Cloud Security Analyst

BOS Framework

BOS Framework

IT
Posted on Dec 21, 2023

About BOS

BOS Framework is a Cloud infrastructure and DevOps automation platform that enables tech teams to provision, configure, and orchestrate their application and data environments in AWS/Azure with built-in observability, resilience, and compliance without having to learn IaC or DevOps on the job.

Creating Massive Impact

With BOS, tech-enabled businesses greatly reduce technical debt, assure ongoing 99.99% uptime, gain release cycle efficiencies, and save 30 to 80% of the cost and time that goes into building, migrating, and maintaining Cloud environments with fewer tools and resources.

Job Description

BOS is seeking a highly skilled Cloud Security Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our cloud Platform and the applications/ecosystems that are modernized by leveraging BOS.

Responsibilities

  • Develop comprehensive Cloud security guidelines and implement solutions for risk management programs tailored to our technical product company.
  • Define and implement cloud security policies, standards, and procedures, ensuring alignment with industry standards (e.g., NIST, CIS), regulations, and recommended guidelines.
  • Design and implement security controls, policies, and procedures to ensure compliance with FedRAMP requirements.
  • Conduct risk assessments and vulnerability analyses to identify potential security threats and weaknesses.
  • Collaborate with engineering, product, and operations teams to integrate security best practices into the product development lifecycle.
  • Lead incident response efforts and manage security incidents, investigations, and remediation activities.
  • Monitor and assess security threats, vulnerabilities, and trends to ensure the ongoing protection of our systems and data.
  • Develop and deliver security awareness training programs for employees.
  • Establish and maintain relationships with external partners, auditors, and regulatory bodies.
  • Prepare and present security reports and metrics to senior management and stakeholders.
  • Document the System Security Plan (SSP) and other necessary documentation required for FedRAMP authorization.
  • Represent the company during Third Party Assessment Organizations (3PAOs) assessments and interact with federal agencies as needed.
  • Stay current with industry trends, emerging threats, and regulatory changes to ensure continuous improvement of our security posture.
  • Implement and manage cloud security solutions to protect data and applications hosted in cloud environments.
  • Conduct regular security audits and assessments of cloud infrastructure to ensure compliance with industry standards and regulations.
  • Develop and enforce security policies and procedures specific to cloud services and infrastructure.
  • Monitor and manage cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center.
  • Collaborate with cloud service providers to ensure security best practices are followed and integrated into our cloud infrastructure.
  • Provide guidance and support for secure cloud architecture and design.
  • Investigate and respond to cloud-related security incidents and breaches.

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
  • Proven experience as a security leader or similar role in a technology-driven organization.
  • Direct experience in leading a company through the FedRAMP authorization process, including documenting the System Security Plan (SSP) and coordinating with Third Party Assessment Organizations (3PAOs).
  • In-depth knowledge of security frameworks, standards, and best practices, including FedRAMP, NIST, ISO 27001, etc.
  • Hands-on experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM, etc.
  • Strong understanding of cloud security, network security, application security, and data protection.
  • Experience with cloud platforms such as AWS, Azure, or Google Cloud and their security services and tools.
  • Proficiency in implementing and managing cloud security solutions, including identity and access management, encryption, and monitoring.
  • Familiarity with container security and orchestration tools, such as Docker and Kubernetes.
  • Excellent leadership, communication, and interpersonal skills.
  • Ability to work collaboratively with cross-functional teams and influence decision-making.
  • Relevant certifications such as CISSP, CISM, CISA, or cloud-specific certifications like AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are highly desirable.

Benefits

  • Medical, Vision and Dental Insurance benefits
  • Paid time off
  • Market competitive total compensation package

Core Values

  • Customer First: Putting Customers at the Heart: We place our clients at the forefront, responding to their needs with respect and efficency. Our growth is intertwined with our customers' success.
  • Walk the Talk: Integrity in Action: Our words and actions align, fostering trust through transparency and long-term commitment. We embrace courage and honesty for the greater good.
  • Team Spirit: Unity in Diversity: We champion collaboration across departments and locations, creating win-win situations and extending our team spirit to include our clients. Together, we find strength in unity.
  • Excellence: Pursuit of Perfection: Our journey is marked by a relentless drive to surpass our acheivements, embracing each day as an oppurtunity to excel further.
  • Drive Innovation: Innovative Mindset: We stay ahead of global tech trends, challenging the status quo with audacity and delivering cutting-edge solutions that drive growth.
  • Outcome-Focused: Results-Driven Approach: We prioritize impactful solutions and maintain a balance between visionary objectives and immediate achievements, ensuring practicality in our pursuit of excellence.