Security Consultant, FedRAMP Assessment

Role OverviewThe Security Consultant will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a strong understanding of framework requirements, perform audit/assessments, and develop reports for clients.What You Will DoWork collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients. Draft audit observations, autonomously lead interview and inquiry walkthroughs with clients, and assess security vulnerabilities against the appropriate security frameworks.Why It Might Be a FitMust have strong written and verbal communication skills, ability to explain technical matters to a non-technical audience, and strong personal initiative to appropriately manage time and meet deadlines. Ability to build high-trust relationship and credibility quickly, and high attention to detail.RequirementsMinimum 2-3 years of experience in the IT industryBachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experiencePublications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control familiesAbility to lead testing sessions for assigned controlsAbility to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementationsAbility to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirementsRead and interpret all control familiesRead and interpret firewall rulesets and network/boundary/data flow diagramsStrong written and verbal communication skills including the ability to explain technical matters to a non-technical audienceStrong personal initiative to appropriately manage time and meet deadlinesStrong Consulting skills; ability to advise and challenge the status quo while building strong relationshipsAbility to build high-trust relationship and credibility quicklyHigh attention to detailAbility to facilitate meetings to small or large groupsDiplomatic and broad-mindedStrong technical researcherAbility to travel up to 20%Must have one of the following certs: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco Networks with Threat Detection Analysis (SCYBER), BCR Cyber Technical Proficiency Testing ActivityBenefitsPaid parental leaveFlexible time offCertification and training reimbursementDigital mental health and wellbeing support membershipComprehensive insurance optionsOriginally posted on Himalayas