deep working knowledge of NIST SP 800-53 Rev 5, DoDI 8510.01, and the seven-step RMF process
  • Experience preparing and defending authorization packages through government assessment and authorization cycles
  • Hands-on familiarity with ACAS (Tenable/Nessus), STIG Viewer, and SCAP Compliance Checker
  • DoD 8570/8140 IAM Level II or III certification (CISSP, CISM, CASP+, or equivalent)
  • Strong technical writing skills - you write SSP control implementation statements that satisfy assessors, not just fill boxes
  • Bonus if you have:
  • Experience with Air Force, Army, or SOCOM RMF programs including service-specific overlays and supplemental directives (AFI 17-101, AR 25-2, JSIG)
  • Familiarity with cATO or Fast Track ATO processes
  • Cloud security experience (AWS GovCloud, Azure Government) and FedRAMP control mapping
  • Experience with CMMC Level 2/3 compliance in a DIB environment
  • Working knowledge of Xacta, ServiceNow GRC, or other RMF automation platforms as eMASS adjacents
  • Background as a sysadmin, network engineer, or security engineer - people who've touched the technical layer write better controls
  • Offensive security background or familiarity with adversary TTPs (enhances risk-based thinking in control selection and POA&M prioritization)

Benefits

Performance bonus

Additional Information

About Swoop: Swoop Technologies has a mission to organize and make accessible the world's military and critical infrastructure. We are building a distributed operating system, SwoopOS, that decomposes the world's equipment into a distributed robotic embodiment upon which a new generation of distributed systems, autonomous systems, and agentic AI can be built and deployed using our SDK, Valhalla, and operated via our browser, Surf. Imagine the world's equipment - consisting of the electrical grid, communications architectures, manufacturing facilities, and militaries as a trapped supply of inputs possessing the potential to ensure Western military advantage, sovereign control of economically competitive manufacturing capacity, or the creation of a grid that fosters energy dominance. Swoop is liberating these trapped assets, allowing them to contribute to the world's future as a series of building blocks to be combined at the speed of software, limited by only the hard constraints of physics and the soft constraints of safety. That is what Swoop is building. Not in the data center or cloud or edge on-premise computing node. In the physical world. This is a hybrid position that requires someone based in Minneapolis/St. Paul OR Washington DC who can work in-office 3+ days per week

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Swoop Technologies? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect