Information Systems Security Officer (Remote)

CrowdStrike Holdings, Inc.$125K — $180K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a relevant technical field; advanced degree preferred.
  • DoD 8140/8570 IAM Level II Certification required (e.g., CISSP, CISM).
  • U.S. citizenship and residency required for government work.
  • Proficient in NIST SP 800-53, RMF, FedRAMP, and FISMA implementation.
  • Experience managing 3PAO audits in a federal context.
  • Familiarity with cloud security infrastructure and security tools (SIEM, CI/CD).
  • Strong analytical and communication skills essential in regulated environments.

Responsibilities

  • Establish and maintain the Continuous Monitoring (ConMon) strategy for federal environments.
  • Manage the Authorization to Operate (ATO) lifecycle and act as the compliance liaison.
  • Coordinate Third-Party Assessment Organization (3PAO) audits for compliance.
  • Serve as a cloud security architecture expert, guiding implementation for federal workloads.
  • Manage the Change Control Board (CCB) and oversee Significant Change Request (SCR) processes.
  • Maintain comprehensive security documentation and governance practices.
  • Lead incident response and business continuity efforts for cloud security incidents.

Benefits

  • Market-leading compensation and equity awards.
  • Comprehensive physical and mental wellness programs.
  • Generous vacation and holiday policy.
  • Paid parental and adoption leave.
  • Opportunities for professional development for all employees.
  • Access to Employee Networks and volunteer opportunities.
  • Vibrant office culture with top-notch amenities.
Full Job Description
About the Role:

CrowdStrike seeks an exceptionally qualified Information Systems Security Officer (ISSO) to establish, maintain, and enhance the security and compliance of our Federal cloud environments. This critical role ensures business continuity with government clients by implementing stringent federal security requirements. The ideal candidate will focus on managing security controls to achieve and sustain Authorization to Operate (ATO) status across multiple federal systems. This position requires a security professional expert in navigating the entire compliance lifecycle, from continuous monitoring to external audits, while maintaining the highest security standards in a highly regulated environment.

What You'll Do:

AI-Powered GRC Automation & Engineering
  • Utilize deep proficiency in Python, JavaScript, C, or C++ to architect and implement advanced AI automation pipelines, optimizing critical GRC functions such as control assessments, POA&M management, and compliance reporting across federal authorization frameworks.
  • Leverage professional-level cloud architecture expertise and experience in FedRAMP and IL-5 environments to engineer secure, GRC automation tools within GovCloud and high-security boundaries.
  • Translate complex agency security requirements into automated solutions, employing LLM assistance for the rigorous drafting and versioning of SSPs and security narratives to meet evolving FedRAMP 20x mandates.
  • Operationalize AI compliance frameworks and correlate vulnerability intelligence with NIST SP 800-53 controls, providing real-time audit readiness metrics and accelerating the ATO lifecycle.
  • Design and deploy autonomous AI agents capable of executing multi-step GRC workflows - including control validation, evidence gathering, risk analysis, and remediation tracking - reducing manual compliance overhead and enabling continuous, intelligent oversight of federal security environments.


Continuous Monitoring (ConMon) & Remediation
  • Establish, automate, and maintain the Continuous Monitoring (ConMon) strategy from the System Security Plan (SSP), including scanning, assessment, reporting, and automated remediation of compliance checks and Plan of Action and Milestones (POA&M) activities.
  • Participate in the vulnerability intelligence on-call rotation for 24/7 expert analysis and rapid response.


Security Authorization & Risk Management
  • Manage the full Authorization to Operate (ATO) lifecycle, including preparing documentation for initial and continuous security authorizations and acting as the primary point of contact for external compliance.
  • Coordinate annual Third-Party Assessment Organization (3PAO) audits for successful outcomes.
  • Manage the POA&M process, perform risk-based security impact analyses, and track vulnerability remediation to verified closure.
  • Execute security control analyses, recommending infrastructure enhancements based on threat landscape changes.


Cloud Security Architecture
  • Serve as the expert authority on cloud security architecture, providing guidance and implementing defense-in-depth strategies for federal workloads across various cloud configurations (FedRAMP, DISA, agency requirements).
  • Develop and maintain cloud security architecture documentation (diagrams, data flows, controls).
  • Evaluate architectural changes for security impact and guide secure DevSecOps practices in federal clouds.


Change Control & SCR Management
  • Manage the Change Control Board (CCB) and Significant Change Request (SCR) process, providing authoritative security guidance, coordinating stakeholder reviews, and implementing automated workflows.
  • Perform quality assurance and support quarterly audits of SCRs.
  • Generate detailed security impact analyses for FedRAMP and DISA change requests.


Documentation & Governance
  • Maintain the System Security Plan (SSP) and all security authorization packages, ensuring all security artifacts are accurate and align with FedRAMP and EMASS templates.
  • Support governance activities, including policy development and system sponsorship.
  • Coordinate compliance matters with authorizing officials, acting as the primary security advocate.


Incident Response & Business Continuity
  • Serve as the primary security point-of-contact for incident response, managing resolution from initial detection through root cause analysis and implementing preventative measures.
  • Strategically coordinate and lead incident response, business continuity, and disaster recovery exercises.


