Consultant Cyber Risk Advisory

Coalfire Reston , VA 20190

Posted 2 months ago

About Coalfire

Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we've been on the cutting-edge of one of the world's most important industries - and we're committed to making the world a safer place by solving our clients' toughest security challenges.

The Cyber Risk Advisory (CRA) Consultant will work as part of a team assessing the security and compliance of client firms to best provide advice on cybersecurity programs, industry requirements and standards, and support remediation activities. This role will have a strong understanding of framework requirements, perform assessments and interviews. They will develop plans, policies, and reports for clients. They will work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables.

We're growing rapidly and are currently seeking a Consultant to support our Cyber Risk Advisory business. #LI-Remote

What you'll do

  • Support and guide information risk and security discussions with technical and non-technical groups

  • Identify enterprise information security and compliance related problems and challenges; research and develop technical solutions to rectify them

  • Participate in design and operationalization of tactical response and recovery activities in the event of an information security breach

  • Provide guidance on the administration and maintenance of security systems infrastructure, applications, devices, tools and software services

  • Perform information risk, security and related compliance assessments, including testing of related controls

  • Develop and operationalize enterprise information security programs and related components

  • Assess cyber-related policy, procedures, legislation, and implementation directives

  • Assess and remediate compliance with industry statutes and regulations across multiple industries that are relevant to IT (e.g. PCI, SOX 404, HIPAA, FEDRAMP, GLB, CCPA, GDPR)

What you'll bring

  • At least 2 (2+) years working experience in cyber security, GRC, and cyber related risk management

  • Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions

  • Exposure to industry acclaimed information governance, risk and security standards/frameworks and professional practices (NIST, ISO, CIS Top 20, ISSA, etc.)

  • Knowledge of the typical enterprise risk and security operational practices

  • Knowledge of information security related solutions, tools and utilities

  • Bachelor's degree in Business Administration, Computer Science, Information Systems, Engineering or related field, or equivalent combination of education and experience

Bonus Points

  • CISM, CISSP, CISA, CGEIT, or CRISC certification(s)

  • DevSec Ops Experience

  • Cyber Incident Response Experience

  • AWS, Azure, Google Cloud Platform certification(s)

Why you'll want to join us

Our people make Coalfire great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve. Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. We're connected by our desire to innovate and our goal of helping to make the world a more secure place.

Coalfire's high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire - we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we're active in our communities. Plus, we offer great benefits, including:

  • Health, dental, and vision insurance with an employer contribution

  • Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)

  • A generous 401(k) plan

  • Stock Appreciation Rights (SARs)

  • A corporate wellness program

  • Tuition reimbursement

  • A kitchen stocked with snacks, coffee, and tasty beverages

Coalfire is anEEO employer. We celebrate diversity andare committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees. #LI-GB1

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Security Project Engineer (Active) Ts/Sci W Poly

Twinn Intelligence Group

Posted Yesterday

VIEW JOBS 12/5/2020 12:00:00 AM 2021-03-05T00:00 <span style="color:#FF0000;"><strong>***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered</strong> <strong>*****</strong></span><br />  <br />  Cyber Security Project Engineer should have experience in: <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Provide analysis of vulnerability results and suggesting mitigation plans for security problems.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Use and evaluate vulnerability tools such as, Nessus, AppDetective and WebInspect.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Use and evaluate incident response tools such as, HP Fortify and McAfee ePO.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Use and evaluate auditing tools such as Splunk.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Understand cloud based infrastructure as a service technologies (Amazon Web Services experience preferred).</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assist in the evaluation and analysis of AWS cloud services and tools from a security risk perspective.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assist in providing security guidance for internal Sponsor documentation.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Provide analysis of vulnerabilities identified by compliance tools.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Conduct TEM’s to verify and validate systems against NIST, RMF Sponsor internal security regulations.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assist in researching, evaluating, and developing relevant Information Security policies and guidance.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Brief management, as needed, on the status of the system and/or risk mitigation activities.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing and provide recommendations for risk decisions to Sponsor.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Provide enhancement capabilities and SOPs to assessment operations for execution and implementation.</li> </ul> <span style="color:#FF0000;"><strong>***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered</strong> <strong>*****</strong></span><br />  <br /> The Cyber Security Project Engineer shall have the following required skills and demonstrated experience:<br />   <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience in understanding, applying, and testing IT systems against NIST 800-53/A and (DISA) Industry Standards.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience with cyber security policies and guidance, and research, evaluation, and development of relevant security policies and guidance.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience providing analysis of vulnerability results and suggesting mitigation plans for security problems.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience using Nessus, AppDetective and WebInspect.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience using HP Fortify, McAfee ePO and other incident response tools.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience using auditing tools such as Splunk.</li> </ul> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience using Linux, Windows, Wireless and Virtual Platforms.</li> </ul> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience with cloud based infrastructure as a service technologies (Amazon Web Services experience preferred).</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Demonstrated experience securing and providing risk mitigations for systems and applications in the AWS cloud environment.</li> </ul>  <br /> Other demonstrated experiences which are highly desired, though not required, include:<br />   <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience and knowledge of the Microsoft Cloud (Azure).</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">System configuration, development and design, specifically around enterprise systems.</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience with written and oral communication skills in responding to email, telephone and/or in person inquiries from organizational personnel.</li> </ul> <span style="color:#FF0000;"> <strong>***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered</strong> <strong>*****</strong></span><br /> <br /> At least <strong>one</strong> of the following certifications is highly desired:<br /> ISACA Certified Information Systems Auditor (CISA);<br /> Certified Authorization Professional (CAP);<br /> ISC<br /> Certified Cloud Security Professional (CCSP);<br /> Certified Information Systems Security Professional (CISSP);<br /> ISACA<br /> Certified Information Security Manager (CISM)<br /> PMI Project Management Professional (PMP) certification;<br /> Relevant hands-on technical certification (e.g., Microsoft MCSE); ITIL Foundation certification;<br /> Oracle Database Introduction to SQL;<br /> Certificate of Cloud Security Knowledge (CCSK). Twinn Intelligence Group Reston Va

Consultant Cyber Risk Advisory

Coalfire