About the Role:
We are seeking a highly motivated and detail-oriented Junior Security Assessment Specialist to join our Security team. This individual will play a key role in evaluating the security posture of our systems and applications, ensuring compliance with both U.S. and international standards such as FedRAMP and BSI IT-Grundschutz (Germany). The ideal candidate thrives in collaborative environments, brings a strong technical foundation, and is well-versed in modern infrastructure, deployment, and automation technologies.
Key Responsibilities:
• Collaborate effectively with cross-functional teams to assess, document, and communicate security risks and mitigation strategies.
• Perform the scanning procedures required for the comprehensive security assessments in alignment with FedRAMP, BSI IT-Grundschutz, and other international regulatory frameworks
• Provide clear, actionable recommendations to improve security posture based on assessment findings, industry best practices, and compliance requirements.
• Support the development and continuous refinement of security assessment methodologies and documentation.
• Analyze and validate security controls across multiple cloud providers like OpenStack (AWS, Azure and Google Cloud Platform also accepted) hosted clouds.
• Apply knowledge of Terraform, Ansible, and a broad spectrum of programming and deployment technologies (e.g., CI/CD pipelines, scripting languages, container orchestration, infrastructure-as-code) to support secure system design and auditing.
• Communicate findings and risk summaries to both technical and non-technical stakeholders, helping drive a security-first culture across the organization.
Qualifications:
• 3+ years of experience in information security, risk assessments, or related fields.
• Familiarity with FedRAMP, BSI IT-Grundschutz, ISO 27001, or similar regulatory/compliance frameworks.
• Hands-on experience with infrastructure automation tools (e.g., Terraform, Ansible) and scripting languages (e.g., Python, Bash).
• Understanding of modern deployment methodologies, cloud architecture, and DevSecOps practices.
• Strong communication skills with the ability to explain technical issues to a broad audience.
• Security certifications such as CISSP, CISA, or similar are a plus.
Nice to Have:
• Experience participating in third-party audits or assessments.
• Knowledge of secure coding practices and application security testing.
• Familiarity with container security, Kubernetes, and cloud-native technologies.