Information Systems Security Officer

• CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators
• border protection teams to act faster, adapt rapidly
• stay ahead of evolving threats.
• CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel
• Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle
• London. For more information, please visit www.chaosinc.com .
• Role Overview:
• CHAOS Industries is seeking a detail-oriented and mission-focused Information Systems Security Officer (ISSO) to support the day-to-day security operations of classified information systems within one or more assigned programs. Under the direction of the ISSM, the ISSO serves as the on-the-ground security authority responsible for maintaining system compliance, executing continuous monitoring activities, supporting authorization efforts
• ensuring that all users and administrators adhere to applicable security policies and procedures. This role is ideal for a security professional looking to grow within the defense and intelligence community while working on cutting-edge classified programs

Responsibilities

• System Security Operations & Compliance
• Support the development and maintenance of system security documentation including System Security Plans (SSPs), Security CONOPs, hardware/software baselines, and standard operating procedures (SOPs).
• Ensure all assigned information systems operate in accordance with established ATOs and applicable government security requirements (NIST RMF, ICD 503, JSIG, DAAPM).
• Monitor system configurations and enforce compliance with approved baselines; document and report any deviations to the ISSM.
• Assist in the preparation and submission of security authorization packages and support AO review activities.
• Continuous Monitoring & Vulnerability Management
• Execute routine audit log reviews, account management checks, and security event monitoring across assigned systems.
• Conduct and analyze vulnerability scans using ACAS/Nessus and SCAP tools; triage findings and track remediation to closure.
• Apply and validate DISA STIG/SRG configurations on Windows, Linux (RHEL/CentOS), and network devices; document compliance status.
• Maintain and update Plan of Action & Milestones (POA&Ms); coordinate with system owners and administrators to remediate open findings.
• Support SIEM integration efforts and contribute to development of alerting thresholds and use cases.
• Incident Response & Reporting
• Identify, document, and report security incidents and anomalies in accordance with program and government reporting timelines.
• Conduct initial triage of potential security violations; preserve evidence and coordinate with the ISSM and FSO for escalation as required.
• Participate in lessons-learned reviews following incidents and contribute to improvement of security procedures.
• User Support & Security Awareness
• Brief incoming personnel on program security requirements, acceptable use policies, and information handling procedures.
• Conduct periodic security reminders, refresher training, and spot checks to reinforce security awareness among program staff.
• Serve as the first point of contact for user security questions, access requests, and account provisioning/de-provisioning activities.
• Configuration & Change Management
• Review hardware, software, and firmware change requests for security impact; document assessments and provide recommendations to the ISSM.
• Maintain accurate and current hardware/software inventories and media control logs for all assigned systems.
• Coordinate with system administrators to ensure patching schedules align with security requirements and authorization conditions.
• Minimum Requirements:
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent combination of education and experience considered.
• 3+ years of experience in information security or IT, with at least 1–2 years in an ISSO, security analyst, or equivalent role supporting classified U.S. Government systems.
• Hands-on experience with RMF-based system authorization activities (ICD 503, JSIG, or DAAPM) at the Secret or TS/SCI level.
• Working knowledge of ACAS/Nessus, SCAP Compliance Checker, and DISA STIGs.
• Familiarity with Windows Server and/or RHEL/CentOS administration in classified environments.
• Experience conducting audit log reviews, account management, and POA&M tracking.
• IAT Level II or IAM Level II certification required: Security+, CySA+, CAP, CASP+, or equivalent (IAW DoD 8570.01-M / DoD 8140).
• Active Secret clearance required at time of hire; TS/SCI eligibility preferred or required depending on program assignment.
• Preferred Requirements:
• Experience supporting Special Access Programs (SAPs) or SCI compartmented programs.
• Familiarity with Xacta, eMASS, or equivalent GRC/authorization management platforms.
• Knowledge of cross-domain solution (CDS) environments or Type 1 encryption device administration.
• Experience with SIEM platforms (Splunk, ArcSight, or similar) in a classified environment.
• Exposure to CMMC Level 2/3 requirements or CUI handling in defense contractor settings.
• Additional certifications: CISSP (Associate), CEH, GCIH, or equivalent.
• Why CHAOS?
• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits : 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices
• The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity
• benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.
• Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.
• #LI-onsite