Senior FedRAMP Cloud Consultant

2 months ago
Full-time
Senior
DevOps and Infrastructure
Coalfire

Coalfire

Coalfire is a cybersecurity advisor that helps organizations avert threats, reduce risk, and turn security into a competitive advantage, fueling their success.

Internet Software & Services
251-1K
Founded 2001
$9M raised

Description

  • Provide advisory support to customers on issues affecting the scope of work and recommend ways to improve security posture.
  • Lead audits and assessments, including audit plan preparation, documentation and evidence review, procedure evaluation, and client interviews.
  • Prepare, review, and approve assessment reports and other deliverables.
  • Manage project priorities, tasks, and hours with the project manager to support delivery and utilization targets.
  • Escalate client and project issues to management in a timely manner and coordinate resources to resolve them.
  • Mentor team members in audit, assessment, technical review, and writing.
  • Interface with clients throughout the engagement and maintain collaborative relationships with clients and stakeholders.
  • Draft audit programs and conduct walkthroughs to determine conformity against stated requirements.
  • Assess security vulnerabilities against relevant security frameworks and corroborate conclusions through inquiry procedures.
  • Inspect evidence remotely and offline, capture detailed interview notes, and mark artifacts needing follow-up or clarification.

Requirements

  • Bachelor's degree in IT, business, or an equivalent combination of education and work experience.
  • 5-10 years of experience as a consultant within professional IT services.
  • Current certification in one of the following: CISSP, CISA, CISM, CCSP, CFR, CCISO, GCED, GCIH, or GSLC.
  • Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF.
  • Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53, and 800-171.
  • Experience delivering Certification and Accreditation (C&A) or Assessment and Authorization (A&A) packages that achieved and maintained full ATO.
  • Experience with virtualization or cloud technologies.
  • Familiarity with statutes and regulations across multiple industries relevant to IT, such as SOX 404, HIPAA, FedRAMP, GLB, and the Patriot Act.
  • Knowledge of AWS, Azure, and GCP cloud offerings is required.
  • Excellent verbal and written communication skills.
  • Ability and willingness to travel up to 20%.
  • Preferred: familiarity with the Canadian Centre for Cyber Security Protected B framework and the DOD CMMC process.
  • Preferred: cloud security-focused certifications such as AWS, Azure, or CCSK.

Benefits

  • Competitive salary range of $86,000 to $148,000 per year.
  • Annual incentive, commission, and/or recognition program eligibility.
  • Flexible work model with the ability to choose when and where you work, including remote options.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

GRC Specialist (GCC / GCCH)

Axiom 11-50 IT Services

The GRC Specialist at this company supports client governance, risk management, and CMMC compliance by scoping environments, guiding documentation, and helping ensure assessments are passed through accurate, consistent execution.

Cybersecurity
1 day, 17 hours ago

Cybersecurity Preparedness Support Expert (Intermediate / Senior)

inventYOU 1-10 Internet Software & Services

inventYOU is hiring Cybersecurity Preparedness Support Experts to support security readiness and risk analysis for complex environments.

Cybersecurity Penetration Testing
2 days, 17 hours ago

Professional Services Engineer - DOW Skillbridge Approved

Corelight 251-1K IT Services

Corelight is hiring a Professional Services team member to help customers deploy and use its cybersecurity products while improving network security and supporting incident investigations and integrations.

Bash Cybersecurity Elasticsearch Kafka Linux Logstash macOS Perl PowerShell Python SIEM Splunk TCP/IP Unix
3 days, 16 hours ago

Penetration Tester

Accenture 100K+ Professional Services

Accenture Federal Services is seeking a Penetration Tester to lead and execute a unified penetration-testing program across network, application, and cloud environments for federal clients.

Burp Suite DevSecOps Metasploit Penetration Testing SOC
3 days, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers