Consultant, FedRAMP Assessment

What You'll Do

• Partner with a team of assessors as a compliance subject matter expert in at least one domain and contribute to client assessment planning
• Draft audit programs that address both regulatory requirements and the complexity of client environments.
• Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
• Analyze security vulnerabilities against the appropriate security frameworks
• Perform remote reviews of client-provided documentation; identify and flag items for follow-up or clarification
• Evaluate client evidence for compliance across various standards
• Prepare, review, and contribute to formal assessment reports
• Clearly communicate compliance concepts and recommendations to clients
• Ensure high-quality deliverables are provided on time, aligned with Coalfire's standards
• Pursue ongoing professional development; maintain current industry certifications and subject matter expertise
• Execute assessment procedures, including interviews and technical testing, aligned with applicable controls
• Review and assess respective information system security plans (SSP) to ensure control requirements are met
• Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
• Take ownership of assigned responsibilities, demonstrating accountability and initiative in driving tasks to completion with minimal oversight.
• Apply analytical thinking to identify trends, evaluate compliance effectiveness, and support data-driven decision-making.
• Actively contribute to the evolution of compliance assessment practices, providing input and feedback to enhance methodology.
• Collaborate with internal teams to develop tools, templates, and repeatable processes that streamline workflows and increase operational efficiency.
• Is team oriented and supports the overall teams development and contributes to the culture

What You'll Bring

• Minimum 2-3 years of experience in the Cloud Technology or IT Audit industry,
• Strong familiarity with the NIST Special Publications 800-37, 800-53, and 800-53A desired
• Familiarity with major cloud service offerings (AWS, Azure, Google Cloud)
• Read and interpret all NIST control families, understand risks associated with specific controls.
• Familiarity with  or other comparable frameworks (PCI, SOC, HITRUST etc) authorization process.
• Growing ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
• Proficient ability to assist with artifact collection and validation against requirements
• Basic proficiency at interpreting technical evidence like cloud configurations and network/boundary/data flow diagrams 
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience 
• Strong personal initiative to appropriately manage time and meet deadlines 
• Strong Consulting skills: ability to advise, challenge the status quo while building strong relationships, credible writing and verbal communicator 
• High attention to detail  
• Diplomatic and broad minded 
• Ability to travel up to 20%

Bonus Points

• CISSP (or Associate), CISA, CCSP, Cloud+, CySA+, CASP+, or other R311 required "3PAO Junior Assessor" cybersecurity certification. BCR desired completion, but not required.
• Cloud certifications demonstrating basic cloud proficiency preferred: AWS Cloud Practitioner, Azure Fundamentals, Google Foundational
• Expertise in other security frameworks area positive but not required (SOC 2, ISO, NIST RMF or FISMA, COBIT, HIPAA/HITECH, HITRUST or PCI).
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating  systems in a cloud environment, including UNIX and Microsoft.