Information Security System Officer

Quindar Quindar builds modern, cloud-native satellite mission operations software with a simple mission: to operate satellites like servers. Our platform replaces fragmented, legacy ground systems with an integrated, automation-driven approach that brings modern software velocity to space operations. We're a small, fast-moving team with deep aerospace and software roots, energized by big challenges and motivated by the impact we have on real missions in this next chapter of the Space Age. If you want to work with sharp, ambitious people who push boundaries, move quickly, and are excited to take space operations to the next level, Quindar is the place to do it. What you will be doing ‍ The Information Systems Security Officer (ISSO) is responsible for establishing, implementing, and maintaining information security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of information systems. The ISSO will work through the Risk Management Framework (RMF) Steps 1-6 to initially obtain and thereafter maintain necessary Interim Authority to Test (IATT)/Authority to Operate (ATO) decisions for Cloud-Based classified systems from the Cognizant Authorization Officials (AO), including Space AO and Defense Counterintelligence Security Agency (DCSA). The ISSO must adhere to CNSSI 1253, NIST SP 800-53, NIST SP 800-60, and other Federal Regulations to build out policies and procedures that enforce an effective, secure, and compliant Information Security Program, working closely with the ISSM and FSO in these efforts. Key Responsibilities: Security Policy Development and Implementation: Develop and enforce information security policies, standards, and procedures in accordance with CNSSI 1253, NIST SP 800-53, and other applicable Space or Federal regulations. Ensure that security policies are up-to-date and reflect current threats and vulnerabilities. Risk Management and Assessment: Conduct regular risk assessments and vulnerability assessments to identify potential security threats. Implement risk mitigation strategies and manage the risk management framework. Compliance and Audit Management: Ensure and maintain IATT and ATO requirements through the RMF Steps. Prepare for and execute formal assessments with Government Security Control Assessors in support of achieving and maintaining ATOs. Exercise Continuous Monitoring of employed security controls to ensure comprehensive and effective implementation over time. Incident Response and Management: Develop and maintain an Incident Response Plan, partnering with Government Customers/Prime/Subcontractors for reporting procedures. Lead incident response activities, including investigation, containment, and remediation of security incidents. Investigate and adjudicate SIEM events. Security Training and Awareness: Develop and conduct security training and awareness programs for Users on classified Information Systems. Ensure all personnel are aware of their security responsibilities and understand the importance of maintaining security standards. System Security Plans (SSPs): Create and maintain System Security Plans within eMASS (SECRET and/or UNCLASS), collecting all required artifacts (Compliance and Vulnerability reports, documented Policies/Procedures, etc.) Ensure that SSPs are regularly reviewed, updated, and compliant with regulatory requirements. Collaboration and Communication: Work closely with IT System Admins, compliance, and other departments to ensure cohesive and comprehensive security strategies. Serve as a point of contact for security-related issues and provide guidance and support to other teams. Continuous Improvement: Stay up-to-date with the latest security trends, technologies, and regulatory requirements. Continuously improve security measures and processes to protect information systems effectively. Qualifications: US Citizenship Clearance: Must have Active SECRET Clearance, TS/SCI preferred. Education: Bachelor’s degree in Information Security, Computer Science, or a related field. Experience: 5+ years of experience in information security with Space AO and DCSA. Proven experience in leading the management and implementation of an Information Security Program. Technical Skills: Strong understanding of security frameworks and standards for RMF, CNSSI, and NIST. Proficiency in security tools and technologies, such as SIEM, IDS/IPS, STIG Hardening, and vulnerability management solutions. Exposure to technologies and concepts including Kubernetes Containerization, AWS Secret Environment and Tooling, CI/CD pipelines, and Secure Network Architecture. Certifications: Must have IAT Level II Certification (CompTIA Sec+ or Comparable) or preferred IAT Level III (CISSP, CISM, or Comparable). Soft Skills: Excellent communication and interpersonal skills. Strong analytical and problem-solving abilities. Ability to manage multiple projects and priorities in a fast-paced environment.

ITAR REQUIREMENTS

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here. Why you'll love working at Quindar We work in a cutting edge industry and you will get the opportunity to be part of a small team with a large direct impact on the success of our customers’ space missions! We take work life balance very seriously. We require employees to take 15 days off but provide unlimited PTO and follow most US federal government holidays. Mental health is just as important as physical so we provide quarterly health & wellness benefits. Comprehensive health insurance for you and your family with 100% coverage for employees. We encourage employees to save for retirement and provide 4% 401(k) matching. Each year we have a 4-day company offsite. Previous locations include San Francisco, Nashville, Denver, Santa Fe, New Orleans, San Diego, Bozeman, and New York City. Our culture and company is evolving. You will be key in creating the next major or minor version!