Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.
About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that's not who we are – that's just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. Position Summary The Security Consultant participates in compliance-related engagements identifying gaps, advising, developing compliance documentation, and evaluating the security and compliance of client systems and services to meet regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a developing understanding of framework requirements, perform security evaluations and/or consulting, and develop reports for clients. They will collaborate with Project Managers, Directors and other Delivery team members to effectively execute project timelines and associated deliverables.
What You'll Do
Conduct advisory projects including workshops, gap analyses, system security plan development, policies and procedures development, risk assessments, and other consulting services as required.
Collect and interpret information provided by clients, map to appropriate requirements and collaborate with project leads to determine overall level of compliance.
Manage priorities and tasks to achieve delivery utilization targets.
Ensure quality products and services are delivered on time.
Ensure continuous professional development by maintaining industry specific certifications.
Maintain strong depth of knowledge in the practice area.
Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
Establish and maintain positive collaborative relationships with clients and stakeholders
Provide IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, 800-171, OMB memos, ISO, HITRUST, HIPAA, PCI, or other authoritative IT security guidance.
Assist with the development of System Security Plans, Configuration Management, IT Contingency, and Incident Response Plans Information System Security Policies, Rules of Behavior, Privacy Impact Analyses, and FIPS 199 categorization in accordance with NIST requirements
Assist with the development of ISO, HITRUST, HIPAA, or PCI related documentation and prepare customers for associated assessments.
Assist with the identification of information security problems and challenges and research and develop technical solutions to rectify them
Interpret and provide guidance on all non-technical FedRAMP security controls.
Travel 25%
Remote or Standard office environment
What You'll Bring
3+ years of experience as a consultant within professional IT services
Bachelor's degree in (four-year college or university) in IT or business, or equivalent combination of education and work experience
Working knowledge of virtualization or cloud technologies
Working knowledge of client-server and traditional on-premises architecture
Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, GLB, Patriot Act)
Knowledge of information security related solutions, tools, and utilities
2+ years of experience working with one or more of the following:
Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS)
ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019)
ISO/IEC ISO/IEC 9001:2015
System and Organization Controls (SOC) 2
National Institute of Standards and Technology (NIST) frameworks (800 series)
HITRUST framework
Health Insurance Portability and Accountability Act (HIPAA)
Health Information Technology for Economic and Clinical Health Act (HITECH)
FISMA
FedRAMP
DoD RMF
Dependent on the framework(s) you will be supporting you must have one or more of the following:
ISO: ISO/IEC 27001 Lead Auditor
Healthcare: Certified CSF Practitioner = CCSFP
PCI: Qualified Security Assessor (QSA)
FedRAMP: At least one of the preferred certifications listed below
Bonus Points
Security+
Certified Information Systems Auditor (CISA)
Certificate of Cloud Security Knowledge (CCSK)
ISO 9001:2015 Lead Auditor
Certified Information Systems Security Professional (CISSP)
Certified Information Privacy Professional (CIPP/US)
CAP
CISM
CCSP
CRISC
CCISO
AWS/GCP/Azure specific certifications
The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. Why You'll Want to Join Us At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively – whether you're at home or an office. Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at HumanResourcesMB@coalfire.com. Bonus Points