CMMC Assessment Consultant

Fortreum•Leesburg, VA

About The Position

Fortreum is a trusted leader in cloud and cybersecurity services, ranked in the Top 5 FedRAMP Third Party Assessment Organizations (3PAO). We provide independent, third-party and vendor-agnostic regulatory assessment and advisory services, coupled with advanced cybersecurity offensive and compliance technical services to our clients. Our comprehensive service portfolio includes regulatory compliance (FedRAMP, FISMA, SOC, ISO, HIPAA, CMMC, PCI) and technical security services (Penetration Testing, Red Teaming, Social Engineering, Attack Surface Analysis and others). Working with Fortune 500 companies and leading cloud service providers, we've built our reputation on our service-delivery excellence and unwavering commitment to client success. Our rapid growth creates exceptional opportunities for driven professionals to make their mark in the cybersecurity industry with a focus on our core values: Quality matters most Customer-driven mindset Autonomy to do your job Personal accountability/stewardship The Opportunity On our team, you will have the opportunity to work with the best and brightest in the field. Fortreum team members have supported the biggest cloud providers in the world, and you will have the opportunity to work with the best. We are growing rapidly and are looking for candidates with a background in performing security assessments in support of CMMC, FedRAMP and NIST-based frameworks to support our growing customer base.

Requirements

Bachelor’s Degree or equivalent job experience
5+ years of professional services experience
3 years of assessment experience leveraging NIST SP 800-171
Have an Active DoD Secret Clearance
Proficient in Microsoft 365 product suite
CMMC LCCA or CCA certification
One of the following certifications: Certified Penetration Testing Engineer (CPTE) Certified Information Security Manager (CISM) Certified Chief Information Security Officer (CCISO) Certified Information Systems Security Professional, Information Systems Security Engineering Professional (CISSP-ISSEP) Federal IT Security Professional-Auditor (FITSP-A) GIAC Cloud Security Automation (GCSA) GIAC Security Leadership Certification (GSLC) Cybersecurity Analyst (CySA+) GIAC Systems and Network Auditor (GSNA) Certified Information Systems Auditor (CISA) Certified Information System Security Professional (CISSP) Certified Information Systems Security Officer (CISSO)

Nice To Haves

Ability to quickly take on new technologies and concepts
Ability to manage multiple priorities simultaneously
Proven analytical and problem-solving skills
Ability to develop and maintain strong relationships with team members and clients
Comfortable supporting fast-paced team environments
Advanced technical certifications, such as: AWS solutions architect, Google cloud engineer, Microsoft solutions architect

Responsibilities

Conducting interviews of key stakeholders and technical personnel
Performing technical tests alongside security engineers
Recording meeting minutes and maintain work papers
Maintain a consistent writing style and approach to documenting the results of the security assessment
Collaborate with delivery team members to drive customer satisfaction and meet project deliverables
Ensure quality products and services are delivered on time and within allotted hours
Establish and maintain positive collaborative relationships with clients and stakeholders
Continuous professional development in pursuing industry specific certifications
Consistently work to improve assessment interviewing techniques to establish efficiencies in gathering required information
Prepare deliverables and conduct peer-review of team member’s deliverables
Perform project out-briefs with clients to notify them of the outcome of their compliance activities
Manage priorities, tasks, and assigned hours on projects to achieve delivery utilization targets