Junior Cloud Security Analyst Job at Openkyber, Maine

bnFFSWRSNzJnb1BIeWxqdHpVTkVtT3A0MHc9PQ==
  • Openkyber
  • Maine

Job Description

Job Title: Junior to Mid Product Security Assessor

Location: 100% REMOTE

Contract length: 6 months to start with ongoing renewals likely

Is contract-to-hire? No

Onsite schedule: 100% REMOTE

Years of experience needed: 1-3+

Top 3 skills the client needs candidates to have experience:

  • Must have done some sort of Product Auditing
  • Must have worked with IoT Devices
  • Someone who is comfortable interfacing with Engineering and Development teams

Job Description: The Product Security Assessor is responsible for performing structured, risk-based security assessments across Generac products and platforms, spanning backend cloud services, DevSecOps pipelines, and IoT devices. This role is assessment-focused rather than build-focused, combining deep technical understanding with strong analytical and documentation skills. The assessor evaluates architectures, implementations, and controls against established security requirements and standards, particularly IEC 62443, and provides clear, actionable remediation guidance to engineering teams. This role aligns with the offshore Product Security engagement model and supports scalable, repeatable security reviews across the portfolio.

Key Responsibilities:

  • Product Security Assessments: Conduct end-to-end product security assessments for cloud services, backend systems, DevSecOps pipelines, and IoT devices against defined security requirements. Evaluate security controls across application, infrastructure, device, and pipeline layers to identify gaps, weaknesses, and non-conformances. Perform assessments aligned to IEC 62443 and internal Generac product security standards. Clearly document assessment scope, findings, compliance status, and overall security posture.
  • Threat Modeling and Risk Analysis: Perform structured threat modeling for identified findings and architectural designs across cloud, device, and DevSecOps domains. Assess risk severity and potential impact, considering exploitability, exposure, and business context. Translate technical findings into clear risk statements that engineering and product teams can act upon.
  • Backend and Cloud Security Assessment: Assess backend cloud architectures, including containerized workloads and orchestrated environments, for secure configuration, network segmentation, identity controls, and data protection. Review container security practices such as image scanning, runtime protections, and least-privilege configurations. Evaluate cloud logging, monitoring, and incident detection capabilities to ensure adequate security observability.
  • DevSecOps and Pipeline Security Assessment: Assess CI and CD pipelines to ensure security controls are integrated and consistently applied. Review use of SAST, DAST, SCA, and infrastructure-as-code scanning within development workflows. Evaluate secrets management, key handling, and signing processes used in build and release pipelines. Identify gaps in automation, enforcement, or visibility that could introduce security risk.
  • Device and Firmware Security Assessment: Conduct IoT device security assessments covering hardware, firmware, and embedded software. Evaluate secure boot, firmware signing, credential storage, encryption, and update mechanisms. Assess protections against physical tampering, reverse engineering, and unauthorized firmware modification. Review device compliance against IEC 62443-based device security requirements.
  • Reporting and Remediation Guidance: Produce clear, structured assessment reports that document findings, risk ratings, and compliance gaps. Provide prioritized, risk-informed remediation recommendations that are practical and actionable. Support engineering teams by clarifying findings, answering technical questions, and validating remediation evidence.
  • Engagement Execution and Governance: Execute assessments in alignment with defined Product Security engagement models and timelines. Participate in regular checkpoints, status updates, and structured feedback sessions. Ensure consistency and quality across assessments through standardized templates and methodologies.

Qualifications:

  • Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related field.
  • 2+ years of experience in product security, cloud security, DevSecOps, or IoT security roles.
  • Strong understanding of backend cloud architectures, container platforms, and CI and CD pipelines.
  • Working knowledge of embedded systems, firmware security, and IoT security principles.
  • Hands-on experience performing threat modeling, vulnerability assessments, and security reviews.
  • Familiarity with security standards and frameworks such as IEC 62443, ISO 27001, and NIST 800-53.
  • Ability to produce clear, concise, and high-quality security assessment documentation.
  • Certifications such as CISSP, CCSP, CSSLP, or cloud security certifications are desirable.

Compensation: The hourly rate for this position is between $21.00-$29.00 per hour. Factors which may affect starting pay within this range may include [geography/market, skills, education, experience and other qualifications of the successful candidate].

Benefits: Sunrise offers ACA compliant medical coverage/dental insurance/vision insurance to all employees. We also offer Sick time benefits as required per State regulations.

For applications and inquiries, contact: hirings@openkyber.com

Job Tags

Hourly pay, Contract work, Remote work

Similar Jobs

Greenscape Energy

Solar Installer Job at Greenscape Energy

 ...growing green industry. From engineering to installation, our team collectively ensures projects...  ...company match. About the Job The Solar Installer will install photovoltaic (PV)...  ...minor electrical work as it relates to panel installation Connect solar system to... 

Milestone Pharmaceuticals

Clinical Trial Manager-Consultant Job at Milestone Pharmaceuticals

 ...together. YOU WILL BE RESPONSIBLE FOR: Supporting end-to-end clinical trial execution, ensuring delivery against timelines, quality...  ..., and budget; Assisting in start-up activities of clinical research studies including Investigator site selection; Contributing... 

Framework

Literacy Tutor K-3 (In-Person - Richmond, VA) - AmeriCorps Nextcelerate Job at Framework

 ...you passionate about education? Do you want to make an immediate impact while gaining hands-on experience in local schools? Join AmeriCorps Nextcelerate, a paid service opportunity through Virginia Learns, where you'll deliver high-impact literacy tutoring to K3... 

Culture Amp

Director, Corporate Communications (Full Time, Fixed-Term) Job at Culture Amp

 ...drive performance. Were looking for a Director Corporate Communications on a f ixed-term contract to cover parental leave. This role...  ...office budget to spend on setting up your home office ~ Medical insurance coverage for you and your family (Available for US... 

PragerU

Graphic Designer/Illustrator, Kids Job at PragerU

 ...to be voted among the Best Place to Work in Los Angeles by the LA Business Journal 4 years in a row. The Graphic Designer /Illustrator, Kids role at PragerU is a highly creative, detail-oriented position. This individual will work directly with the Art Director to...