Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we've been on the cutting-edge of one of the world's most important industries - and we're committed to making the world a safer place by solving our clients' toughest security challenges.
We're growing rapidly and are currently seeking a Security Consultant to support our Sterling, Seattle, and Denver offices.
What you'll do
You'll facilitate Security Control Assessments (SCAs) and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments. To succeed in this position, you'll need a strong understanding of security-related system controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. You will work in a team atmosphere with an experienced Technical Project Lead, and you'll be assigned technical sections and be able to provide client-ready deliverables.
In this role, you will:
Execute, examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
Ensure cyber security policies are adhered to and that required controls are implemented
Validate respective information system security plans to ensure NIST control requirements are met
Develop resultant SCA documentation, including but not limited to the Security Assessment Report
Author recommendations associated with your findings on how to improve the customer's security posture in accordance with NIST controls
What you'll bring
Bachelor's degree (four-year college or university) or equivalent combination of education and experience
At least three (3) year of experience in the IT industry, with strong familiarity with the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3 or 4, and 800-53A Revision 1
Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
Ability to lead small, less complex system assessments independently
Ability to assist team members with proper artifact collection and detail to clients examples of artifacts that will satisfy assessment requirements
At least one of the following certifications: CISSP, CISA, PMP and/or Security+ certification
Experience reviewing Nessus output, along with basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft.
Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements
Why you'll want to join us
Coalfire's high energy, challenging, and fast-paced work environment will keep you engaged and motivated. Work-life balance is a core priority at Coalfire - we work hard and we play hard, and the two often overlap. We host family-friendly events and happy hours along with professional meetups and informal networking sessions, and we're active in our communities. Plus, we offer great benefits, including:
Health, dental, and vision insurance with an employer contribution
Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
A generous 401(k) plan
A corporate wellness program
A kitchen stocked with snacks, coffee, and tasty beverages
Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.