Role Overview
The Security Consultant will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a strong understanding of framework requirements, perform audit/assessments, and develop reports for clients.
What You Will Do
Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients. Draft audit observations, autonomously lead interview and inquiry walkthroughs with clients, and assess security vulnerabilities against the appropriate security frameworks.
Why It Might Be a Fit
Must have strong written and verbal communication skills, ability to explain technical matters to a non-technical audience, and strong personal initiative to appropriately manage time and meet deadlines. Ability to build high-trust relationship and credibility quickly, and high attention to detail.
Requirements
- Minimum 2-3 years of experience in the IT industry
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
- Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
- Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
- Ability to lead testing sessions for assigned controls
- Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
- Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
- Read and interpret all control families
- Read and interpret firewall rulesets and network/boundary/data flow diagrams
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Strong personal initiative to appropriately manage time and meet deadlines
- Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
- Ability to build high-trust relationship and credibility quickly
- High attention to detail
- Ability to facilitate meetings to small or large groups
- Diplomatic and broad-minded
- Strong technical researcher
- Ability to travel up to 20%
- Must have one of the following certs: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information System Security Professional or Associate (CISSP or Associate), Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Officer (CISSO), CyberSec First Responder (CFR), CompTIA Advanced Security Practitioner Continuing Education (CASP+) Continuing Education (CE), CompTIA Cloud+ (Cloud+), Global Industrial Cyber Security Professional (GICSP), Securing Cisco Networks with Threat Detection Analysis (SCYBER), BCR Cyber Technical Proficiency Testing Activity
Benefits
- Paid parental leave
- Flexible time off
- Certification and training reimbursement
- Digital mental health and wellbeing support membership
- Comprehensive insurance options
Originally posted on