Information Systems Security Officer

Role Overview:

CHAOS Industries is seeking a detail-oriented and mission-focused Information Systems Security Officer (ISSO) to support the day-to-day security operations of classified information systems within one or more assigned programs. Under the direction of the ISSM, the ISSO serves as the on-the-ground security authority responsible for maintaining system compliance, executing continuous monitoring activities, supporting authorization efforts, and ensuring that all users and administrators adhere to applicable security policies and procedures. This role is ideal for a security professional looking to grow within the defense and intelligence community while working on cutting-edge classified programs. 

Responsibilities:  

• System Security Operations & Compliance
  • Support the development and maintenance of system security documentation including System Security Plans (SSPs), Security CONOPs, hardware/software baselines, and standard operating procedures (SOPs). 
  • Ensure all assigned information systems operate in accordance with established ATOs and applicable government security requirements (NIST RMF, ICD 503, JSIG, DAAPM). 
  • Monitor system configurations and enforce compliance with approved baselines; document and report any deviations to the ISSM. 
  • Assist in the preparation and submission of security authorization packages and support AO review activities. 
• Continuous Monitoring & Vulnerability Management
  • Execute routine audit log reviews, account management checks, and security event monitoring across assigned systems. 
  • Conduct and analyze vulnerability scans using ACAS/Nessus and SCAP tools; triage findings and track remediation to closure. 
  • Apply and validate DISA STIG/SRG configurations on Windows, Linux (RHEL/CentOS), and network devices; document compliance status. 
  • Maintain and update Plan of Action & Milestones (POA&Ms); coordinate with system owners and administrators to remediate open findings. 
  • Support SIEM integration efforts and contribute to development of alerting thresholds and use cases. 
• Incident Response & Reporting
  • Identify, document, and report security incidents and anomalies in accordance with program and government reporting timelines. 
  • Conduct initial triage of potential security violations; preserve evidence and coordinate with the ISSM and FSO for escalation as required. 
  • Participate in lessons-learned reviews following incidents and contribute to improvement of security procedures. 
• User Support & Security Awareness
  • Brief incoming personnel on program security requirements, acceptable use policies, and information handling procedures. 
  • Conduct periodic security reminders, refresher training, and spot checks to reinforce security awareness among program staff. 
  • Serve as the first point of contact for user security questions, access requests, and account provisioning/de-provisioning activities. 
• Configuration & Change Management
  • Review hardware, software, and firmware change requests for security impact; document assessments and provide recommendations to the ISSM. 
  • Maintain accurate and current hardware/software inventories and media control logs for all assigned systems. 
  • Coordinate with system administrators to ensure patching schedules align with security requirements and authorization conditions. 

 Minimum Requirements: 

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent combination of education and experience considered. 
• 3+ years of experience in information security or IT, with at least 1–2 years in an ISSO, security analyst, or equivalent role supporting classified U.S. Government systems. 
• Hands-on experience with RMF-based system authorization activities (ICD 503, JSIG, or DAAPM) at the Secret or TS/SCI level. 
• Working knowledge of ACAS/Nessus, SCAP Compliance Checker, and DISA STIGs. 
• Familiarity with Windows Server and/or RHEL/CentOS administration in classified environments. 
• Experience conducting audit log reviews, account management, and POA&M tracking. 
• IAT Level II or IAM Level II certification required: Security+, CySA+, CAP, CASP+, or equivalent (IAW DoD 8570.01-M / DoD 8140). 
• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment. 

Preferred Requirements: 

• Experience supporting Special Access Programs (SAPs) or SCI compartmented programs. 
• Familiarity with Xacta, eMASS, or equivalent GRC/authorization management platforms. 
• Knowledge of cross-domain solution (CDS) environments or Type 1 encryption device administration. 
• Experience with SIEM platforms (Splunk, ArcSight, or similar) in a classified environment. 
• Exposure to CMMC Level 2/3 requirements or CUI handling in defense contractor settings. 
• Additional certifications: CISSP (Associate), CEH, GCIH, or equivalent. 

Why CHAOS?

• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices

The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. 

Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.

#LI-onsite