bladestack.io · 2 days ago
Cyber Ninja (Remote FedRAMP Consultant)
United States
Full-time
Remote
Entry, Mid Level
$80K/yr - $110K/yr
2+ years expbladestack.io is a company focused on advisory services for FedRAMP compliance in the cybersecurity field. They are seeking dedicated Cyber Ninjas to enhance their cybersecurity strategies and contribute to growth by providing technical advice and collaborating with clients on cloud security strategies.
AdviceComplianceCyber SecurityInformation TechnologySoftware
No H1B
Responsibilities
Understanding the FedRAMP process by working alongside auditors, engineers, vendors
Providing technical advice to customers seeking FedRAMP compliance
Collaborating with clients and team members to devise defense-in-depth techniques
Participating in developing and implementing client cloud and security strategies, vision-state architectures, and roadmap planning
Serving as a client's key support for design, architecture, and deployment in AWS, Azure, or GCP
Developing a solid understanding of modern application architectures like serverless and microservices
Implementing various cloud technologies
Acquiring skills with various technology stacks of leading cloud providers like AWS and Azure
Aiming for professional certifications such as PMP, CISSP, CISM, CISA, CRISC, CGEIT, AWS SME, AWS CSA, AWS SCS, etc
Drafting detailed design documentation, including security documentation
Learning and adhering to NIST and other compliance frameworks such as FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc
Mastering project management skills for detailed task tracking and timely delivery
Collaborating closely with software developers, engineers, and stakeholders
Assisting in the creation of engineering artifacts capturing system security requirements, application security design, and architecture
Guide our clients through the vast cyber realm, offering insights that amplify their security posture in accordance with applicable controls. Your cyber-samurai wisdom becomes their defense strategy
Collaborate with a team of advisors, planning and conducting advisories for clients while specializing in your areas of expertise
Craft advisory programs that strike a balance between the requirements of regulatory bodies and the specific complexities of client environments
Lead client advisory sessions and inquiries with precision and diplomacy, evaluating the compliance of their environments against stated requirements
Review security vulnerabilities against relevant security frameworks
Serve as a first-level reviewer of drafted advisory planning and reporting materials
Inspect evidence provided by clients, marking artifacts requiring follow-up or additional clarification
Assess and advise on client documentation for compliance with a diverse range of standards
Prepare and review advisory reports, ensuring they reflect the highest quality and thoroughness
Educate clients on compliance activities, turning complex regulations into understandable guidelines
Manage your time and tasks effectively to meet delivery utilization targets
Continuously hone your professional skills and credentials, ensuring you stay at the forefront of industry standards and knowledge
Collaborate with project managers and other team members to ensure customer satisfaction and meet project deliverables
Build and maintain strong, positive relationships with clients and stakeholders
Identify upsell and cross-sell opportunities and escalate them to the appropriate leadership
Ensure adherence to cyber security policies and the implementation of required controls
Review and assess information system security plans to ensure control requirements are met
Provide valuable advice to clients on issues affecting the scope of work
Develop and author recommendations on how to enhance the client’s security posture based on your findings
Qualification
Required
Have at least a Security+ Certification and another industry standard cloud-certification (AWS, Azure, GCP, ISACA etc.)
Degree or current enrolment in Cyber Security, Privacy, IT, Computer Science, Mathematics, or Engineering with a minimum of 2-3 years of relevant work experience in the IT industry
In-depth knowledge and application experience of NIST Special Publications (800-37 Rev.2, 800-53 Rev.5, and 800-53A Rev.4) including the ability to read and interpret all control families, firewall rule sets, and network/boundary/data flow diagrams
Demonstrable understanding of cloud technologies and cybersecurity with familiarity in technology stacks and cloud providers such as AWS and Azure
Proven ability to conduct research on technical topics independently, develop logical testing approaches for 800-53 control validation, and assist in the collection of relevant artifacts
Authorized to work in the U.S. without sponsorship, with the capacity to meet security and background investigation requirements
Ability to obtain industry-recognized Security Certification within 120 days of program start
Strong written and verbal communication skills, including the ability to explain technical matters to non-technical audiences
Outstanding project management skills, coupled with a high degree of personal initiative and ability to manage time and meet deadlines
Proven experience leading advisory sessions, facilitating meetings to diverse groups, and building high-trust relationships quickly
Demonstrated involvement in significant organizations such as student clubs or community volunteerism
A diplomatic, broad-minded approach, with a high attention to detail and strong consulting skills - the capacity to advise and challenge the status quo while building strong relationships
Benefits
401k
Medical
Dental
FSA
Unlimited PTO
14 paid holidays
Tuition reimbursement
Many other benefits
Company
bladestack.io
bladestack.io brings cloud expertise, technology and innovative approaches which empower your organization to capitalize on the promise of digital transformation.
11-50 employees
Funding
Current Stage
Early StageCompany data provided by crunchbase