About BOS

BOS Framework is a Cloud infrastructure and DevOps automation platform that enables tech teams to provision, configure, and orchestrate their application and data environments in AWS/Azure with built-in observability, resilience, and compliance without having to learn IaC or DevOps on the job.

Creating Massive Impact

With BOS, tech-enabled businesses greatly reduce technical debt, assure ongoing 99.99% uptime, gain release cycle efficiencies, and save 30 to 80% of the cost and time that goes into building, migrating, and maintaining Cloud environments with fewer tools and resources.

Job Description

BOS is seeking a highly skilled Cloud Security Analyst to join our dynamic team. The ideal candidate will play a crucial role in ensuring the security and compliance of our cloud Platform and the applications/ecosystems that are modernized by leveraging BOS.

Responsibilities

• Develop comprehensive Cloud security guidelines and implement solutions for risk management programs tailored to our technical product company.
• Define and implement cloud security policies, standards, and procedures, ensuring alignment with industry standards (e.g., NIST, CIS), regulations, and recommended guidelines.
• Design and implement security controls, policies, and procedures to ensure compliance with FedRAMP requirements.
• Conduct risk assessments and vulnerability analyses to identify potential security threats and weaknesses.
• Collaborate with engineering, product, and operations teams to integrate security best practices into the product development lifecycle.
• Lead incident response efforts and manage security incidents, investigations, and remediation activities.
• Monitor and assess security threats, vulnerabilities, and trends to ensure the ongoing protection of our systems and data.
• Develop and deliver security awareness training programs for employees.
• Establish and maintain relationships with external partners, auditors, and regulatory bodies.
• Prepare and present security reports and metrics to senior management and stakeholders.
• Document the System Security Plan (SSP) and other necessary documentation required for FedRAMP authorization.
• Represent the company during Third Party Assessment Organizations (3PAOs) assessments and interact with federal agencies as needed.
• Stay current with industry trends, emerging threats, and regulatory changes to ensure continuous improvement of our security posture.
• Implement and manage cloud security solutions to protect data and applications hosted in cloud environments.
• Conduct regular security audits and assessments of cloud infrastructure to ensure compliance with industry standards and regulations.
• Develop and enforce security policies and procedures specific to cloud services and infrastructure.
• Monitor and manage cloud security tools and services, such as AWS Security Hub, Azure Security Center, or Google Cloud Security Command Center.
• Collaborate with cloud service providers to ensure security best practices are followed and integrated into our cloud infrastructure.
• Provide guidance and support for secure cloud architecture and design.
• Investigate and respond to cloud-related security incidents and breaches.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
• Proven experience as a security leader or similar role in a technology-driven organization.
• Direct experience in leading a company through the FedRAMP authorization process, including documenting the System Security Plan (SSP) and coordinating with Third Party Assessment Organizations (3PAOs).
• In-depth knowledge of security frameworks, standards, and best practices, including FedRAMP, NIST, ISO 27001, etc.
• Hands-on experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, SIEM, etc.
• Strong understanding of cloud security, network security, application security, and data protection.
• Experience with cloud platforms such as AWS, Azure, or Google Cloud and their security services and tools.
• Proficiency in implementing and managing cloud security solutions, including identity and access management, encryption, and monitoring.
• Familiarity with container security and orchestration tools, such as Docker and Kubernetes.
• Excellent leadership, communication, and interpersonal skills.
• Ability to work collaboratively with cross-functional teams and influence decision-making.
• Relevant certifications such as CISSP, CISM, CISA, or cloud-specific certifications like AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are highly desirable.

Benefits

• Medical, Vision and Dental Insurance benefits
• Paid time off
• Market competitive total compensation package

Core Values

• Customer First: Putting Customers at the Heart: We place our clients at the forefront, responding to their needs with respect and efficency. Our growth is intertwined with our customers' success.
• Walk the Talk: Integrity in Action: Our words and actions align, fostering trust through transparency and long-term commitment. We embrace courage and honesty for the greater good.
• Team Spirit: Unity in Diversity: We champion collaboration across departments and locations, creating win-win situations and extending our team spirit to include our clients. Together, we find strength in unity.
• Excellence: Pursuit of Perfection: Our journey is marked by a relentless drive to surpass our acheivements, embracing each day as an oppurtunity to excel further.
• Drive Innovation: Innovative Mindset: We stay ahead of global tech trends, challenging the status quo with audacity and delivering cutting-edge solutions that drive growth.
• Outcome-Focused: Results-Driven Approach: We prioritize impactful solutions and maintain a balance between visionary objectives and immediate achievements, ensuring practicality in our pursuit of excellence.