Senior Associate Consultant, ELM
Harbor
Senior Consultant – FedRAMP Assessment
Coalfire
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $86,000 - $148,000 per year
Job Level
Senior
Tech Stack
CloudCyber Security
About the role
- Provides advice to customers on issues affecting the scope of work in a manner that provides additional value
- Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls
- Leads audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.
- Maintains strong depth of knowledge in one or more cybersecurity frameworks.
- Prepare, review and approve assessment reports.
- Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets.
- Ensures quality products and services are delivered on time.
- Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
- Provide mentorship to team members in areas of audit, assessment, technical review and writing.
- Interfaces with clients through entire engagement, interacting with all levels of client organizations
- Establish and maintain positive collaborative relationships with clients and stakeholders
- Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
- Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
- Establishes account relationships and identifies upsell and cross sell opportunities and escalates to sales.
- Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
- Leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
- Assess security vulnerabilities against the appropriate security frameworks
- Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
- Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
- Educate and interpret compliance activities for clients
- Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
- Remote work environment
- Travel 20%
Requirements
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
- Five to ten (5-10) years of experience as a consultant within professional IT services
- Deep experience with government compliance, including FISMA, FedRAMP, and DoD RMF
- Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53
- Experience with every step within the delivery of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have obtained and maintained full authorization to operate (ATO)
- Experience with virtualization or cloud technologies
- Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
- Knowledge of information security related solutions, tools, and utilities
- Excellent verbal and written skills
- Willing to travel up to 20%
- Must have an active CISSP and one of the following certifications:
- **
- - Cisco Certified Network Associate Security (CCNA Security)
- - Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops)
- - Cybersecurity Analyst (CySA+)
- - GIAC Certified Incident Handler (GCIH)
- - GIAC Systems and Network Auditor (GSNA)
- - GIAC Certified Intrusion Analyst (GCIA)
- - Certified Information Systems Auditor (CISA)
- - Certified Information System Security Professional or Associate (CISSP or Associate)
- - Certified Secure Software Lifecycle Professional (CSSLP)
- - Certified Information Systems Security Officer (CISSO)
- - CyberSec First Responder (CFR)
- - CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE)
- - CompTIA Cloud+ (Cloud+)
- - Global Industrial Cyber Security Professional (GICSP)
- - Securing Cisco® Networks with Threat Detection Analysis (SCYBER)
- - BCR Cyber Technical Proficiency Testing Activity
Benefits
- paid parental leave
- flexible time off
- certification and training reimbursement
- digital mental health and wellbeing support membership
- comprehensive insurance options
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurity frameworksaudit preparationsecurity assessmentssecurity vulnerabilitiesdocumentation reviewCertification and Accreditation (C&A)Assessment and Authorization (A&A)cloud technologiesinformation security solutionsquality assurance
Soft skills
customer engagementmentorshipcollaborationcommunicationproblem-solvingrelationship buildingproject managementtime managementteam leadershipadaptability
Certifications
CISSPCCNA SecurityCCNA Cyber OpsCySA+GCIHGSNAGCIACISACSSLPCISSO
