Senior Consultant - FedRAMP Assessment

3 weeks, 5 days ago
Full-time
Senior
Cybersecurity
Coalfire

Coalfire

Coalfire is a cybersecurity advisor that helps organizations avert threats, reduce risk, and turn security into a competitive advantage, fueling their success.

Internet Software & Services
251-1K
Founded 2001
$9M raised

Description

  • Advise clients on issues affecting the scope of work and provide value-added guidance.
  • Lead audits and assessments, including audit plan preparation, document and evidence review, procedure evaluation, and client interviews.
  • Develop documentation and recommendations to improve customer security posture in accordance with relevant controls.
  • Prepare, review, and approve assessment reports.
  • Manage project priorities, tasks, and hours with the project manager to meet delivery utilization targets.
  • Escalate client and project issues to management in a timely manner.
  • Provide mentorship to team members in audit, assessment, technical review, and writing.
  • Maintain client and stakeholder relationships throughout the engagement.
  • Draft audit programs that address regulatory objectives and the complexity of the client environment.
  • Conduct walkthroughs, evidence inspections, and conformity assessments against stated requirements.

Requirements

  • Bachelor's degree in IT, business, or an equivalent combination of education and work experience.
  • 5-10 years of experience as a consultant within professional IT services.
  • Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF.
  • Strong knowledge of NIST Special Publications 800-30, 800-37, and 800-53.
  • Experience delivering Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that achieved and maintained full authorization to operate (ATO).
  • Experience with virtualization or cloud technologies.
  • Familiarity with statutes and regulations across multiple industries relevant to IT, such as SOX 404, HIPAA, FedRAMP, GLB, and the Patriot Act.
  • Knowledge of information security-related solutions, tools, and utilities.
  • Excellent verbal and written communication skills.
  • Active CISSP certification and one of the listed supporting certifications such as CISA, CSSLP, GCIH, GSNA, GCIA, CySA+, CASP+, or similar.
  • Ability and willingness to travel up to 20%.
  • Cloud security-focused certifications such as AWS, Azure, or CCSK are preferred.

Benefits

  • Remote work environment with a flexible work model.
  • Annual incentive, commission, and/or recognition program eligibility.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.
  • Employee resource groups and access to in-person and virtual events.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

GRC Specialist (GCC / GCCH)

Axiom 11-50 IT Services

The GRC Specialist at this company supports client governance, risk management, and CMMC compliance by scoping environments, guiding documentation, and helping ensure assessments are passed through accurate, consistent execution.

Cybersecurity
1 day, 17 hours ago

Cybersecurity Preparedness Support Expert (Intermediate / Senior)

inventYOU 1-10 Internet Software & Services

inventYOU is hiring Cybersecurity Preparedness Support Experts to support security readiness and risk analysis for complex environments.

Cybersecurity Penetration Testing
2 days, 17 hours ago

Professional Services Engineer - DOW Skillbridge Approved

Corelight 251-1K IT Services

Corelight is hiring a Professional Services team member to help customers deploy and use its cybersecurity products while improving network security and supporting incident investigations and integrations.

Bash Cybersecurity Elasticsearch Kafka Linux Logstash macOS Perl PowerShell Python SIEM Splunk TCP/IP Unix
3 days, 16 hours ago

Penetration Tester

Accenture 100K+ Professional Services

Accenture Federal Services is seeking a Penetration Tester to lead and execute a unified penetration-testing program across network, application, and cloud environments for federal clients.

Burp Suite DevSecOps Metasploit Penetration Testing SOC
3 days, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers