About BOS
BOS Framework is a Cloud infrastructure and DevOps automation platform that enables tech teams to provision, configure, and orchestrate their application and data environments in AWS/Azure with built-in observability, resilience, and compliance without having to learn IaC or DevOps on the job.
Creating Massive Impact
With BOS, tech-enabled businesses greatly reduce technical debt, assure ongoing 99.99% uptime, gain release cycle efficiencies, and save 30 to 80% of the cost and time that goes into building, migrating, and maintaining Cloud environments with fewer tools and resources.
Job Description
BOS is seeking a highly skilled Cloud Security Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our cloud Platform and the applications/ecosystems that are modernized by leveraging BOS.
Responsibilities
- Develop comprehensive Cloud security guidelines and implement solutions for risk management programs tailored to our technical product company.
- Define and implement cloud security policies, standards, and procedures, ensuring alignment with industry standards (e.g., NIST, CIS), regulations, and recommended guidelines.
- Design and implement security controls, policies, and procedures to ensure compliance with FedRAMP requirements.
- Conduct risk assessments and vulnerability analyses to identify potential security threats and weaknesses.
- Collaborate with engineering, product, and operations teams to integrate security best practices into the product development lifecycle.
- Lead incident response efforts and manage security incidents, investigations, and remediation activities.
- Monitor and assess security threats, vulnerabilities, and trends to ensure the ongoing protection of our systems and data.
- Develop and deliver security awareness training programs for employees.
- Establish and maintain relationships with external partners, auditors, and regulatory bodies.
- Prepare and present security reports and metrics to senior management and stakeholders.
- Document the System Security Plan (SSP) and other necessary documentation required for FedRAMP authorization.
- Represent the company during Third Party Assessment Organizations (3PAOs) assessments and interact with federal agencies as needed.
- Stay current with industry trends, emerging threats, and regulatory changes to ensure continuous improvement of our security posture.
- Implement and manage cloud security solutions to protect data and applications hosted in cloud environments.
- Conduct regular security audits and assessments of cloud infrastructure to ensure compliance with industry standards and regulations.
- Develop and enforce security policies and procedures specific to cloud services and infrastructure.
- Monitor and manage cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center.
- Collaborate with cloud service providers to ensure security best practices are followed and integrated into our cloud infrastructure.
- Provide guidance and support for secure cloud architecture and design.
- Investigate and respond to cloud-related security incidents and breaches.
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
- Proven experience as a security leader or similar role in a technology-driven organization.
- Direct experience in leading a company through the FedRAMP authorization process, including documenting the System Security Plan (SSP) and coordinating with Third Party Assessment Organizations (3PAOs).
- In-depth knowledge of security frameworks, standards, and best practices, including FedRAMP, NIST, ISO 27001, etc.
- Hands-on experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM, etc.
- Strong understanding of cloud security, network security, application security, and data protection.
- Experience with cloud platforms such as AWS, Azure, or Google Cloud and their security services and tools.
- Proficiency in implementing and managing cloud security solutions, including identity and access management, encryption, and monitoring.
- Familiarity with container security and orchestration tools, such as Docker and Kubernetes.
- Excellent leadership, communication, and interpersonal skills.
- Ability to work collaboratively with cross-functional teams and influence decision-making.
- Relevant certifications such as CISSP, CISM, CISA, or cloud-specific certifications like AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are highly desirable.
Benefits
- Medical, Vision and Dental Insurance benefits
- Paid time off
- Market competitive total compensation package
Core Values
- Customer First: Putting Customers at the Heart: We place our clients at the forefront, responding to their needs with respect and efficency. Our growth is intertwined with our customers' success.
- Walk the Talk: Integrity in Action: Our words and actions align, fostering trust through transparency and long-term commitment. We embrace courage and honesty for the greater good.
- Team Spirit: Unity in Diversity: We champion collaboration across departments and locations, creating win-win situations and extending our team spirit to include our clients. Together, we find strength in unity.
- Excellence: Pursuit of Perfection: Our journey is marked by a relentless drive to surpass our acheivements, embracing each day as an oppurtunity to excel further.
- Drive Innovation: Innovative Mindset: We stay ahead of global tech trends, challenging the status quo with audacity and delivering cutting-edge solutions that drive growth.
- Outcome-Focused: Results-Driven Approach: We prioritize impactful solutions and maintain a balance between visionary objectives and immediate achievements, ensuring practicality in our pursuit of excellence.