About BOS

BOS Framework is a Cloud infrastructure and DevOps automation platform that enables tech teams to provision, configure, and orchestrate their application and data environments in AWS/Azure with built-in observability, resilience, and compliance without having to learn IaC or DevOps on the job.

Creating Massive Impact

With BOS, tech-enabled businesses greatly reduce technical debt, assure ongoing 99.99% uptime, gain release cycle efficiencies, and save 30 to 80% of the cost and time that goes into building, migrating, and maintaining Cloud environments with fewer tools and resources.

Job Description

BOS is seeking a highly skilled Cloud Security Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our cloud Platform and the applications/ecosystems that are modernized by leveraging BOS.

Responsibilities

Develop comprehensive Cloud security guidelines and implement solutions for risk management programs tailored to our technical product company.
Define and implement cloud security policies, standards, and procedures, ensuring alignment with industry standards (e.g., NIST, CIS), regulations, and recommended guidelines.
Design and implement security controls, policies, and procedures to ensure compliance with FedRAMP requirements.
Conduct risk assessments and vulnerability analyses to identify potential security threats and weaknesses.
Collaborate with engineering, product, and operations teams to integrate security best practices into the product development lifecycle.
Lead incident response efforts and manage security incidents, investigations, and remediation activities.
Monitor and assess security threats, vulnerabilities, and trends to ensure the ongoing protection of our systems and data.
Develop and deliver security awareness training programs for employees.
Establish and maintain relationships with external partners, auditors, and regulatory bodies.
Prepare and present security reports and metrics to senior management and stakeholders.
Document the System Security Plan (SSP) and other necessary documentation required for FedRAMP authorization.
Represent the company during Third Party Assessment Organizations (3PAOs) assessments and interact with federal agencies as needed.
Stay current with industry trends, emerging threats, and regulatory changes to ensure continuous improvement of our security posture.
Implement and manage cloud security solutions to protect data and applications hosted in cloud environments.
Conduct regular security audits and assessments of cloud infrastructure to ensure compliance with industry standards and regulations.
Develop and enforce security policies and procedures specific to cloud services and infrastructure.
Monitor and manage cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center.
Collaborate with cloud service providers to ensure security best practices are followed and integrated into our cloud infrastructure.
Provide guidance and support for secure cloud architecture and design.
Investigate and respond to cloud-related security incidents and breaches.

Qualifications

Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
Proven experience as a security leader or similar role in a technology-driven organization.
Direct experience in leading a company through the FedRAMP authorization process, including documenting the System Security Plan (SSP) and coordinating with Third Party Assessment Organizations (3PAOs).
In-depth knowledge of security frameworks, standards, and best practices, including FedRAMP, NIST, ISO 27001, etc.
Hands-on experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM, etc.
Strong understanding of cloud security, network security, application security, and data protection.
Experience with cloud platforms such as AWS, Azure, or Google Cloud and their security services and tools.
Proficiency in implementing and managing cloud security solutions, including identity and access management, encryption, and monitoring.
Familiarity with container security and orchestration tools, such as Docker and Kubernetes.
Excellent leadership, communication, and interpersonal skills.
Ability to work collaboratively with cross-functional teams and influence decision-making.
Relevant certifications such as CISSP, CISM, CISA, or cloud-specific certifications like AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are highly desirable.

Benefits

Medical, Vision and Dental Insurance benefits
Paid time off
Market competitive total compensation package

Core Values

Customer First: Putting Customers at the Heart: We place our clients at the forefront, responding to their needs with respect and efficency. Our growth is intertwined with our customers' success.
Walk the Talk: Integrity in Action: Our words and actions align, fostering trust through transparency and long-term commitment. We embrace courage and honesty for the greater good.
Team Spirit: Unity in Diversity: We champion collaboration across departments and locations, creating win-win situations and extending our team spirit to include our clients. Together, we find strength in unity.
Excellence: Pursuit of Perfection: Our journey is marked by a relentless drive to surpass our acheivements, embracing each day as an oppurtunity to excel further.
Drive Innovation: Innovative Mindset: We stay ahead of global tech trends, challenging the status quo with audacity and delivering cutting-edge solutions that drive growth.
Outcome-Focused: Results-Driven Approach: We prioritize impactful solutions and maintain a balance between visionary objectives and immediate achievements, ensuring practicality in our pursuit of excellence.