Consultant, FedRAMP Assessment

About The Position

Requirements

• Minimum 2-3 years of experience in the IT industry, with strong familiarity with the applicable NIST Special Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
• Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
• Ability to lead testing sessions for assigned controls
• Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
• Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
• Read and interpret all control families
• Read and interpret firewall rulesets and network/boundary/data flow diagrams
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
• Strong personal initiative to appropriately manage time and meet deadlines
• Strong Consulting skills; ability to advise and challenge the status quoe while building strong relationships
• Ability to build high-trust relationship and credibility quickly
• High attention to detail
• Ability to facilitate meetings to small or large groups
• Diplomatic and broad minded
• Strong technical researcher
• Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience

Nice To Haves

• Expertise in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI).
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft.
• Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements.
• A2LA R311 certification:
• CISSP
• Product specific cloud certifications (such as AWS, Google, Microsoft, IBM)
• CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Leadership (GSLC)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP)
• CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
• CISSP-Information Systems Security Management Professional (CISSP-ISSMP)
• CyberSec First Responder (CFR)
• Certified Chief Information Security Officer (CCISO)
• Baltimore Cyber Range (BCR) Cyber Technical Proficiency Testing Activity

Responsibilities

• Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients
• Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
• Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
• Assess security vulnerabilities against the appropriate security frameworks
• First-level reviewer of drafted audit planning and reporting materials
• Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
• Assess client provided documentation for compliance with a variety of standards
• Prepare and review assessment reports.
• Educate and interpret compliance activities for clients
• Manage priorities and tasks to achieve delivery utilization targets
• Ensure quality products and services are delivered on time per Coalfire quality standards.
• Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations
• Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish and maintain positive collaborative relationships with clients and stakeholders
• Identify upsell and cross sell opportunities; escalates to appropriate leadership
• Execute, examine, interview and test procedures in accordance with the appropriate control
• Ensure cyber security policies are adhered to and that required controls are implemented
• Review and assess respective information system security plans to ensure control requirements are met
• Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
• Provide advice to customers on issues affecting the scope of work in a manner that provides additional value
• Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls

Benefits

• paid parental leave
• flexible time off
• certification and training reimbursement
• digital mental health and wellbeing support membership
• comprehensive insurance options