Cybersecurity Consultant, FedRAMP Assessments

About The Position

Requirements

• Demonstrated ability to own and deliver complex security compliance assessment work with limited oversight.
• Minimum of 2 years of experience conducting security assessments within FedRAMP, DISA IL4/IL5/IL6 environments, or other frameworks based on NIST SP 800-53.
• Demonstrated experience interpreting security requirements, collecting and validating evidence, conducting stakeholder interviews, and documenting control assessments with audit-ready rigor.
• Strong written and verbal communication skills, including the ability to translate security/compliance requirements for technical and non-technical audiences.
• Must hold at least one of the certifications listed in the “Required Certifications (one or more)” section below.
• Must be a U.S. citizen.
• None Required clearance.

Nice To Haves

• Hands-on experience developing or assessing FedRAMP authorization packages and artifacts (e.g., SSP, SAP/SAR, RAR, POA&M), with a strong understanding of FedRAMP guidance and baseline requirements.
• Experience assessing cloud environments such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, along with common cloud service models (IaaS, PaaS, SaaS) and architectures.
• Experience utilizing governance, risk, and compliance (GRC) tools and managing evidence workflows throughout the assessment lifecycle.
• Experience with industry security frameworks (e.g., ISO/IEC 27001, SOC 2, PCI DSS) and the ability to map and align controls across multiple frameworks.
• Proficiency in a scripting language such as Python or PowerShell is a significant plus but not a requirement for the role.

Responsibilities

• Execute and help lead NIST SP 800-53-based security assessments, with a primary focus on FedRAMP and/or DISA Impact Level IL4, IL5, and IL6 engagements.
• Lead and carry out assessment activities by defining scope, managing schedules, coordinating evidence requests, conducting interviews, and establishing testing approaches while ensuring timely progress to completion.
• Assess control implementation and effectiveness, identify gaps and risks, and define required remediation actions.
• Produce clear, accurate, and client ready deliverables including assessment workpapers, control evaluation narratives, findings, and POA&M inputs with strong attention to detail and audit rigor.
• Partner with client stakeholders (security, engineering, governance, and leadership) to gather evidence and explain assessment expectations and results.
• Perform quality assurance reviews of assessment artifacts developed by team members and provide mentorship to junior staff as needed.
• Contribute to the ongoing enhancement of FITS assessment processes, templates, and internal knowledge resources supporting federal cloud compliance.

Benefits

• Health coverage for employees and their dependents (including domestic partners)
• Dental coverage for employees and their dependents (including domestic partners)
• Vision coverage for employees and their dependents (including domestic partners)
• Matching 401(K)
• Short/long term disability
• Life insurance
• Parental leave
• Paid time off accrues at a starting rate of 15 days/year, increasing with tenure.
• 10 paid holidays (for employees working for clients in Washington state)
• Up to $5,000 annually for professional development, including reimbursement of job-related training classes, seminars, tuition, and certification expenses.