bladestack.io

Compensation

Full Description

Job Title(s): Cyber Ninja (Consultant) - Cyber Blade Division Location: Remote Type: Full-Time Cyber Ninja Compensation: $80-110k DOE. Annually + Benefits (401k, Medical, Dental, FSA, +More!) Duties & Responsibilities: Looking to build something new? bladestack.io (BSIO) is looking for the best in the cyber technical tradecraft. The entrepreneurial spirit is alive and well here—we are builders, not just maintainers. We are the only FedRAMP 3PAO that focuses 100% on advisory services. We don’t just tick boxes; we architect the future of secure cloud compliance. While we are a primarily remote company, our main "dojo" (HQ) is located in Tysons Corner/McLean, VA. We strongly support professional autonomy and outcome-based results. We have a tight-knit culture, high quality standards, and trust our Enjinia Ninjas to get the job done. bladestack.io pays 100% of employee and dependent medical, vision, dental coverage. Matching 401k, unlimited PTO, 14 paid holidays, tuition reimbursement, and many other benefits. On our team, you will have the opportunity to work with the best and brightest in the field. Company team members have supported the biggest cloud providers in the world, and you will have the opportunity to learn from the best. We are growing rapidly and are looking for candidates with a background in leading security assessments in support of FedRAMP and NIST-based frameworks to support our growing customer base. bladestack.io (BSIO) is looking for dedicated Cyber Ninjas (Consultant), eager to make their mark in the world of cybersecurity. We offer flexible roles with compensation that corresponds to your expertise and experience. Your primary role would involve enhancing our cybersecurity strategies, improving our technical competence, and contributing significantly to our growth. Primary tasks include: • Understanding the FedRAMP process by working alongside auditors, engineers, vendors. • Providing technical advice to customers seeking FedRAMP compliance. • Collaborating with clients and team members to devise defense-in-depth techniques. • Participating in developing and implementing client cloud and security strategies, vision-state architectures, and roadmap planning. • Serving as a client's key support for design, architecture, and deployment in AWS, Azure, or GCP. • Developing a solid understanding of modern application architectures like serverless and microservices. • Implementing various cloud technologies. • Acquiring skills with various technology stacks of leading cloud providers like AWS and Azure. • Aiming for professional certifications such as PMP, CISSP, CISM, CISA, CRISC, CGEIT, AWS SME, AWS CSA, AWS SCS, etc. • Drafting detailed design documentation, including security documentation. • Learning and adhering to NIST and other compliance frameworks such as FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc. • Mastering project management skills for detailed task tracking and timely delivery. • Collaborating closely with software developers, engineers, and stakeholders. • Assisting in the creation of engineering artifacts capturing system security requirements, application security design, and architecture. • Guide our clients through the vast cyber realm, offering insights that amplify their security posture in accordance with applicable controls. Your cyber-samurai wisdom becomes their defense strategy. What You'll Accomplish • Collaborate with a team of advisors, planning and conducting advisories for clients while specializing in your areas of expertise. • Craft advisory programs that strike a balance between the requirements of regulatory bodies and the specific complexities of client environments. • Lead client advisory sessions and inquiries with precision and diplomacy, evaluating the compliance of their environments against stated requirements. • Review security vulnerabilities against relevant security frameworks. • Serve as a first-level reviewer of drafted advisory planning and reporting materials. • Inspect evidence provided by clients, marking artifacts requiring follow-up or additional clarification. • Assess and advise on client documentation for compliance with a diverse range of standards. • Prepare and review advisory reports, ensuring they reflect the highest quality and thoroughness. • Educate clients on compliance activities, turning complex regulations into understandable guidelines. • Manage your time and tasks effectively to meet delivery utilization targets. • Continuously hone your professional skills and credentials, ensuring you stay at the forefront of industry standards and knowledge. • Collaborate with project managers and other team members to ensure customer satisfaction and meet project deliverables. • Build and maintain strong, positive relationships with clients and stakeholders. • Identify upsell and cross-sell opportunities and escalate them to the appropriate leadership. • Ensure adherence to cyber security policies and the implementation of required controls. • Review and assess information system security plans to ensure control requirements are met. • Provide valuable advice to clients on issues affecting the scope of work. • Develop and author recommendations on how to enhance the client’s security posture based on your findings. What You'll Bring to the Dojo: • Have at least a Security+ Certification and another industry standard cloud-certification (AWS, Azure, GCP, ISACA etc.) • Degree or current enrolment in Cyber Security, Privacy, IT, Computer Science, Mathematics, or Engineering with a minimum of 2-3 years of relevant work experience in the IT industry. • In-depth knowledge and application experience of NIST Special Publications (800-37 Rev.2, 800-53 Rev.5, and 800-53A Rev.4) including the ability to read and interpret all control families, firewall rule sets, and network/boundary/data flow diagrams. • Demonstrable understanding of cloud technologies and cybersecurity with familiarity in technology stacks and cloud providers such as AWS and Azure. • Proven ability to conduct research on technical topics independently, develop logical testing approaches for 800-53 control validation, and assist in the collection of relevant artifacts. • Authorized to work in the U.S. without sponsorship, with the capacity to meet security and background investigation requirements. • Ability to obtain industry-recognized Security Certification within 120 days of program start. • Strong written and verbal communication skills, including the ability to explain technical matters to non-technical audiences. • Outstanding project management skills, coupled with a high degree of personal initiative and ability to manage time and meet deadlines. • Proven experience leading advisory sessions, facilitating meetings to diverse groups, and building high-trust relationships quickly. • Demonstrated involvement in significant organizations such as student clubs or community volunteerism. • A diplomatic, broad-minded approach, with a high attention to detail and strong consulting skills - the capacity to advise and challenge the status quo while building strong relationships. We encourage Military Service Members, Veterans, Disabled Veterans, and Military personnel (National Guard/Reserve) to apply. bladestack.io is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age, or genetic information.