Information Systems Security Officer (ISSO)

Who We Are

At Firestorm, we’re on a mission to revolutionize how defense solutions are designed and delivered. Our goal is to empower U.S. ally nations to effectively deter aggressors—regardless of their defense budget—through innovative, cost-efficient technologies. We call this vision “democratized deterrence.” As a VC-backed company at the intersection of defense and Silicon Valley, we’re pioneering the development of mission-adaptable aerial vehicles that put power back into the hands of operators. By prioritizing operator effectiveness, we’re pioneering a new era of aerial vehicle design. We aim to upend the traditional defense procurement model by delivering world-class capabilities at a fraction of the usual cost. Join us at Firestorm as we redefine defense procurement, making cutting-edge technology accessible to all at a fraction of the cost.

About the Role

 We are looking for a highly skilled and motivated Information Systems Security Officer (ISSO) to join our team onsite at our San Diego office. Reporting to the Director of Operations, you will be at the forefront of developing, implementing, and upholding our company's digital security compliance strategy and information security, ensuring compliance with stringent government regulations and standards. Your expertise will be crucial in protecting our sensitive data, managing risks, overseeing our Facility Security Clearance (FCL), and ensuring that our operations meet all required cybersecurity maturity models and information control protocols. With expertise in NIST, DFARS, ISO 27001, and classified information management, you will play a key role in securing our operations and maintaining compliance with defense industry requirements. If you’re passionate about safeguarding critical data and upholding the highest standards of security, we’d love for you to join us at Firestorm.
This position is required to be on-site daily in the San Diego, CA office.  

What You’ll Do  

 

• Develop, implement, and maintain the company's information security policies, standards, and procedures to ensure compliance with NIST SP 800-171, DFARS 252.204-7012, and other relevant regulations. 
• Lead efforts to achieve and maintain compliance with CMMC and ISO 27001, including coordinating certification processes and managing ongoing audits. 
• Oversee the protection of Controlled Unclassified Information (CUI) and other controlled information. 
• Manage and maintain the company's Facility Security Clearance (FCL), serving as the primary point of contact (FSO) for all matters related to classified information security. 
• Implement and oversee procedures for handling classified information, ensuring compliance with all applicable government regulations and directives. 
• Conduct regular risk assessments and vulnerability analyses to identify and mitigate potential security threats, including those related to classified information systems. 
• Coordinate with internal teams to integrate security controls into all aspects of operations, including product development and supply chain management. 
• Serve as the primary liaison with government agencies and customers regarding information security compliance, FCL matters, and reporting. 
• Develop and manage the incident response plan, leading investigations and remediation efforts, in the event of security breaches or incidents involving classified or sensitive information. 
• Provide training and awareness programs to educate employees on information security policies, procedures, best practices, and the handling of classified information. 
• Stay current with evolving regulatory requirements, emerging threats, and industry best practices to continuously improve the company's security posture. 
• Collaborate with our DevSecOps team on the design, implementation and maintenance of cATO (continuous Authority to Operate) pipelines. 
• Collaborate with IT and engineering teams to ensure secure system architectures and data protection mechanisms are in place, especially for systems processing classified information. 
• Must be willing to travel up to 10%

  

Qualifications

 

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field. 
• Minimum of 7 years of experience in information security management, with at least 3 years in a leadership role. 
• Extensive knowledge of NIST SP 800-171, DFARS 252.204-7012, ISO 27001, CUI handling requirements, and classified information security protocols. 
• Proven experience in developing and implementing information security programs and achieving compliance with regulatory standards. 
• Strong understanding of risk management principles and experience conducting risk assessments and vulnerability management, including in classified environments. 
• Experience with incident response planning and execution, particularly concerning classified information. 
• Familiarity with data protection laws and regulations. 
• Excellent communication skills, with the ability to articulate complex security requirements to technical and non-technical stakeholders. 
• Must be a U.S. Person due to the nature of work & required access to U.S. export-controlled information
• Ability to obtain and maintain a U.S. Government security clearance. 

  

Preferred Qualifications

 

• Professional certifications such as CISSP, Security+, CISM, CISA, ISP® (Industrial Security Professional), or other DoD Approved 8570 Baseline Certification in the Information Assurance Management (IAM) Level III category. 
• Defense or aerospace industry experience a plus. 
• Familiarity with cybersecurity maturity models like CMMC (Cybersecurity Maturity Model Certification). 
• Experience managing Facility Security Clearances (FCL) and handling classified information within a defense contractor environment. 
• Experience with security audit processes and interfacing with regulatory auditors. 
• Experience with informing design and implementation cATO pipelines. 
• Experience with classified information systems (e.g., Joint Worldwide Intelligence Communications System - JWICS, Secret Internet Protocol Router Network - SIPRNet).
• Experience with Special Access Programs (SAP) and Sensitive Compartmented Information (SCI).
• Knowledge of cloud security principles and experience securing cloud environments handling classified or sensitive data. 

  

Compensation

 US Salary Range: $125,000 - $160,000 USD The posted salary range reflects an estimate based on a variety of compensation factors, including but not limited to relevant experience, education, certifications, specialized skills, geographic location, and business needs. Actual compensation may vary, and this range is subject to change as our compensation structure or market conditions evolve. 

Benefits & Perks

 Our culture fosters collaboration, respect, and trust, empowering passionate people to do their best work. We offer a competitive salary, comprehensive benefits, and opportunities for career growth. In addition to an opportunity to take part in an innovative, collaborative and fast-growing business with a highly motivated and skilled team, we also take pride in taking care of our employees. Here are just a few ways that we show our appreciation:

• We offer comprehensive medical, dental, and visions plans
• 401(k) Retirement Savings Plan to invest in your long-term retirement goals
• Unlimited PTO
• Generous Parental Leave 
• FSA 
• HSA
• Hospital Indemnity insurance 
• Critical Illness insurance 
• Accident insurance 
• Basic Life/AD&D, short-term and long-term disability insurance, 100% covered by Firestorm. Plus, the option to purchase additional life insurance for you and your family.
• Mental Health Resources: We provide free mental health resources 24/7 including therapy and more. Additional work-life services, such as free legal and financial support, are available to you as well.

 

ITAR Compliance

 To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or otherwise eligible to obtain the required authorizations from the U.S. Department of State. 

Equal Opportunity Statement

 Firestorm is an equal opportunity employer, committed to creating a diverse and inclusive workplace, and upholding equitable hiring practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic under federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process.  Firestorm is committed to fostering an inclusive and accessible work environment. If you require accommodations or assistance during the application process, please don’t hesitate to reach out to us at careers@launchfirestorm.com so we can provide the support you need.