What You'll Do
- Directly manage and mentor consultants, fostering a culture of accountability, collaboration, and continuous improvement.
- Provide day-to-day leadership, coaching, and performance feedback to team members aligned with project and practice expectations.
- Support team member onboarding, training, and ongoing skills development.
- Assist with resourcing decisions, workload planning, project margin and utilization management.
- Support advisory engagements across the full project lifecycle, including planning, execution, review, and closure.
- Maintain clear, professional communication with client stakeholders at multiple levels.
- Escalate project risks, issues, or resourcing concerns in a timely and effective manner.
- Partner with internal delivery, quality, and sales teams to ensure client satisfaction and successful outcomes.
- Identify potential upsell and cross-sell opportunities and escalate them to appropriate sales stakeholders.
- Execute and oversee compliance assessments aligned with recognized frameworks, including but not limited to FedRAMP, CMMC, DISA Cloud SRG, and various international frameworks noted in the description above.
- Lead and perform interviews, examinations, and testing procedures to validate control implementation.
- Develop, review, and maintain IT security documentation, including policies, procedures, risk assessments, and supporting artifacts.
- Advise clients on improving security programs, compliance posture, and risk management practices.
- Support IT system security initiatives for both cloud-based and on-premises environments.
- Perform quality reviews of project deliverables to ensure accuracy, completeness, and alignment with framework requirements.
- Mentor project teams on compliance methodologies, technical standards, and professional writing.
- Stay current with industry trends, emerging risks, and evolving compliance requirements.
- Contribute to the development and maintenance of internal policies, procedures, tools, and training materials.
People Management
Client Engagement & Project Delivery
Technical Execution
Quality, Knowledge & Practice Contribution
What You'll Bring
- Minimum of 5 years or more of working experience in information technology, information security, technical assessment, or audits
- Substantial knowledge of security control requirements (NIST, FISMA, FedRAMP, CMMC, DoD, etc.) and how they overlap with additional frameworks
- Significant experience in understanding and applying relevant technical knowledge in FISMA/FedRAMP and other compliance framework assessments within moderate and large hyperscale CSP environments
- Knowledge in conducting multi-framework consolidated compliance assessment activities
- Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection
- Experience with virtualization and cloud technologies
- Experience with client-server and traditional on-premises architecture
- Familiarity with statutes and regulations across multiple industries relevant to IT
- Demonstrated ability to lead moderately complex system assessments/consulting engagements independently
- Demonstrated ability to assist team members with proper artifact collection and interviewing clients to ascertain control implementation details
- Demonstrated ability to read and interpret all control families
- Demonstrated ability to read and interpret firewall rulesets and to create network/boundary/data flow diagrams
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Strong consulting skills; ability to advise and challenge the status quo while building strong relationships
- Ability to build high-trust relationship and credibility quickly
- Ability to lead projects successfully and delegate up and across
- Strong attention to detail
- Strong problem solving, decision making, organizational and analytical skills
- Ability to prioritize and manage multiple initiatives/projects.
- Ability to be self-driven and have strong independent initiative.
- Strong excel skills with ability to develop worksheets with complex formulas
- Ability to facilitate meetings to small or large groups
- Diplomatic and broad minded
- Ability to lead teams small to large teams in the assessment and internal environments
- Ability to speak to Cloud Service Providers to resolve issues and come to a conclusion of the assessment
- At least one of the following Advanced certifications or equivalent in cybersecurity or cloud: CISSP, CISA, CISM, CAP, CRISC, CMMC CCP, and/or cloud specific certification (AWS,GCP, or Azure) or specialty certification in security
- Bachelor's degree (four-year college or university) or equivalent education and experience
Bonus Points
- Strong knowledge of container-based architectures
- Knowledge of various cloud environments, including AWS, GCP, and Azure.
- Bachelors of Science degree in a technical field (CIS, MIS, IT, Engineering, or related field)
Skills Required
- Minimum of 5 years experience in information technology, information security, technical assessment, or audits
- Substantial knowledge of security control requirements (NIST, FISMA, FedRAMP, CMMC, DoD)
- Experience performing FISMA/FedRAMP and other compliance framework assessments in moderate and large hyperscale CSP environments
- Experience conducting multi-framework consolidated compliance assessments
- Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection
- Experience with virtualization and cloud technologies
- Experience with client-server and traditional on-premises architecture
- Familiarity with statutes and regulations across multiple industries relevant to IT
- Demonstrated ability to lead moderately complex system assessments/consulting engagements independently
- Ability to assist team members with artifact collection and client interviews to ascertain control implementation
- Ability to read and interpret all control families
- Ability to read and interpret firewall rulesets and create network/boundary/data flow diagrams
- Strong written and verbal communication skills, including explaining technical matters to non-technical audiences
- Strong consulting skills; ability to advise and challenge the status quo while building relationships
- Ability to build high-trust relationships and credibility quickly
- Ability to lead projects successfully and delegate up and across
- Strong attention to detail
- Strong problem solving, decision making, organizational and analytical skills
- Ability to prioritize and manage multiple initiatives/projects
- Self-driven with strong independent initiative
- Strong Excel skills with ability to develop worksheets with complex formulas
- Ability to facilitate meetings for small or large groups
- Diplomatic and broad minded
- Ability to lead small to large teams in assessment and internal environments
- Ability to engage with Cloud Service Providers to resolve assessment issues
- At least one advanced certification (CISSP, CISA, CISM, CAP, CRISC, CMMC CCP) or cloud-specific certification (AWS, GCP, Azure) or equivalent
- Bachelor's degree (four-year college or university) or equivalent education and experience
- Strong knowledge of container-based architectures
- Knowledge of various cloud environments, including AWS, GCP, and Azure (depth beyond basic experience)
- Bachelors of Science degree in a technical field (CIS, MIS, IT, Engineering, or related field)
Coalfire Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Coalfire and has not been reviewed or approved by Coalfire.
-
Leave & Time Off Breadth — Flexible paid time off and paid parental leave are prominently offered, with remote/WFH support enabling time away when workload allows.
-
Healthcare Strength — Comprehensive medical, dental, vision, wellness resources, and an EAP are part of the core package. Carrier coverage and plan options are regularly highlighted across employer materials.
-
Retirement Support — A company‑matched 401(k) is included alongside other financial and development perks. This retirement benefit is consistently featured across benefits overviews.
Coalfire Insights
What We Do
Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. By providing independent and tailored advice, assessments, technical testing, and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives, and fuel their continued success. Coalfire has been a cybersecurity thought leader for more than 20 years and has offices throughout the United States and Europe.

.png)






