CMMC Assessment Consultant

Fortreum•Leesburg, VA

1d•Hybrid

About The Position

Fortreum is a trusted leader in cloud and cybersecurity services, ranked in the Top 5 FedRAMP Third Party Assessment Organizations (3PAO). The company provides independent, third-party and vendor-agnostic regulatory assessment and advisory services, coupled with advanced cybersecurity offensive and compliance technical services to clients, including Fortune 500 companies and leading cloud service providers. Their comprehensive service portfolio includes regulatory compliance (FedRAMP, FISMA, SOC, ISO, HIPAA, CMMC, PCI) and technical security services (Penetration Testing, Red Teaming, Social Engineering, Attack Surface Analysis and others). Fortreum is experiencing rapid growth and is seeking candidates with a background in performing security assessments in support of CMMC, FedRAMP, and NIST-based frameworks. The company emphasizes core values such as quality, a customer-driven mindset, autonomy, and personal accountability. This role offers the opportunity to work with top professionals in the cybersecurity field, supporting major cloud providers.

Requirements

Bachelor’s Degree or equivalent job experience
5+ years of professional services experience
3 years of assessment experience leveraging NIST SP 800-171
Have an Active DoD Secret Clearance or a fully adjudicated T3
Proficient in Microsoft 365 product suite
CMMC LCCA or CCA certification
One of the following certifications: Certified Penetration Testing Engineer (CPTE), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), Certified Information Systems Security Professional, Information Systems Security Engineering Professional (CISSP-ISSEP), Federal IT Security Professional-Auditor (FITSP-A), GIAC Cloud Security Automation (GCSA), GIAC Security Leadership Certification (GSLC), Cybersecurity Analyst (CySA+), GIAC Systems and Network Auditor (GSNA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Information Systems Security Officer (CISSO)

Nice To Haves

Ability to quickly take on new technologies and concepts
Ability to manage multiple priorities simultaneously
Proven analytical and problem-solving skills
Ability to develop and maintain strong relationships with team members and clients
Comfortable supporting fast-paced team environments
Advanced technical certifications, such as: AWS solutions architect, Google cloud engineer, Microsoft solutions architect

Responsibilities

Conducting interviews of key stakeholders and technical personnel
Performing technical tests alongside security engineers
Recording meeting minutes and maintain work papers
Maintain a consistent writing style and approach to documenting the results of the security assessment
Collaborate with delivery team members to drive customer satisfaction and meet project deliverables
Ensure quality products and services are delivered on time and within allotted hours
Establish and maintain positive collaborative relationships with clients and stakeholders
Continuous professional development in pursuing industry specific certifications
Consistently work to improve assessment interviewing techniques to establish efficiencies in gathering required information
Prepare deliverables and conduct peer-review of team member’s deliverables
Perform project out-briefs with clients to notify them of the outcome of their compliance activities
Manage priorities, tasks, and assigned hours on projects to achieve delivery utilization targets
Travel to client locations and deliver professional services (limited in nature)