Audit & Access Management
  • Manage annual security audit evidence collection and coordination.
  • Rigorously audit account management, enforce least privilege through monthly access reviews, and oversee DISA whitelisting requests.
  • Process system deviation requests, including risk assessments and determination of compensating controls.


What You'll Need:
  • Education: Bachelor's degree (or equivalent experience) in a relevant technical field (Engineering, Computer Science, Cybersecurity, IT); advanced degree preferred.
  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.
  • Certification: Must hold a DoD 8140/8570 IAM Level II Baseline Certification (CGRC, CASP+, CISM, CISSP/Associate, or CCISO).
  • Eligibility: U.S. Citizenship and residency required for work on sensitive government systems.
  • Expertise: Expert knowledge of NIST SP 800-53, RMF, FedRAMP, and FISMA, with significant hands-on experience implementing and assessing controls in cloud environments (e.g., AWS GovCloud).
  • Experience: Proven success managing 3PAO audits and maintaining a sophisticated Continuous Monitoring (ConMon) program in federal settings.
  • Technical Familiarity: Advanced technical familiarity with modern cloud infrastructure and security tools (e.g., SIEM, Endpoint Security, CI/CD, vulnerability management).
  • Skills: Exceptional analytical, communication, and documentation skills essential for a highly regulated environment.
  • Architecture: Experience performing comprehensive cyber architecture reviews, identifying weaknesses, and recommending improvements.


Bonus Points:
  • Current professional-level AWS Certification (e.g., Solutions Architect, Security Specialist).
    • Proficiency in Python, JavaScript, C, or C++ for developing security automation.
    • Proven liaison experience with government customers regarding their security requirements.
    • Experience with FedRAMP or Agency authorization processes and package preparation.
    • Experience with CMMC, IRAP, TxRAMP, GovRAMP processes and package preparation


#LI-AI1

#LI-Remote
This role will require the candidate to periodically undergo and pass additional background and fingerprint check(s) consistent with government customer requirements.

Benefits of Working at CrowdStrike:
  • Market leader in compensation and equity awards
  • Comprehensive physical and mental wellness programs
  • Competitive vacation and holidays for recharge
  • Paid parental and adoption leaves
  • Professional development opportunities for all employees regardless of level or role
  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
  • Vibrant office culture with world class amenities
  • Great Place to Work Certified™ across the globe


CrowdStrike is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $125,000 - $180,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.

For detailed information about the U.S. benefits package, please click here.

Expected Close Date of Job Posting is:07-28-2026

About CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc. Careers

Joining CrowdStrike Holdings, Inc. presents an unparalleled opportunity to advance a career in the tech industry with a company at the forefront of digital security. As a leader in cybersecurity solutions, CrowdStrike Holdings, Inc. offers a range of job opportunities that cater to a variety of skills and experiences, from entry-level positions to senior leadership roles.

Explore Job Opportunities

CrowdStrike Holdings, Inc. is continuously seeking talented individuals who are passionate about protecting organizations against cyber threats. With a commitment to innovation and excellence, the company is hiring professionals who are eager to contribute to a team that values hard work and creative solutions.

Innovation and Professional Growth

At CrowdStrike Holdings, Inc., employees are encouraged to push the boundaries of technology and leadership. The company supports professional growth through robust training programs, including leadership development and diversity training, ensuring that every team member has the resources to thrive in their career.

Culture and Benefits

The culture at CrowdStrike Holdings, Inc. is dynamic and inclusive, fostering a workplace where diversity is celebrated and every voice is heard. Employees enjoy comprehensive benefits that support both their professional and personal lives, enhancing job satisfaction and team morale.

Internship Programs

For those starting their career, CrowdStrike Holdings, Inc. offers internship programs that provide a rich learning environment. Interns gain hands-on experience, working alongside seasoned professionals and participating in projects that deliver real-world solutions.

Networking and Career Advancement

CrowdStrike Holdings, Inc. emphasizes the importance of networking within the industry, offering numerous opportunities for employees to connect with thought leaders and innovators. These connections can lead to career advancement and a deeper understanding of the cybersecurity landscape.

Applying for a Position

To apply for a position at CrowdStrike Holdings, Inc., candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess not only professional qualifications but also a candidate's fit within the company culture and team.

Stay Connected with CrowdStrike Careers

Interested candidates can stay informed about new openings and company news by subscribing to job alert emails. This personalized service ensures that potential applicants are the first to know about new opportunities that match their career interests and skills.

Join the Team

CrowdStrike Holdings, Inc. is looking for curious, creative, and solution-driven team players. Explore the employment opportunities on the CrowdStrike Holdings, Inc. careers page to find a position that matches your skills and passions.

SEARCH CROWDSTRIKE JOBS

Keep Up to Date

Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the professionals who work at CrowdStrike Holdings, Inc.

READ CAREERS BLOG

Job Alert Emails

Customize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding career opportunities waiting at CrowdStrike Holdings, Inc.
Learn more about CrowdStrike Holdings, Inc.

Similar Jobs

More Jobs at CrowdStrike Holdings, Inc.

More Information Technology Jobs

Find similar Information Systems Security Officer (Remote) jobs: