Coalfire - Consultant, FedRAMP Assessment

• Minimum 2-3 years of experience in the IT industry, with strong familiarity with the applicable NIST Special Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5 • Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families • Ability to lead testing sessions for assigned controls • Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations • Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements • Read and interpret all control families • Read and interpret firewall rulesets and network/boundary/data flow diagrams • Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience • Strong personal initiative to appropriately manage time and meet deadlines • Strong Consulting skills; ability to advise and challenge the status quoe while building strong relationships • Ability to build high-trust relationship and credibility quickly • High attention to detail • Ability to facilitate meetings to small or large groups • Diplomatic and broad minded • Strong technical researcher • Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience • Possess one of the following certs: • ● Cisco Certified Network Associate Security (CCNA Security) • ● Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops) • ● Cybersecurity Analyst (CySA+) • ● GIAC Certified Incident Handler (GCIH) • ● GIAC Systems and Network Auditor (GSNA) • ● GIAC Certified Intrusion Analyst (GCIA) • ● Certified Information Systems Auditor (CISA) • ● Certified Information System Security Professional or Associate (CISSP or Associate) • ● Certified Secure Software Lifecycle Professional (CSSLP) • ● Certified Information Systems Security Officer (CISSO) • ● CyberSec First Responder (CFR) • ● CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE) • ● CompTIA Cloud+ (Cloud+) • ● Global Industrial Cyber Security Professional (GICSP) • ● Securing Cisco® Networks with Threat Detection Analysis (SCYBER) • ● BCR Cyber Technical Proficiency Testing Activity • Expertise in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI). • Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) • Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating  systems in a cloud environment, including UNIX and Microsoft. • Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements. • A2LA R311 certification: • CompTIA Advanced Security Practitioner (CASP+) Continuing Education (CE) • GIAC Certified Enterprise Defender (GCED) • GIAC Certified Incident Handler (GCIH) • GIAC Security Leadership (GSLC) • Certified Information Systems Auditor (CISA) • Certified Information Security Manager (CISM) • Certified Cloud Security Professional (CCSP) • CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP) • CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP) • CISSP-Information Systems Security Management Professional (CISSP-ISSMP) • CyberSec First Responder (CFR) • Certified Chief Information Security Officer (CCISO) • BCR Cyber Technical Proficiency Testing Activity • $71,000 - $122,689 a year