Consultant, FedRAMP Assessment

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

The Security Consultant will work as part of a team assessing the security and compliance of Coalfire’s client – a major cloud service offering against regulatory and industry requirements and standards, with a focus on FedRAMP and related federal frameworks. This mid-level role will have a strong understanding of framework requirements, perform assessment activities, and contribute to reports for clients and deep analytical skills.

What You'll Do

• Partner with a team of assessors as a compliance subject matter expert in at least one domain and contribute to client assessment planning
• Draft audit programs that address both regulatory requirements and the complexity of client environments.
• Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
• Analyze security vulnerabilities against the appropriate security frameworks
• Perform remote reviews of client-provided documentation; identify and flag items for follow-up or clarification
• Evaluate client evidence for compliance across various standards
• Prepare, review, and contribute to formal assessment reports
• Clearly communicate compliance concepts and recommendations to clients
• Ensure high-quality deliverables are provided on time, aligned with Coalfire's standards
• Pursue ongoing professional development; maintain current industry certifications and subject matter expertise
• Execute assessment procedures, including interviews and technical testing, aligned with applicable controls
• Review and assess respective information system security plans (SSP) to ensure control requirements are met
• Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
• Take ownership of assigned responsibilities, demonstrating accountability and initiative in driving tasks to completion with minimal oversight.
• Apply analytical thinking to identify trends, evaluate compliance effectiveness, and support data-driven decision-making.
• Actively contribute to the evolution of compliance assessment practices, providing input and feedback to enhance methodology.
• Collaborate with internal teams to develop tools, templates, and repeatable processes that streamline workflows and increase operational efficiency.
• Is team oriented and supports the overall teams development and contributes to the culture

What You'll Bring

• Minimum 2-3 years of experience in the Cloud Technology or IT Audit industry,
• Strong familiarity with the NIST Special Publications 800-37, 800-53, and 800-53A desired
• Familiarity with major cloud service offerings (AWS, Azure, Google Cloud)
• Read and interpret all NIST control families, understand risks associated with specific controls.
• Familiarity with  or other comparable frameworks (PCI, SOC, HITRUST etc) authorization process.
• Growing ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
• Proficient ability to assist with artifact collection and validation against requirements
• Basic proficiency at interpreting technical evidence like cloud configurations and network/boundary/data flow diagrams 
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience 
• Strong personal initiative to appropriately manage time and meet deadlines 
• Strong Consulting skills: ability to advise, challenge the status quo while building strong relationships, credible writing and verbal communicator 
• High attention to detail  
• Diplomatic and broad minded 
• Ability to travel up to 20%

Bonus Points

• CISSP (or Associate), CISA, CCSP, Cloud+, CySA+, CASP+, or other R311 required "3PAO Junior Assessor" cybersecurity certification. BCR desired completion, but not required.
• Cloud certifications demonstrating basic cloud proficiency preferred: AWS Cloud Practitioner, Azure Fundamentals, Google Foundational
• Expertise in other security frameworks area positive but not required (SOC 2, ISO, NIST RMF or FISMA, COBIT, HIPAA/HITECH, HITRUST or PCI).
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• Experience reviewing Nessus output a plus, along with basic knowledge of networking components and various operating  systems in a cloud environment, including UNIX and Microsoft. 

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].