Job description

What You'll Do - Partner with a team of assessors as a compliance subject matter expert in at least one domain and contribute to client assessment planning - Draft audit programs that address both regulatory requirements and the complexity of client environments. - Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements - Analyze security vulnerabilities against the appropriate security frameworks - Perform remote reviews of client-provided documentation; identify and flag items for follow-up or clarification - Evaluate client evidence for compliance across various standards - Prepare, review, and contribute to formal assessment reports - Clearly communicate compliance concepts and recommendations to clients - Ensure high-quality deliverables are provided on time, aligned with Coalfire's standards - Pursue ongoing professional development; maintain current industry certifications and subject matter expertise - Execute assessment procedures, including interviews and technical testing, aligned with applicable controls - Review and assess respective information system security plans (SSP) to ensure control requirements are met - Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable - Take ownership of assigned responsibilities, demonstrating accountability and initiative in driving tasks to completion with minimal oversight. - Apply analytical thinking to identify trends, evaluate compliance effectiveness, and support data-driven decision-making. - Actively contribute to the evolution of compliance assessment practices, providing input and feedback to enhance methodology. - Collaborate with internal teams to develop tools, templates, and repeatable processes that streamline workflows and increase operational efficiency. - Is team oriented and supports the overall teams development and contributes to the culture What You'll Bring - Minimum 2-3 years of experience in the Cloud Technology or IT Audit industry, - Strong familiarity with the NIST Special Publications 800-37, 800-53, and 800-53A desired - Familiarity with major cloud service offerings (AWS, Azure, Google Cloud) - Read and interpret all NIST control families, understand risks associated with specific controls. - Familiarity with or other comparable frameworks (PCI, SOC, HITRUST etc) authorization process. - Growing ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations - Proficient ability to assist with artifact collection and validation against requirements - Basic proficiency at interpreting technical evidence like cloud configurations and network/boundary/data flow diagrams - Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience - Strong personal initiative to appropriately manage time and meet deadlines - Strong Consulting skills: ability to advise, challenge the status quo while building strong relationships, credible writing and verbal communicator - High attention to detail - Diplomatic and broad minded - Ability to travel up to 20% Bonus Points - CISSP (or Associate), CISA, CCSP, Cloud+, CySA+, CASP+, or other R311 required "3PAO Junior Assessor" cybersecurity certification. BCR desired completion, but not required. - Cloud certifications demonstrating basic cloud proficiency preferred: AWS Cloud Practitioner, Azure Fundamentals, Google Foundational - Expertise in other security frameworks area positive but not required (SOC 2, ISO, NIST RMF or FISMA, COBIT, HIPAA/HITECH, HITRUST or PCI). - Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) - Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating  systems in a cloud environment, including UNIX and Microsoft.

Requirements