About Us

Steel Root is a cybersecurity services company that specializes in compliance and consulting. We’re a startup in high demand, looking for a highly-intelligent, driven individual to join our team as a Compliance Analyst. We’re passionate about contributing daily to our positive culture, with a commitment to professional development and social responsibility. Steel Root is headquartered in Salem, MA. Candidates located in or near Boston, MA or Washington, DC are preferred, though we will also consider remote candidates.

About You

You’re a strong communicator interested in a fast-paced career in security consulting and professional services. You’re a strategic thinker, and passionate about the details. You have a proven history of delivering excellent work and exceeding expectations.

A background in IT/IS, compliance and risk management, or management consulting is desirable, as is exposure to one or more security control frameworks (e.g., NIST, CIS, PCI, SOC2, ISO 27001).

Industry certifications (e.g., CISSP, CISA) are not required but will be considered as part of the selection process.

Job Description

Your primary role is to consult with clients on data security compliance. Steel Root works with federal and defense contractors, many of whom are small businesses in high tech, R&D or manufacturing, to assess and attest to compliance with NIST SP 800-171.
A typical engagement includes the following elements:
Compliance gap assessment (NIST 800-171 or 800-53)
Policy development (drafting an information security program, IT/IS policies and procedures, incident response plan, etc.)
Draft and manage System Security Plan / Plans of Action & Milestones for client systems and environments
Build and manage a technical roadmap for remediation projects
Travel requirements: 20-30%

Required Skillset

Very strong written and verbal communication skills
Strategic thinker and creative problem solver
Highly-motivated and detail-oriented

Desired Skillset

Knowledge of security control frameworks
Experience consulting with clients on technical or policy-related projects
Familiarity with the government contracts industry
Awareness of the cybersecurity product/vendor landscape
Public speaking


Competitive benefits package
Hone your consulting skills in the GovCon / cybersecurity market
Opportunity for flexible hours
Play with cool tech, work with customers that love us, and get in on the ground floor of a startup in high growth mode

How to Apply

Send resume with cover letter to

Want to go the extra mile? Let us know your thoughts on any blog post on our website by leaving a comment.

Contact Us

We'd love to hear from you. Send us an email and we'll get back to you ASAP.