Skip to content
← Back to job listings

Consultant, FedRAMP Assessment

Coalfire · Remote, United States

CybersecurityRemoteQuick applycontract4 days ago

About The Role

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

What You'll Do

  • Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients
  • Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
  • Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
  • Assess security vulnerabilities against the appropriate security frameworks
  • First-level reviewer of drafted audit planning and reporting materials
  • Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
  • Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
  • Assess client provided documentation for compliance with a variety of standards
  • Prepare and review assessment reports.
  • Educate and interpret compliance activities for clients
  • Manage priorities and tasks to achieve delivery utilization targets
  • Ensure quality products and services are delivered on time per Coalfire quality standards.
  • Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations
  • Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
  • Establish and maintain positive collaborative relationships with clients and stakeholders
  • Identify upsell and cross sell opportunities; escalates to appropriate leadership
  • Execute, examine, interview and test procedures in accordance with the appropriate control
  • Ensure cyber security policies are adhered to and that required controls are implemented
  • Review and assess respective information system security plans to ensure control requirements are met
  • Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
  • Provide advice to customers on issues affecting the scope of work in a manner that provides additional value
  • Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls
  • Remote work environment
  • Travel up to 20%

What You'll Bring

  • Minimum 2-3 years of experience in the IT industry, with strong familiarity with the applicable NIST Special
  • Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience.
  • Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
  • Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
  • Ability to lead testing sessions for assigned controls
  • Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
  • Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
  • Read and interpret all control families
  • Read and interpret firewall rulesets and network/boundary/data flow diagrams
  • Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
  • Strong personal initiative to appropriately manage time and meet deadlines
  • Strong Consulting skills; ability to advise and challenge the status quoe while building strong relationships
  • Ability to build high-trust relationship and credibility quickly
  • High attention to detail
  • Ability to facilitate meetings to small or large groups
  • Diplomatic and broad minded
  • Strong technical researcher
  • Ability to travel up to 20%

Must have one of the following certs

  • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
  • Cybersecurity Analyst (CySA+)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Certified Information Systems Auditor (CISA)
  • Certified Information System Security Professional or Associate (CISSP or Associate)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Information Systems Security Officer (CISSO)
  • CyberSec First Responder (CFR)
  • CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
  • CompTIA Cloud+ (Cloud+)
  • Global Industrial Cyber Security Professional (GICSP)
  • Securing Cisco® Networks with Threat Detection Analysis (SCYBER)
  • BCR Cyber Technical Proficiency Testing Activity

Bonus Points

  • Expertise in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI).
  • Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
  • Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft.
  • Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements.

This listing was posted by a verified recruiter at Coalfire. Report this listing