Job description

What You'll Do - Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients - Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment - Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements - Assess security vulnerabilities against the appropriate security frameworks - First-level reviewer of drafted audit planning and reporting materials - Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured - Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification - Assess client provided documentation for compliance with a variety of standards - Prepare and review assessment reports. - Educate and interpret compliance activities for clients - Manage priorities and tasks to achieve delivery utilization targets - Ensure quality products and services are delivered on time per Coalfire quality standards. - Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations - Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables. - Establish and maintain positive collaborative relationships with clients and stakeholders - Identify upsell and cross sell opportunities; escalates to appropriate leadership - Execute, examine, interview and test procedures in accordance with the appropriate control - Ensure cyber security policies are adhered to and that required controls are implemented - Review and assess respective information system security plans to ensure control requirements are met - Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable - Provide advice to customers on issues affecting the scope of work in a manner that provides additional value - Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls - Remote work environment - Travel up to 20% What You'll Bring - Minimum 2-3 years of experience in the IT industry, with strong familiarity with the applicable NIST Special - Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experiencePublications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5 - Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families - Ability to lead testing sessions for assigned controls - Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations - Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements - Read and interpret all control families - Read and interpret firewall rulesets and network/boundary/data flow diagrams - Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience - Strong personal initiative to appropriately manage time and meet deadlines - Strong Consulting skills; ability to advise and challenge the status quoe while building strong relationships - Ability to build high-trust relationship and credibility quickly - High attention to detail - Ability to facilitate meetings to small or large groups - Diplomatic and broad minded - Strong technical researcher - Ability to travel up to 20% Bonus Points - Expertise in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI). - Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) - Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating  systems in a cloud environment, including UNIX and Microsoft. - Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements.

Requirements