About 38North
38North Security is the world’s most experienced, technically expert, cloud advisory team. Since the inception of cloud computing, we have helped organizations around the world take secure, compliant advantage of the cloud to power modern business. From tech start-ups to Fortune 500 companies, our impressive client portfolio includes government, major healthcare organizations, cloud service providers, and security vendors, with many at the forefront of innovation and disruptive technology.
Our goal is to become the preeminent cloud security engineering and compliance advisory team, in the US and internationally, trusted by the world’s most demanding cloud centric organizations. At 38North, you will work with the most elite, experienced FedRAMP and cloud security experts in the world. You will be expected to continuously advance your technical and consulting skills while contributing to corporate initiatives that support our rapid growth.
In exchange, we offer competitive salaries (commensurate with experience), a fully remote, flexible work environment, and unlike larger companies in this space, reasonable billable hour expectations. Most importantly, you’ll be joining a team-focused organization, helmed by leaders who have worked together for decades to advance security and compliance initiatives.
Location
Remote, but must be available to work Eastern Time hours.
About the Role
This role will conduct independent security assessments of government environments against NIST SP 800-53 rev 5 security control requirements. Systems assessed could include on premise, AWS cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) systems) and applications. Experience with assessing the entire control set for systems in the AWS cloud environment is required.
Duties and Responsibilities
- Conduct assessment meetings independently for the entire control set
- Perform assessment of security controls, as documented in System Security Plan (SSP), for all security control families
- Conduct risk assessments based on findings of security controls assessments
- Develop Security Assessment Reports (SAR), document Plans of Action and Milestones (POA&Ms), and develop an Executive Summaries (ES) for each assessment
Qualifications
- Minimum of 3 years of experience for junior-level role, and 8 years of experience for a senior-level, in listed tasks
- Four-year degree (Bachelor’s Degree) from an accredited College or University in Business or Engineering
- Minimum of 3 years of experience for junior-level role, and 8 years of experience for a senior-level, in listed tasks
- Must have or be eligible to obtain a Public Trust Clearance
- Assessor must be able to conduct assessment independently for all controls in the Low, Moderate, or High baseline.
Technical Skills
- Experience with RMF and applying the NIST Cybersecurity Framework.
- Experience using CSAM in an RMF Assessor role.
- Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
- Experience with Federal Risk and Authorization Management Program (FedRAMP).
- Experience with assessing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
- Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
- Knowledge of computer networking concepts, protocols, and network security methodologies.
- Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
- Knowledge of current and past cybersecurity threats and vulnerabilities.
- Familiarity with cloud environments (specifically AWS infrastructure and services) in addition to the AWS Console is a plus.
Professional Skills
- Ability to effectively manage and prioritize multiple tasks and duties simultaneously, while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.
- Able to communicate effectively in an accurate and concise manner through written and verbal means to system teams, and product and cybersecurity leadership.
- Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
- Ability to work and collaborate as part of an integrated team with diverse backgrounds.
Candidates will be asked to supply 3 references (one of which must be provide by a former or current client) and undergo a background check prior to employment. Candidates must be US citizens.
*No recruiters*
Learn more about 38North at www.38northsecurity.com