Key skills
Cyber SecurityLeadershipCommunicationFirewall
About this role
Role Overview
- Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients
- Draft audit observations that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
- Autonomously lead interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
- Assess security vulnerabilities against the appropriate security frameworks
- First-level reviewer of drafted audit planning and reporting materials
- Pursue and corroborate conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
- Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
- Assess client provided documentation for compliance with a variety of standards
- Prepare and review assessment reports.
- Educate and interpret compliance activities for clients
- Manage priorities and tasks to achieve delivery utilization targets
- Ensure quality products and services are delivered on time per Coalfire quality standards.
- Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations
- Collaborate with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
- Establish and maintain positive collaborative relationships with clients and stakeholders
- Identify upsell and cross sell opportunities; escalates to appropriate leadership
- Execute, examine, interview and test procedures in accordance with the appropriate control
- Ensure cyber security policies are adhered to and that required controls are implemented
- Review and assess respective information system security plans to ensure control requirements are met
- Understand how to apply quality standards and adhere to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
- Provide advice to customers on issues affecting the scope of work in a manner that provides additional value
- Develop documentation and author recommendations associated with findings on how to improve the customer’s security posture in accordance with appropriate controls
Requirements
- Minimum 2-3 years of experience in the IT industry
- strong familiarity with the applicable NIST Special Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
- Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
- Ability to lead testing sessions for assigned controls
- Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
- Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
- Read and interpret all control families
- Read and interpret firewall rulesets and network/boundary/data flow diagrams
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Strong personal initiative to appropriately manage time and meet deadlines
- Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
- Ability to build high-trust relationship and credibility quickly
- High attention to detail
- Ability to facilitate meetings to small or large groups
- Diplomatic and broad minded
- Strong technical researcher
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
Tech Stack
- Cyber Security
Benefits
- paid parental leave
- flexible time off
- certification and training reimbursement
- digital mental health and wellbeing support membership
- comprehensive insurance options