Information System Security Officer

Summary

Join Raft, a customer-obsessed company specializing in distributed data systems and complex application development, as an Information System Security Officer (ISSO). As an ISSO, you will manage security aspects of cutting-edge platforms, maintain Authority to Operate (ATO), collaborate with the development team, and conduct audits and monitoring. This role requires extensive experience in cybersecurity, federal compliance, and managing security artifacts. The position is remote with potential for up to 10% travel. A minimum of 3 years' experience in ISSM/O roles and a CompTIA Security+ or equivalent certification are required. Raft offers a competitive salary, comprehensive benefits, and a supportive work environment.

Requirements

• Minimum of 3 years' experience in ISSM/O roles
• Broad knowledge of the NIST CSF, NIST RMF, and related NIST Special Publications such as NIST SP 800-53 & 800-171
• Expert knowledge of RMF tools such as ServiceNow, XACTA, eMASS, Archer, or SAP
• Proficient in conducting risk assessments, audits, and compliance monitoring within DoD environments
• Demonstrated proficiency in managing and creating Body of Evidence (BOE) artifacts
• Understanding of and experience with SIEM tools such as Splunk, Grafana, or ELK
• Proficient in conducting continuous monitoring activities
• Demonstrated experience managing compliance activities for both on-prem & cloud-based (AWS) systems & networks
• Experience with AWS security tooling such as CloudTrail, CloudWatch, Guard Duty, Inspector, etc
• Experience conducting internal self-assessments and audits with external assessors such as USAF or DCSA
• Experience with common cybersecurity tools and technologies such as vulnerability & compliance scanners, anti-malware, code analyzers, IDS/IPS, DLP, SBOM, etc
• Obtain CompTIA Security+ or other DoD 8570 IAT Level II or higher certification within the first 90 days of employment with Raft
• Ability to obtain and maintain a Top Secret/SCI security clearance

Responsibilities

• Manage the security aspects of cutting-edge platforms and systems
• Generate and maintain artifacts to achieve and sustain Authority to Operate (ATO)
• Collaborate with the development team to integrate security controls early in the development lifecycle
• Audit and monitor platforms and tooling across the customer environment, including those supporting classified programs
• Conduct risk assessments, audits, and compliance monitoring within DoD environments
• Manage and create Body of Evidence (BOE) artifacts, including POA&Ms, SSPs, RARs, Vulnerability Assessments, Security Assessment Plans, etc
• Conduct continuous monitoring activities such as auditing, configuration reviews, policy & procedure reviews, etc
• Manage compliance activities for both on-prem & cloud-based (AWS) systems & networks
• Conduct internal self-assessments and audits with external assessors such as USAF or DCSA
• Build and maintain Standard Operating Procedures

Preferred Qualifications

• Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, or a related field
• CISSP, CISM, CISA, CGRC, or other DoD 8570 IAM Level 2 or higher certifications
• Experience in a software factory or DevSecOps environment such as Platform One
• Experience in developing and delivering cybersecurity training and awareness programs

Benefits

• Highly competitive salary
• Fully covered healthcare, dental, and vision coverage
• 401(k) and company match
• Take as you need PTO + 11 paid holidays
• Education & training benefits
• Annual budget for your tech/gadgets needs
• Monthly box of yummy snacks to eat while doing meaningful work
• Remote, hybrid, and flexible work options
• Team off-site in fun places!
• Generous Referral Bonuses