Senior Information Systems Security Officer (Isso)

Please Note: To conform with the United States Government Space Technology Export Regulations, the applicant must be a U.S. citizen, lawful permanent resident of the U.S., conditional resident, asylee or refugee (protected individuals as defined by 8 U.S.C. 1324b(a)(3)), or eligible to obtain the required authorizations from the U.S. Department of State.

At CesiumAstro, we are developers and pioneers of out-of-the-box communication systems for satellites, UAVs, launch vehicles, and other space and airborne platforms. We take pride in our dynamic and cross-functional work environment, which allows us to learn, develop, and engage across our organization. If you are looking for hands-on, interactive, and autonomous work, CesiumAstro is the place for you. We are actively seeking passionate, collaborative, energetic, and forward-thinking individuals to join our team.

We are seeking a Senior Information Systems Security Officer to assist with the development, implementation, and maintenance of our information security strategy.

In this position, you will be responsible for the execution, maintenance, and continuous monitoring of information system security controls for classified and unclassified systems within an aerospace and defense environment. This role supports compliance with DoD cybersecurity requirements including NIST SP 800-53, NIST SP 800-171, CMMC Level 2 (with exposure to Level 3), and applicable Intelligence Community and customer security directives.

The Senior ISSO works under the direction of the ISSM and serves as a senior individual contributor, providing hands-on system security support, risk management, authorization and accreditation activities, SCIF sustainment, and ongoing compliance monitoring across multiple programs.

JOB DUTIES AND RESPONSIBILITIES

• Implement, maintain, and assess security controls in accordance with NIST SP 800-53, NIST SP 800-171, RMF, and CMMC requirements.
• Support system authorization activities including ATO packages, security plans (SSPs), POA&Ms, risk assessments, and continuous monitoring artifacts.
• Perform ongoing security control assessments and vulnerability management to ensure systems remain compliant throughout their lifecycle.
• Support internal and external audits, assessments, and government/customer reviews.
• Provide cybersecurity support for classified systems and SCIF environments in coordination with security, facilities, and IT teams.
• Ensure compliance with applicable classified system handling, marking, access control, and incident response requirements.
• Assist with SCIF accreditation, sustainment, and change management activities.
• Identify, assess, and document cybersecurity risks and recommend mitigation strategies to the ISSM and program stakeholders.
• Support cybersecurity incident detection, response, reporting, and remediation activities in accordance with company policy and government requirements.
• Participate in configuration change reviews to assess security impact prior to implementation.
• Partner with IT, engineering, program management, and facilities teams to ensure security requirements are integrated into system design and operations.
• Provide guidance and subject matter expertise to system owners and users on cybersecurity policies, procedures, and best practices.
• Support onboarding of new systems, technologies, and programs from a cybersecurity compliance perspective.
• Maintain accurate and up-to-date system security documentation.
• Track compliance metrics and support continuous improvement of cybersecurity processes and controls.
• Contribute to the development and refinement of cybersecurity policies, procedures, and standard operating practices.
• Maintain strong working relationships across Engineering, Manufacturing, Supply Chain, Quality, and Operations.

JOB REQUIREMENTS AND MINIMUM QUALIFICATIONS

• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field, or equivalent practical experience.
• Minimum of 5 years of progressive in information system security, cybersecurity compliance, or ISSO-related roles within aerospace, defense, or government environments.
• Experience supporting CMMC Level 2 compliance is required.
• Experience supporting classified and unclassified information systems in a DoD or aerospace and defense environment.
• Understanding of system authorization, continuous monitoring, and risk management processes.
• Familiarity with SCIF operations and classified system security requirements.
• Ability to interpret government security directives and translate them into actionable system controls.
• Proficiency in vulnerability scanning and assessment tools, security monitoring and logging tools, and GRC and compliance tools (e.g., eMASS or equivalent).
• Strong working knowledge of NIST SP 800-53, NIST SP 800-171, RMF, and CMMC requirements.
• Experience with Microsoft Office Suite (Word, Excel, PowerPoint, Outlook).
• Strong analytical, documentation, and communication skills.
• Ability to operate independently while collaborating effectively with cross-functional teams.
• Must be eligible to obtain and maintain a TS/SCI clearance.

PREFERRED EXPERIENCE

• Exposure to CMMC Level 3.
• Active U.S. DOD security clearance.

$127,000 - $150,000 a year

CesiumAstro considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, and key skills. Full-time employment offers include company stock options and a generous benefits package including health, dental, vision, HSA, FSA, life, disability and retirement plans.

CesiumAstro is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.

Please note: CesiumAstro does not accept unsolicited resumes from contract agencies or search firms. Any unsolicited resumes submitted to our website or to CesiumAstro team members will be considered property of CesiumAstro, and we will not be obligated to pay any referral fees.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.