Consultant, FedRAMP Advisory | Remote US

United States
Advisory Services – Compliance Advisory /
Regular Full Time /
About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.  

But that’s not who we are – that’s just what we do. 

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.   

And we’re growing fast. 

We are looking for a Consultant to join Coalfire's FedRAMP Advisory team.

Job Summary

As a Consultant on our FedRAMP Advisory team, you'll participate in compliance-related engagements identifying gaps, advising, developing compliance documentation, and evaluating the security and compliance of client systems and services to meet regulatory and industry requirements and standards, and against security best practice frameworks. In this role, you will have a developing understanding of framework requirements, perform security evaluations and/or consulting, and develop reports for clients. You will collaborate with Project Managers, Directors and other Delivery team members to effectively execute project timelines and associated deliverables.

What You'll Do

    • Conduct advisory projects including workshops, gap analyses, system security plan development, policies and procedures development, risk assessments, and other consulting services as required.
    • Prepare compliance documentation and/or reporting.
    • Collect and interpret information provided by clients, map to appropriate requirements and collaborate with project leads to determine overall level of compliance.
    • Manage priorities and tasks to achieve delivery utilization targets.
    • Ensure quality products and services are delivered on time.
    • Ensure continuous professional development by maintaining industry specific certifications.
    • Maintain strong depth of knowledge in the practice area.
    • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
    • Establish and maintain positive collaborative relationships with clients and stakeholders
    • Interpret and provide guidance on all technical and non-technical FedRAMP security controls.
    • Provide IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, OMB, ISO, HITRUST, HIPAA, PCI, or other authoritative IT security guidance.
    • Assist with the development of System Security Plans, Associated Plans, Information System Security Policies, Rules of Behavior, Privacy Impact Analyses, and FIPS 199 categorization in accordance with NIST requirements
    • Assist with the development of ISO, HITRUST, HIPAA, or PCI related documentation and prepare customers for associated assessments.
    • Assist with the identification of information security problems and challenges and research and develop technical solutions to rectify them
    • Interpret and provide guidance on all technical and non-technical FedRAMP security controls.

What You'll Bring

    • 3+ years of experience as a consultant within professional IT services
    • 2+ years of experience working with one or more of the following: National Institute of Standards and Technology (NIST) frameworks (800 series), FISMA, FedRAMP, DoD RMF
    • Working knowledge of virtualization or cloud technologies
    • Working knowledge of client-server and traditional on-premises architecture
    • Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
    • Knowledge of information security related solutions, tools, and utilities
    • Bachelor's degree in (four-year college or university) in IT or business, or equivalent combination of
    • education and work experience

Bonus Points

    • Security+
    • Certified Information Systems Auditor (CISA)
    • Certificate of Cloud Security Knowledge (CCSK)
    • ISO 9001:2015 Lead Auditor
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Privacy Professional (CIPP/US)
    • CAP
    • CISM
    • CCSP
    • CRISC
    • CCISO
    • AWS/GCP/Azure specific certifications
Why You'll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $64,000 to $112,00 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.