Security Consultant | Remote US

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

The Security Consultant participates in compliance-related engagements identifying gaps, advising, developing compliance documentation, and evaluating the security and compliance of client systems and services to meet regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a developing understanding of framework requirements, perform security evaluations and/or consulting, and develop reports for clients. They will collaborate with Project Managers, Directors and other Delivery team members to effectively execute project timelines and associated deliverables.

What You'll Do

• Conduct advisory projects including workshops, gap analyses, system security plan development, policies and procedures development, risk assessments, and other consulting services as required.
• Prepare compliance documentation and/or reporting.
• Collect and interpret information provided by clients, map to appropriate requirements and collaborate with project leads to determine overall level of compliance.
• Manage priorities and tasks to achieve delivery utilization targets.
• Ensure quality products and services are delivered on time.
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish and maintain positive collaborative relationships with clients and stakeholders
• Provide IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, 800-171, OMB memos, ISO, HITRUST, HIPAA, PCI, or other authoritative IT security guidance.
• Assist with the development of System Security Plans, Configuration Management, IT Contingency, and Incident Response Plans Information System Security Policies, Rules of Behavior, Privacy Impact Analyses, and FIPS 199 categorization in accordance with NIST requirements
• Assist with the development of ISO, HITRUST, HIPAA, or PCI related documentation and prepare customers for associated assessments.
• Assist with the identification of information security problems and challenges and research and develop technical solutions to rectify them
• Interpret and provide guidance on all non-technical FedRAMP security controls.
• Travel 25%
• Remote or Standard office environment

What You'll Bring

• 3+ years of experience as a consultant within professional IT services
• Bachelor's degree in (four-year college or university) in IT or business, or equivalent combination of education and work experience
• Working knowledge of virtualization or cloud technologies
• Working knowledge of client-server and traditional on-premises architecture
• Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
• Knowledge of information security related solutions, tools, and utilities
• 2+ years of experience working with one or more of the following:
• Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS)
• ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019)
• ISO/IEC ISO/IEC 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• HITRUST framework
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• FISMA
• FedRAMP
• DoD RMF
• Dependent on the framework(s) you will be supporting you must have one or more of the following:
• ISO: ISO/IEC 27001 Lead Auditor
• Healthcare: Certified CSF Practitioner = CCSFP
• PCI: Qualified Security Assessor (QSA)
• FedRAMP: At least one of the “preferred” certifications listed below

Bonus Points

• Security+
• Certified Information Systems Auditor (CISA)
• Certificate of Cloud Security Knowledge (CCSK)
• ISO 9001:2015 Lead Auditor
• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional (CIPP/US)
• CAP
• CISM
• CCSP
• CRISC
• CCISO
• AWS/GCP/Azure specific certifications

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].