Coalfire

Coalfire

Coalfire is a cybersecurity advisor that helps organizations avert threats, reduce risk, and turn security into a competitive advantage, fueling their success.

Internet Software & Services
251-1K
Founded 2001
$9M raised

Description

  • Manage the POA&M lifecycle, including creation, tracking, risk adjustment justification, and deviation requests with 3PAO assessors and federal stakeholders.
  • Collect, organize, and maintain security control evidence and artifacts for continuous monitoring and assessment/authorization activities.
  • Maintain accurate system inventory and authorization boundary documentation to keep scanning scope aligned with approved boundaries.
  • Analyze scan results, identify false positives, document justifications, and prepare deviation requests with supporting risk assessments.
  • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, including monthly status briefings.
  • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments, and container/Kubernetes platforms.
  • Participate in change management processes to keep continuous monitoring aligned with system changes and compliance posture.
  • Support enterprise vulnerability management tools, including updates, patches, and ongoing operation of scanning and reporting workflows.
  • Run regular and on-demand scans across operating systems, databases, web applications, and containers, and coordinate remediation ticketing with technical teams.
  • Track vendor dependencies, operational requirements, and open vulnerabilities, and produce monthly client reports and updates.
  • Improve internal standards, documentation, training materials, and standard operating procedures.

Requirements

  • 3–5 years of professional experience in vulnerability management, compliance monitoring, or related security operations roles.
  • Hands-on expertise with operating system, database, network, container, web application, and API vulnerability management.
  • Experience supporting vulnerability management in at least two cloud providers: AWS, Azure, or GCP.
  • Experience working within at least one compliance framework such as FedRAMP, HITRUST, or PCI, including risk assessment and reporting.
  • Experience delivering monthly or periodic vulnerability status reports and tracking remediation efforts with internal and external teams.
  • Administrator-level certification in AWS, Azure, or GCP.
  • Working knowledge of cloud architecture and security controls in AWS, Azure, or GCP, including assessment of attack surfaces and cloud-native remediation approaches.
  • Strong knowledge of vulnerability scanning technologies and methods, including CVSS, CMSS, and risk prioritization frameworks.
  • Understanding of NIST 800-53 controls, especially RA-5, SI-2, and CM-6, and how continuous monitoring supports control implementation.
  • Experience with STIG benchmarks and automated compliance scanning tools such as SCAP and SCC.
  • Familiarity with baseline configuration standards such as CIS Benchmarks and vendor hardening guides.
  • Ability to distinguish false positives from true vulnerabilities and write risk-based deviation justifications.
  • Proficiency in scripting languages such as Python, PowerShell, or Bash for automation, report generation, and remediation workflows.
  • Strong client-facing communication and documentation skills, with the ability to present technical findings to federal stakeholders.
  • Ability to work effectively with cross-functional technical teams to investigate, prioritize, and coordinate remediation efforts.
  • Bachelor’s degree or equivalent work experience.
  • US citizenship is required due to client contractual requirements.
  • Preferred: security-focused cloud certifications for AWS, Azure, or GCP.
  • Preferred: CISSP certification.
  • Preferred: familiarity with container security scanning tools such as Trivy, Anchore, or Snyk and Kubernetes security postures.
  • Preferred: knowledge of software composition analysis (SCA) and static/dynamic application security testing (SAST/DAST) tools.
  • Preferred: familiarity with CI/CD security integration patterns and DevSecOps toolchains.

Benefits

  • Salary range of $78,000 to $135,000 per year.
  • Eligibility for annual incentive, commission, and/or recognition programs.
  • Flexible work model with the ability to choose when and where you work, including remote options.
  • Paid parental leave.
  • Flexible time off.
  • Certification and training reimbursement.
  • Digital mental health and wellbeing support membership.
  • Comprehensive insurance options.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Cyber Security Analyst I

CyberSheath 51-250 Internet Software & Services

CyberSheath Services International LLC is hiring a Cyber Security Analyst I to support its remote Security Operations team in monitoring client environments for the defense industrial base and responding to security threats.

Cybersecurity SIEM SOC
15 hours, 8 minutes ago

Senior GRC Analyst

Morgan & Morgan 1K-5K Specialized Consumer Services

Morgan & Morgan is hiring a Senior GRC Analyst to help build and run its Risk & Resilience program within Information Security, with end-to-end ownership of governance, risk, compliance, and awareness work across a national law firm.

15 hours, 8 minutes ago

Information Security Manager

HICX.com 51-250 Professional Services

HICX is hiring an Information Security Manager to lead its internal IT and security function, overseeing governance, compliance, incident response, privacy, and employee IT operations for a remote global SaaS business.

AWS Azure SIEM
15 hours, 23 minutes ago

Security Awareness Analyst

Monzo 1K-5K Banks

Monzo is hiring a part-time Security Awareness role to help the People Centred Security Squad create security processes and communications that protect customers while keeping the bank moving quickly.

Notion
16 hours, 8 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers