Jr. Security Assessor Jobs

About 38North

38North Security is the world’s most experienced, technically expert, cloud advisory team. Since the inception of cloud computing, we have helped organizations around the world take secure, compliant advantage of the cloud to power modern business. From tech start-ups to Fortune 500 companies, our impressive client portfolio includes government, major healthcare organizations, cloud service providers, and security vendors, with many at the forefront of innovation and disruptive technology.

Our goal is to become the preeminent cloud security engineering and compliance advisory team, in the US and internationally, trusted by the world’s most demanding cloud centric organizations. At 38North, you will work with the most elite, experienced FedRAMP and cloud security experts in the world. You will be expected to continuously advance your technical and consulting skills while contributing to corporate initiatives that support our rapid growth.

In exchange, we offer competitive salaries (commensurate with experience), a fully remote, flexible work environment, and unlike larger companies in this space, reasonable billable hour expectations. Most importantly, you’ll be joining a team-focused organization, helmed by leaders who have worked together for decades to advance security and compliance initiatives.

Location

Remote, but must be available to work Eastern Time hours.

About the Role

This role will conduct independent security assessments of government environments. Systems assessed could include on premise, cloud (Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) systems) and applications. They will also provide system administration support to the Governance, Risk and Compliance (GRC) module, to include upgrades, patching and account management.

Duties and Responsibilities

• Conduct risk assessments based on findings of security controls assessments
• Support independent assessments of security controls as documented in System Security Plans (SSP)
• Support assessment meetings as required
• Develop development of Security Assessment Report (SAR), documenting Plans of Action and Milestones (POA&Ms), and developing Executive Summaries (ES)

Qualifications

• Must have or be eligible to obtain a Public Trust Clearance
• Four year degree (Bachelors Degree) from an accredited College or University
• Experience with the Department of Transportation and / or the Federal Aviation Administration preferred.
• Minimum of 3 years of experience in listed tasks

Technical Skills

• Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
• Experience with RMF and applying the NIST Cybersecurity Framework.
• Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
• Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
• Experience with assessing systems and applications deployed in local and cloud environments following federal guidelines and best practices.
• Experience using CSAM in an RMF Assessor role.
• Experience with Federal Risk and Authorization Management Program (FedRAMP).
• Knowledge of computer networking concepts, protocols, and network security methodologies.
• Knowledge of current and past cybersecurity threats and vulnerabilities.

Professional Skills

• Able to communicate effectively in a accurate and concise manner through written and verbal means to system teams and product and cybersecurity leadership.
• Ability to take initiative on assigned systems and related tasks and work with minimal supervision.
• Ability to work and collaborate as part of an integrated team with diverse backgrounds.
• Ability to effectively manage and prioritize multiple tasks and duties simultaneously while effectively coordinating and ensuring that scheduled delivery dates and milestones are achieved.

Candidates will be asked to supply 3 references (one of which must be provide by a former or current client) and undergo a background check prior to employment. Candidates must be US citizens.

Learn more about 38North at www.38northsecurity.com