Role Overview
The Security Consultant will work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a strong understanding of framework requirements, perform audit/assessments, and develop reports for clients.
What You Will Do
Work collaboratively with a team of assessors as a federal compliance specialist (e.g. FedRAMP, NIST 800-171, FISMA, etc.) and assist with the planning of assessment for clients. Draft audit observations, autonomously lead interview and inquiry walkthroughs with clients, and assess security vulnerabilities against the appropriate security frameworks.
Why It Might Be a Fit
Must have strong written and verbal communication skills, ability to explain technical matters to a non-technical audience, and strong personal initiative to appropriately manage time and meet deadlines. Ability to build high-trust relationship and credibility quickly, and high attention to detail.
Requirements
- Minimum 2-3 years of experience in the IT industry
- Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience
- Publications 800-37 Revision 2, 800-53 Revision 5, and 800-53A Revision 5
- Technical and detailed understanding of NIST 800-53 Rev 5 AT, CA, CM, CP, IR, MA, MP, PE, PL, PS, RA, SA, SI control families
- Ability to lead testing sessions for assigned controls
- Ability to independently research a technical topic and develop logical testing approaches to validate 800-53 control implementations
- Ability to assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements
- Read and interpret all control families
- Read and interpret firewall rulesets and network/boundary/data flow diagrams
- Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
- Strong personal initiative to appropriately manage time and meet deadlines
- Strong Consulting skills; ability to advise and challenge the status quo while building strong relationships
- Ability to build high-trust relationship and credibility quickly
- High attention to detail
- Ability to facilitate meetings to small or large groups
- Diplomatic and broad-minded
- Strong technical researcher
- Ability to travel up to 20%
- Must have one of the following certs: Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Associate Cyber Security Operations (CCNA Cyber Ops), Cybersecurity Analyst (CySA+), GIAC Certified Incident Handler (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certif