About 38North

38North Security is the world’s most experienced, technically expert, cloud advisory team. Since the inception of cloud computing, we have helped organizations around the world take secure, compliant advantage of the cloud to power modern business. From tech start-ups to Fortune 500 companies, our impressive client portfolio includes government, major healthcare organizations, cloud service providers, and security vendors, with many at the forefront of innovation and disruptive technology.

Our goal is to become the preeminent cloud security engineering and compliance advisory team, in the US and internationally, trusted by the world’s most demanding cloud centric organizations. At 38North, you will work with the most elite, experienced FedRAMP and cloud security experts in the world. You will be expected to continuously advance your technical and consulting skills while contributing to corporate initiatives that support our rapid growth.

In exchange, we offer competitive salaries (commensurate with experience), a fully remote, flexible work environment, and unlike larger companies in this space, reasonable billable hour expectations. Most importantly, you’ll be joining a team-focused organization, helmed by leaders who have worked together for decades to advance security and compliance initiatives.

About the Role

Your job is to advise and/or assess 38North clients based on security best practices driven by security regulations and compliance including FedRAMP, DoD SRG, FISMA, CMMC, NIST 800-171, NIST Cybersecurity Framework, SOC II, HIPAA and ISO27001/27017. We are not a cookie-cutter organization, we tailor our solutions for every client, and so analytical thinking is a must. The ability to balance business and security needs in the context of tolerable organizational risk is imperative to what we do.

This is a great opportunity for remote work job seekers who want flexibility in their schedule. We’re based in Washington, DC, but you can be based anywhere in the continental US. Modest travel in the US and internationally may be required (about 1 week every 3 months).

Qualifications & Experience

The ideal candidate is a self-starter, technically competent, able to communicate clearly and persuasively at all levels, works well with others, and takes the initiative to grow a client through awesome customer relationship management skills.  Here’s your punch list:

• At least 5 years progressive experience in information security
• At least 2 years supporting FedRAMP Cloud Service Providers in either an assessment or advisory role
• Detailed knowledge and application of NIST-based security compliance frameworks and standards including FedRAMP, DoD SRG, CMMC, FISMA, NIST Cybersecurity Framework, and NIST 800-171
• Knowledge of cloud security technologies and major services offered by one or more major cloud providers such as AWS, Microsoft Azure, or Google Cloud Platform
• Strong technical expertise to create clear, accurate documentation on cyber security policies, procedures, and technical controls.
• At least one current security industry-recognized professional certification e.g. CISSP, CISM, CCSP, etc
• Cloud certifications from AWS, Azure or Google highly desirable

Here's how to apply

Submit the following to [email protected]:

• Resume: hopefully self-explanatory
• Cover Letter: no rules, just make it something brief we actually want to read
• Writing Sample: provide 2-3 relevant work samples

Candidates will be asked to supply 3 references (one of which must be provided by a former or current client) and undergo a background check prior to employment. Candidates must be US citizens. Learn more about 38North at www.38northsecurity.com.